[Dshield] QHOSTS-1 - DNS/Hosts file issues

John Hardin johnh at aproposretail.com
Thu Oct 2 16:28:57 GMT 2003


On Thu, 2003-10-02 at 07:35, wbeckham wrote:
> Summary:
> Yesterday TruSecure began to observe evidence of an active attack against
> users of Internet Explorer 6.0. The attack comprised of a banner, hosted by
> FortuneCity.com, which in turn used JavaScript to redirect the self-closing
> "pop-under" banner to a site hosted by EV1.NET (Everyone's Internet.) An
> EV1.NET site then delivered executable code which in turn invoked the HTA
> vulnerability.  

So, anybody know any URLs for these that we can (at least temporarily)
block at the proxy?

--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  There is no problem that cannot be solved by the appropriate
  application of high explosives.
-----------------------------------------------------------------------
 34 days until Matrix Revolutions




More information about the list mailing list