Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: DNS abnormalitities SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DNS abnormalitities

**** UPDATE ****
The odd DNS issues are likely caused by the QHosts-1 Trojan. For details see:;virus_k=100719
As initially posted to the SANS intrustions list, some sites observe an increase
in abnormal DNS queries. For the original post, see

A likely related issue has been reported to NT Bugtraq:

Here, a user reported that "Various Windows 2000 professional workstations are changing the DNS servers they are configured to use". The new DNS server, and, is hosted by 'Everyone's Internet Inc.', (

This user did report suspicous changes to the registry:


"r0x"="your s0x"






for more details, see this NT Bugtraq post:

If you would like to share any related logs, please send them to

76 Posts
Oct 2nd 2003

Sign Up for Free or Log In to start participating in the conversation!