[Dshield] new virus

Anthony Rodgers Anthony_Rodgers at dnv.org
Fri Dec 9 22:35:42 GMT 2005


; <<>> DiG 9.2.2 <<>> www.symantec.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59729
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 9, ADDITIONAL: 7

;; QUESTION SECTION:
;www.symantec.com.              IN      A

;; ANSWER SECTION:
www.symantec.com.       14      IN      CNAME   www.symantec.d4p.net.
www.symantec.d4p.net.   1760    IN      CNAME   
symantec.georedirector.akadns.net.
symantec.georedirector.akadns.net. 1604 IN CNAME a568.d.akamai.net.
a568.d.akamai.net.      2       IN      A       208.38.45.217
a568.d.akamai.net.      2       IN      A       208.38.45.223
a568.d.akamai.net.      2       IN      A       208.38.45.206
a568.d.akamai.net.      2       IN      A       208.38.45.207
a568.d.akamai.net.      2       IN      A       208.38.45.208
a568.d.akamai.net.      2       IN      A       208.38.45.209

;; AUTHORITY SECTION:
d.akamai.net.           1546    IN      NS      n3d.akamai.net.
d.akamai.net.           1546    IN      NS      n4d.akamai.net.
d.akamai.net.           1546    IN      NS      n5d.akamai.net.
d.akamai.net.           1546    IN      NS      n6d.akamai.net.
d.akamai.net.           1546    IN      NS      n7d.akamai.net.
d.akamai.net.           1546    IN      NS      n8d.akamai.net.
d.akamai.net.           1546    IN      NS      n0d.akamai.net.
d.akamai.net.           1546    IN      NS      n1d.akamai.net.
d.akamai.net.           1546    IN      NS      n2d.akamai.net.

;; ADDITIONAL SECTION:
n0d.akamai.net.         1637    IN      A       12.129.72.202
n1d.akamai.net.         1903    IN      A       12.129.72.203
n2d.akamai.net.         1981    IN      A       12.129.72.213
n3d.akamai.net.         664     IN      A       12.129.72.218
n4d.akamai.net.         204     IN      A       12.129.72.219
n5d.akamai.net.         664     IN      A       12.129.72.202
n6d.akamai.net.         1637    IN      A       65.118.151.91

;; Query time: 43 msec
;; SERVER: 204.239.10.3#53(204.239.10.3)
;; WHEN: Fri Dec  9 14:34:57 2005
;; MSG SIZE  rcvd: 510

On Dec 9, 2005, at 10:41 AM, Martin Forest wrote:

> Is anyone able to resolve www.symantec.com?
> I have used both my windows and linux computers, connected to local, 
> isp 
> and root servers in apac but noone seems to be able to resolve 
> symantec...
> Symantecs av seems to be able to connect to 
> liveupdate.symantecliveupdate.com that do resolve.
> /Martin Forest
>
>
> On Sat, 10 Dec 2005 07:18:10 +1300, Isaac Perez 
> <suscripcions at tsolucio.com> wrote:
>
> > I do it now and no AV found anything.
> > I'm not sure waht it does, but if it's not a virus I change my job.
> > Because it's very suspicious.
> > El vie, 09-12-2005 a las 16:00 +0000, stu escribió:
> >> Out of interest have you ran this through virus total?
> >>
> >> http://www.virustotal.com/flash/index_en.html
> >>
> >> -----Original Message----
> >> I just received an email from "microsoft" that claims to be an 
> important
> >>
> >> update to stop spyware.
> >> And you should install it, of course.
> >> I attach the file zipped and with the password danger.
> >> My nod32 don't detect it.
> >>
> >>
> >> _________________________________________
> >> Using .Net? Need to know more about .Net Security?
> >> http://isc.sans.org/banner_count.php?dest=dotnet
> >>
> >> _______________________________________________
> >> send all posts to list at lists.dshield.org
> >> To change your subscription options (or unsubscribe), see: 
> >> http://www.dshield.org/mailman/listinfo/list
> >
> > _________________________________________
> > Using .Net? Need to know more about .Net Security?
> > http://isc.sans.org/banner_count.php?dest=dotnet
> >
> > _______________________________________________
> > send all posts to list at lists.dshield.org
> > To change your subscription options (or unsubscribe), see: 
> > http://www.dshield.org/mailman/listinfo/list
>
>
>
> -- 
> If you take copy protection too far, the only customers you will have 
> are 
> the ones that intend to sell illegal copies of your work. By: Martin 
> Forest
> Warning: DRM/BMG protected CD’s are likely to infect you with a 
> Rootkit.
>
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list