[Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack"Activity

wbeckham wbeckham at yahoo.com
Wed Oct 1 21:53:12 GMT 2003

Trusecure had an advisory along the same lines this morning, but no more
detail that what's given below.

- WB

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Kenton Smith
Sent: Wednesday, October 01, 2003 2:45 PM
To: list at dshield.org
Subject: [Dshield] CA eTrust TARGET Advisory - Monitoring New

Anyone have any insight on this? I don't run any Windows DNS servers
externally, however it looks as though this happens through IE, so may
affect any Windows DNS server.

They list a CERT advisory note - IN-2003-04, but this doesn't say anything
specifically about the DNS thing.


Computer Associates
Channel Flash

Virus Information CenterSecurity Advisory:
eTrust TARGET Tracking 
Suspicious Network Activity
Computer Associates (CA) eTrust Threat Analysis and Response Global
Emergency Team (TARGET) is currently tracking and researching a new
suspicious network activity that has received some attention on NTBugTraq.
This suspicious activity involves involuntary changes to the DNS server
settings on Windows 2000 and XP (not an exhaustive list). 

At this time, we are advising our customers to monitor for such suspicious
changes and report them to our support organization. Additionally,
monitoring the Windows Registry on critical servers for changes is another
potential warning that this activity is affecting your network. Early
analysis indicates this change may be the result of the execution of a
script after visiting a certain website. 

Please visit the eTrust TARGET Information Center for additional information
as CA's global research teams tracks this activities progress.

eTrust TARGET - Islandia, NY


If you would like us to remove your name from this mail list, please send an
email to listserv at listserv.ca.com with the text "SIGNOFF Channel-Partner" in
the body of the email and leave the Subject field empty. 
Computer Associates

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list