Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup

To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
From: Paul Wouters <paul@xxxxxxxxx>
Date: Mon, 17 Apr 2006 22:49:14 +0200 (CEST)
Cc: Derek Soeder <dsoeder@xxxxxxxx>, Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
In-reply-to: <C0668BE6.2DFA%thor@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <C0668BE6.2DFA%thor@xxxxxxxxxxxxxxx>

On Sat, 15 Apr 2006, Thor (Hammer of God) wrote:

It's a simple method to bypass malicious host file modification.  Probably
in response to malware like MyDoom, which specifically altered the hosts
file to keep clients from accessing AV sites ( go.microsoft.com was also
specifically included in MyDoom as well.)


Sure. And instead of everyone whining about this, they should prepare
their DNSSEC setup so microsoft can secure their zone and can rely on
the resolver to use DNSSEC to prevent these types of malware traps.

Paul

References:
- Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
  - From: Thor (Hammer of God)

Prev by Date: Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance
Next by Date: Re: phpBB Admin command execution
Previous by thread: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
Next by thread: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
Index(es):
- Date
- Thread