<<< Date Index >>>     <<< Thread Index >>>

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup



On Sat, 15 Apr 2006, Thor (Hammer of God) wrote:

It's a simple method to bypass malicious host file modification.  Probably
in response to malware like MyDoom, which specifically altered the hosts
file to keep clients from accessing AV sites ( go.microsoft.com was also
specifically included in MyDoom as well.)

Sure. And instead of everyone whining about this, they should prepare
their DNSSEC setup so microsoft can secure their zone and can rely on
the resolver to use DNSSEC to prevent these types of malware traps.

Paul