RE: Unknown Hosts file

From: BRAD GRIFFIN (b.griffin@cqu.edu.au)
Date: 04/02/02


From: BRAD GRIFFIN <b.griffin@cqu.edu.au>
To: incidents@securityfocus.com
Date: Tue, 2 Apr 2002 12:22:42 +1000 

Hi David

Possibly lop.com (IIRC). This site is notorious for modifiying registry settings, plus WWW related files to point to pr0n and other sites of dubious reputation. Don't go to lop without all scripting etc disabled in the browser.

> -----Original Message-----
> From: David Tan [mailto:dtan@chipscc.com]
> Sent: Tuesday, 2 April 2002 10:31
> To: incidents@securityfocus.com
> Subject: Unknown Hosts file
>
>
>
>
> I have a client machine running Windows 2000
> Professional. All of a sudden, one day, the user was
> unable to access several of the most popular
> websites (i.e. google, yahoo, cnn, etc.). I noticed that
> the machine was attempting to access the wrong IP
> address for all the websites, in fact, it was attempting
> to access the SAME IP address for every website in
> the group. After some research, I found there was a
> Hosts file with all the domains in question listed, and
> the erroneous IP address. Has anyone ever come
> accross an incident where a virus or trojan would
> place a Hosts file onto a system. I have thoroughly
> scanned the machine for viruses, open ports, etc.
> and found nothing. Is there anything else I should be
> on the lookout for?
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Unknown Hosts file
    ... address for all the websites, in fact, it was attempting ... place a Hosts file onto a system. ... For more information on this free incident handling, ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: Unknown Hosts file
    ... > address for all the websites, in fact, it was ... Do You Yahoo!? ... For more information on this free incident handling, ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: Unknown Hosts file
    ... The Hosts file is mainly meant to be used on a LAN; ... > address for all the websites, in fact, it was attempting ... > For more information on this free incident handling, ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: where are the newsgroups???
    ... All other websites are fine. ... >If you have any other thoughts on what is happening to the DNS, ... Spyware Info: ... Block possibly dangerous websites with a Hosts file. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Browser Back Button
    ... AdAware, CWShredder, and Spybot S&D have install routines - run them. ... Spyware Warrior: ... Block Internet Explorer ActiveX scripting from dangerous websites (Restricted ... Block possibly dangerous websites with a Hosts file. ...
    (microsoft.public.windowsxp.network_web)