October 2nd, 2003, 08:11 AM
Odd DNS Traffic sparks interest
Source: Internet Storm Center Diary
The odd DNS issues are likely caused by the QHosts-1 Trojan
October 2nd, 2003, 01:52 PM
From Security Wire Digest:
*MYSTERIOUS MALWARE HITS DNS SERVERS
Malicious code—possibly related to the Microsoft Internet Explorer 'object
type' vulnerability—is changing local DNS settings to random numbers. As a
result, it makes all DNS-dependent applications, such as e-mail, Web
access and internal servers unavailable.
By presstime it was too early to say if the malware was only Web-based or
if a worm or virus was involved. Network Associates reported the problem is being caused by a Trojan, but other antivirus researchers couldn't corroborate the findings.
Security experts say that to fix the problem, clients need to be changed
to get DNS from DHCP and rebooted. No patch is available to fix the flaw
but Microsoft recommends changing IE Internet security zone settings to
prompt them before running ActiveX components.
For continuing coverage, please see: