On Wed, Nov 25, 2009 at 3:06 PM, Sad Clouds
<cryintotheblue...@googlemail.com> wrote:
> Hello Solaris developers, I need help with diagnosing possible malware,
> which seems to be originating from Solaris shared library.
>
> The problem occurs when I submit a URL that doesn't exist. Instead of
> returning an error, it seems Solaris resolver returns IP addresses of
> webserver which redirect HTTP requests to web pages filled with Google adds,
> etc. So, somebody is making money form all these redirects.
>
I'd start from comparing /etc/resolv.conf on both "good" and "bad" hosts
and then would check the output of
host -v www.nowaynosuchhost.com
--
Regards,
Cyril
_______________________________________________
opensolaris-code mailing list
opensolaris-code@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
