Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DNS abnormalitities

Published: 2003-10-01
Last Updated: 2003-10-02 13:10:38 UTC
by Handlers (Version: 1)
0 comment(s)

**** UPDATE ****
The odd DNS issues are likely caused by the QHosts-1 Trojan. For details see:;virus_k=100719
As initially posted to the SANS intrustions list, some sites observe an increase
in abnormal DNS queries. For the original post, see

A likely related issue has been reported to NT Bugtraq:

Here, a user reported that "Various Windows 2000 professional workstations are changing the DNS servers they are configured to use". The new DNS server, and, is hosted by 'Everyone's Internet Inc.', (

This user did report suspicous changes to the registry:


"r0x"="your s0x"






for more details, see this NT Bugtraq post:

If you would like to share any related logs, please send them to
0 comment(s)
Diary Archives