RE: Global DNS Cache poisoning?
From: Hubbard, Dan (dhubbard_at_websense.com)
Date: 03/04/05
- Previous message: Federated Information Security: "RE: Odd typing in MSWord"
- Maybe in reply to: Russell Guthrie: "Global DNS Cache poisoning?"
- Next in thread: lasnews: "Re: Global DNS Cache poisoning?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Mar 2005 13:30:45 -0800 To: "Russell Guthrie" <rguthrie@humana.com>, <incidents@securityfocus.com>
We posted this information earlier today:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=144
From our site:
"We have investigated the sites that are reporting to direct users to
malicious websites. These sites attempt to download and install code and
an Active X piece called "ABC Search Webinstall." The name of the
executable is "mhh.exe." Websense(r) Security LabsTM is investigating
its behavior." The mhh.exe installs a toobar from BestToolbars.net.
Homepage and search engine settings are changed.
As far as proof of the poisoning, we have not witnessed any name lookups
ourselves but we have seen large increases in the number of users
visiting some of the sites listed in the SANS details. In particular:
http://www.7sir7.com/abx_search_webinstall/download.html
Internet Storm Center Details:
http://isc.sans.org//index.php
-----Original Message-----
From: Russell Guthrie [mailto:rguthrie@humana.com]
Sent: Friday, March 04, 2005 11:26 AM
To: incidents@securityfocus.com
Subject: Global DNS Cache poisoning?
SANS is reporting a potential DNS cache poisoning. Has anyone heard or
seen anything to confirm this?
- Previous message: Federated Information Security: "RE: Odd typing in MSWord"
- Maybe in reply to: Russell Guthrie: "Global DNS Cache poisoning?"
- Next in thread: lasnews: "Re: Global DNS Cache poisoning?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
