[Dshield] QHOSTS-1 - DNS/Hosts file issues

Alan Frayer afrayer at frayernet.com
Thu Oct 2 15:32:47 GMT 2003


In attempting to understand this situation, I need to ask a question:

On Thu, 2003-10-02 at 10:35, wbeckham wrote:
> I got the following from Trusecure this morning.  
> 
> - WB
> 
> ---------------------------------
> TruSecure Radar Notice

[snip]

> Summary:
> Yesterday TruSecure began to observe evidence of an active attack against
> users of Internet Explorer 6.0. The attack comprised of a banner, hosted by
> FortuneCity.com, which in turn used JavaScript to redirect the self-closing
> "pop-under" banner to a site hosted by EV1.NET (Everyone's Internet.) An
> EV1.NET site then delivered executable code which in turn invoked the HTA
> vulnerability.  

Would blocking the IP address of the EV1.NET site from outbound traffic
defeat this attack? If so, this strikes me as much more time efficient
than visiting each PC and turning off scripting, etc.

________________________________________________________________________
Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region
If you would like to discuss an opportunity with me, please e-mail.





More information about the list mailing list