[Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack" Activity

Kenton Smith ksmith at chartwelltechnology.com
Wed Oct 1 21:45:11 GMT 2003

Anyone have any insight on this? I don't run any Windows DNS servers
externally, however it looks as though this happens through IE, so may
affect any Windows DNS server.

They list a CERT advisory note - IN-2003-04, but this doesn't say
anything specifically about the DNS thing.


Computer Associates
Channel Flash

Virus Information CenterSecurity Advisory:
eTrust TARGET Tracking 
Suspicious Network Activity
Computer Associates (CA) eTrust Threat Analysis and Response Global
Emergency Team (TARGET) is currently tracking and researching a new
suspicious network activity that has received some attention on
NTBugTraq. This suspicious activity involves involuntary changes to the
DNS server settings on Windows 2000 and XP (not an exhaustive list). 

At this time, we are advising our customers to monitor for such
suspicious changes and report them to our support organization.
Additionally, monitoring the Windows Registry on critical servers for
changes is another potential warning that this activity is affecting
your network. Early analysis indicates this change may be the result of
the execution of a script after visiting a certain website. 

Please visit the eTrust TARGET Information Center for additional
information as CA's global research teams tracks this activities

eTrust TARGET - Islandia, NY


If you would like us to remove your name from this mail list, please
send an email to listserv at listserv.ca.com with the text "SIGNOFF
Channel-Partner" in the body of the email and leave the Subject field
Computer Associates

More information about the list mailing list