Domain Name Registration Related News
New Trojan appears to attack VeriSign
October 02, 2003
A Trojan program has emerged in Australia that may be triggering a concerted assault on VeriSign's domain name
Sophos' antivirus team has confirmed that it is in the preliminary stages of analysing a new Trojan that may be linked to an organised attack on VeriSign's domain name servers. Paul Ducklin, head of technology, Sophos Asia-Pacific, said the Trojan, dubbed Qhost1, seduces the user into going to a Web site that exploits a security vulnerability in Internet Explorer and inserts malicious code onto the victim's personal computer.
Sophos's revelation coincides with unconfirmed reports from a source within the technical ranks of one Australia's major ISPs of a spike in support calls from customers whose DNS server settings had been tampered with, in what appears to be an orchestrated attack on Internet security giant VeriSign.
"It's changing the IP address of the DNS servers from ours [domain name] across to VeriSign's to launch a DoS attack on them," said the source.
The source told ZDNet Australia that the activity appeared to be promoted by a virus or Trojan-like entity targeting Windows 2000 and Windows XP systems.
Ducklin said was unable to confirm that the new Trojan was implicated in the activity described by the source but confirmed it appeared that Qhost1 was designed to alter the DNS setting of its victim PCs.
"This particular Trojan messes up your DNS so in theory it could be targeted against anyone," said Ducklin
Details at: http://news.zdnet.co.uk/business/0,39020645,39116855,00.htm