[Dshield] CA eTrust TARGET Advisory - Monitoring New "Attack"Activity
thor at pivx.com
Wed Oct 1 22:21:33 GMT 2003
This is caused by an exploit based on the Object Data vulnerability
variant which still remains unpatched. Once infected, the users HOSTS
file is changed to redirect mistyped queries and his DNS server settings
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities
From: Kenton Smith [mailto:ksmith at chartwelltechnology.com]
Sent: Wednesday, October 01, 2003 2:45 PM
To: list at dshield.org
Subject: [Dshield] CA eTrust TARGET Advisory - Monitoring New
Anyone have any insight on this? I don't run any Windows DNS servers
externally, however it looks as though this happens through IE, so may
affect any Windows DNS server.
They list a CERT advisory note - IN-2003-04, but this doesn't say
anything specifically about the DNS thing.
Virus Information CenterSecurity Advisory:
eTrust TARGET Tracking
Suspicious Network Activity
Computer Associates (CA) eTrust Threat Analysis and Response Global
Emergency Team (TARGET) is currently tracking and researching a new
suspicious network activity that has received some attention on
NTBugTraq. This suspicious activity involves involuntary changes to the
DNS server settings on Windows 2000 and XP (not an exhaustive list).
At this time, we are advising our customers to monitor for such
suspicious changes and report them to our support organization.
Additionally, monitoring the Windows Registry on critical servers for
changes is another potential warning that this activity is affecting
your network. Early analysis indicates this change may be the result of
the execution of a script after visiting a certain website.
Please visit the eTrust TARGET Information Center for additional
information as CA's global research teams tracks this activities
eTrust TARGET - Islandia, NY
If you would like us to remove your name from this mail list, please
send an email to listserv at listserv.ca.com with the text "SIGNOFF
Channel-Partner" in the body of the email and leave the Subject field
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list