Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: [Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack"Activity
.

  • To: "General DShield Discussion List" <[EMAIL PROTECTED]>
  • Subject: RE: [Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack"Activity
  • From: "Thor Larholm" <[EMAIL PROTECTED]>
  • Date: Wed, 1 Oct 2003 15:21:33 -0700
  • Old-x-envelope-to: [EMAIL PROTECTED]
  • Reply-to: General DShield Discussion List <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
  • Thread-index: AcOIZlZh9RQhaUvYTlKkXaQXC9tUsAAA97+Q
  • Thread-topic: [Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack"Activity
.
 
This is caused by an exploit based on the Object Data vulnerability
variant which still remains unpatched. Once infected, the users HOSTS
file is changed to redirect mistyped queries and his DNS server settings
are changed.

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A1=ind0310&L=ntbugtraq



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities


-----Original Message-----
From: Kenton Smith [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 01, 2003 2:45 PM
To: [EMAIL PROTECTED]
Subject: [Dshield] CA eTrust TARGET Advisory - Monitoring New
"Attack"Activity


Anyone have any insight on this? I don't run any Windows DNS servers
externally, however it looks as though this happens through IE, so may
affect any Windows DNS server.

They list a CERT advisory note - IN-2003-04, but this doesn't say
anything specifically about the DNS thing.

Kenton

Computer Associates
Channel Flash

Virus Information CenterSecurity Advisory:
eTrust TARGET Tracking 
Suspicious Network Activity
Computer Associates (CA) eTrust Threat Analysis and Response Global
Emergency Team (TARGET) is currently tracking and researching a new
suspicious network activity that has received some attention on
NTBugTraq. This suspicious activity involves involuntary changes to the
DNS server settings on Windows 2000 and XP (not an exhaustive list). 

At this time, we are advising our customers to monitor for such
suspicious changes and report them to our support organization.
Additionally, monitoring the Windows Registry on critical servers for
changes is another potential warning that this activity is affecting
your network. Early analysis indicates this change may be the result of
the execution of a script after visiting a certain website. 

Please visit the eTrust TARGET Information Center for additional
information as CA's global research teams tracks this activities
progress.

Regards,
eTrust TARGET - Islandia, NY


 

If you would like us to remove your name from this mail list, please
send an email to [EMAIL PROTECTED] with the text "SIGNOFF
Channel-Partner" in the body of the email and leave the Subject field
empty. 
Computer Associates

_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.