FYI, I put the suspect file up at http://www.bblabs.com/dns.exe
Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 08, 2003 2:37 PM To: Chris Lewis Cc: [EMAIL PROTECTED] Subject: Re: dns.exe virus? > Christopher J. Wolff wrote: > > > Chris, > > > > It was really odd. Here is an example of what the two hosts .3 and .4 > > were up to. > > For grins, I ran that through our blacklist tool to see what it coughed up. > > Nothing was on our blacklists. > > Had rDNS's like *.google.com, *.akamai.com, sprintbbsd, > ns2.granitecanyon.com, DNS root servers and a few non-resolving IPs. > > DNS resolution loop perchance? From here, they all show up in the logs attemptin dynamic updates of the in-addr.arpa domain. :) Time to suck pkts... although I 'spect they are trying to perform stupid DNS tricks like: floss.local.in-addr.arpa. A 10.10.10.10 --bill
