Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: [Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack"Activity
.

  • To: "'General DShield Discussion List'" <[EMAIL PROTECTED]>
  • Subject: RE: [Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack"Activity
  • From: "wbeckham" <[EMAIL PROTECTED]>
  • Date: Wed, 1 Oct 2003 14:53:12 -0700
  • In-reply-to: <[EMAIL PROTECTED]>
  • Old-x-envelope-to: [EMAIL PROTECTED]
  • Reply-to: General DShield Discussion List <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
Trusecure had an advisory along the same lines this morning, but no more
detail that what's given below.

- WB

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Kenton Smith
Sent: Wednesday, October 01, 2003 2:45 PM
To: [EMAIL PROTECTED]
Subject: [Dshield] CA eTrust TARGET Advisory - Monitoring New
"Attack"Activity


Anyone have any insight on this? I don't run any Windows DNS servers
externally, however it looks as though this happens through IE, so may
affect any Windows DNS server.

They list a CERT advisory note - IN-2003-04, but this doesn't say anything
specifically about the DNS thing.

Kenton

Computer Associates
Channel Flash

Virus Information CenterSecurity Advisory:
eTrust TARGET Tracking 
Suspicious Network Activity
Computer Associates (CA) eTrust Threat Analysis and Response Global
Emergency Team (TARGET) is currently tracking and researching a new
suspicious network activity that has received some attention on NTBugTraq.
This suspicious activity involves involuntary changes to the DNS server
settings on Windows 2000 and XP (not an exhaustive list). 

At this time, we are advising our customers to monitor for such suspicious
changes and report them to our support organization. Additionally,
monitoring the Windows Registry on critical servers for changes is another
potential warning that this activity is affecting your network. Early
analysis indicates this change may be the result of the execution of a
script after visiting a certain website. 

Please visit the eTrust TARGET Information Center for additional information
as CA's global research teams tracks this activities progress.

Regards,
eTrust TARGET - Islandia, NY


 

If you would like us to remove your name from this mail list, please send an
email to [EMAIL PROTECTED] with the text "SIGNOFF Channel-Partner" in
the body of the email and leave the Subject field empty. 
Computer Associates

_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.