[Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack" Activity
ksmith at chartwelltechnology.com
Wed Oct 1 21:45:11 GMT 2003
Anyone have any insight on this? I don't run any Windows DNS servers
externally, however it looks as though this happens through IE, so may
affect any Windows DNS server.
They list a CERT advisory note - IN-2003-04, but this doesn't say
anything specifically about the DNS thing.
Virus Information CenterSecurity Advisory:
eTrust TARGET Tracking
Suspicious Network Activity
Computer Associates (CA) eTrust Threat Analysis and Response Global
Emergency Team (TARGET) is currently tracking and researching a new
suspicious network activity that has received some attention on
NTBugTraq. This suspicious activity involves involuntary changes to the
DNS server settings on Windows 2000 and XP (not an exhaustive list).
At this time, we are advising our customers to monitor for such
suspicious changes and report them to our support organization.
Additionally, monitoring the Windows Registry on critical servers for
changes is another potential warning that this activity is affecting
your network. Early analysis indicates this change may be the result of
the execution of a script after visiting a certain website.
Please visit the eTrust TARGET Information Center for additional
information as CA's global research teams tracks this activities
eTrust TARGET - Islandia, NY
If you would like us to remove your name from this mail list, please
send an email to listserv at listserv.ca.com with the text "SIGNOFF
Channel-Partner" in the body of the email and leave the Subject field
More information about the list