ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Symantec on alert after surge in Net activity

Andrew Colley ZDNet Australia

Published: 03 Oct 2003 11:50 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Symantec's security service has been placed on alert in response to a substantial jump in domain name server-related activity across the globe.

The computer-security specialist has stepped up efforts to monitor network ports associated with domain name servers. Vincent Weafer, senior director of US-based Symantec Security Response, said the company's DeepSight firewall sensors had begun reporting an unusually large volume of networks events commonly associated with DNS activity.

It appears that some of Symantec's concern has been driven by the recent re-appearance of a variety of Trojan that exploits a security flaw in Microsoft's Internet Explorer that allows miscreants to insert malicious code into Windows PCs through Web and HTML content.

The payload delivered by the latest variety of Trojan to appear, Qhosts-1, manipulates the way PCs find Web sites on the Internet. Qhosts-1's alters the PC's domain name server setting -- normally specified by the user's ISP -- and instructs it to link a commonly used search engine site with a network address that appears to belong to a Texas-based ISP.

While Symantec is yet to find the source behind the unusual jump in DNS activity, Weafer said QHosts-1 may be the culprit. However, antivirus companies have given the Trojan a low threat rating, having received few reports of infection and he appears to have some doubts.

"A recent Trojan (Trojan.Qhosts) may be the cause of some or all of this activity, however, of the samples Symantec has received, they all point to google.com," said Weafer.

A higher than reported infection rate of Qhosts-1 is among the possible explanations for the phenomenon Symantec is considering.

According to Weafer there was evidence of links between servers implicated in spamming activities and the Trojan, which he said may point to the possibility that Qhosts-1 has propagated more widely than previously thought possible through email-borne HTML content.

Symantec said the company won't know the cause of the activity spike for 24 hours.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
64 out of 141 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. Since September 20th, 2003, my installed Norton An... Anonymous

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

3rd Line Network Support Engineers: London: 3month initial contract

Owing to rapid expansion, a major service provider is currently seeking senior 3rd line support engineers for an initial 3-month period The ...

Software Development Manager(.Net/Web) - Household name -London(65K+)

You will also be engaged with maintaining relationships with partners and suppliers including ISP's, hardware suppliers and private clients who have ...

3rd Line Support Role, Merseyside, North West -AD, Windows 2003 server

Servers , DHCP Servers and AD DNS) Active Directory Services (Domain Controller Commissioning, Problem Solving Core Active Directoey functions e.g. ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

1 comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers