Interesting question.

I don't know of such a program by hand. But I was thinking of the question.

I think it all depends on how you look at it. Is this client (the one that's gonna get his dns changed) on a domain network or is it a stand alone client. Does the user have admin rights or not.

If he's on a domain you can enforce policies, if he's not you can still enforce policies but local. Or try not to use an admin account. I do this even at home ... Use a normal account for surfing the waves and email and stuff. I don't have the rights to change my IP-settings and stuff. I don't know if the trojan can reset the the DNS if the account that is logged on doesn't have admin rights ?

Offcourse this only works on windows machines like XP or W2K(3) as far as I know (not on W98 or ME)... I'm sure you can do the same thing on any Linux or Unix machine though(Does the Trjoan work on Linux or Unix machines?) ?!

I'll read up on this trojan and adjust the post if it doesn't require admin rights to change the DNS but I was thinking it did.

C.

[EDIT] Well I've seen it changes a registry setting, so I know there are programs that can monitor this, as well as scripts that are available that monitor this This one for example.

Does that help ? I think it does a little bit , you have control on when something gets changed... You can even alternate the script and let it send an email or something. [\EDIT]