Looked at the main site, for the Internetsecuritydeluxe and didn't find anything malicious about it in fiddler.
Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2008 11:01 AM To: NT System Admin Issues Subject: Re: Major DNS protocol issue effecting most implementations of DNS >From what I can tell, boston.com disabled pop-ups yesterday afternoon/evening for a time, but they are back on full power this morning. No pop-ups in FF of course, but IE cant seem to handle supressing them. I leave certain sites open in IE to check for behavior - and this is what I noticed yesterday. On Fri, Jul 11, 2008 at 10:58 AM, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote: > I was never able to determine the originating pop-up. It redirected > the page it popped-up from (boston.com), and then closed itself. The > page it redirected to is this: > > http://internetsecuritydeluxe.com/scanner/scan.php?landid=54&depid=maxc% 5Fisd08&cid=2271&parid=mc%5F1810746031 > > > On Thu, Jul 10, 2008 at 4:29 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote: >> You got a copy of the source of that page, that is doing a popup to do >> the re-direct? It might be another SQL injection attack from a few weeks >> ago. >> Z >> >> Edward E. Ziots >> Network Engineer >> Lifespan Organization >> MCSE,MCSA,MCP,Security+,Network+,CCA >> Phone: 401-639-3505 >> >> -----Original Message----- >> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] >> Sent: Thursday, July 10, 2008 2:08 PM >> To: NT System Admin Issues >> Subject: Re: Major DNS protocol issue effecting most implementations of >> DNS >> >> One of Boston.com's pop-up advertisers is currently redirecting to a >> download. Is it the DNS exploit in action? I dunno, but the timing is >> impeccable - and is exactly what I have been expecting to see. >> >> >> On Thu, Jul 10, 2008 at 12:44 PM, Micheal Espinola Jr >> <[EMAIL PROTECTED]> wrote: >>> Don't just hope. Bring it up as an issue with them. >>> >>> On Thu, Jul 10, 2008 at 10:25 AM, Joe Heaton <[EMAIL PROTECTED]> >> wrote: >>>> Well, I used the tool that was referenced on the site below, and it >>>> seems my upstream name server is susceptible to this problem, so >>>> hopefully they will be patching too. I have already patched my DNS >>>> server, and I'm working on the client side patch now... >>>> >>>> Joe Heaton >>>> -----Original Message----- >>>> From: Ken Schaefer [mailto:[EMAIL PROTECTED] >>>> Sent: Wednesday, July 09, 2008 6:58 PM >>>> To: NT System Admin Issues >>>> Subject: RE: Major DNS protocol issue effecting most implementations >> of >>>> DNS >>>> >>>> And what if the cache of your upstream is a victim of this attack? >> :-) >>>> >>>> So, yes, internally you probably don't have much to fear (unless you >>>> have a malicious employee, or someone else has already come in via >> some >>>> other means and this is a second part of an attack). But you either >> need >>>> to refer back to root servers or upstream DNS servers for other >> zones, >>>> and it's possible that they might be compromised (well, probably not >> the >>>> root servers) >>>> >>>> Cheers >>>> Ken >>>> >>>>> -----Original Message----- >>>>> From: Joe Heaton [mailto:[EMAIL PROTECTED] >>>>> Sent: Thursday, 10 July 2008 2:04 AM >>>>> To: NT System Admin Issues >>>>> Subject: RE: Major DNS protocol issue effecting most implementations >>>> of DNS >>>>> >>>>> So this is pointed more at public name servers, right? Not internal >>>>> DNS? I do our internal stuff, but forward everything else to our >>>> "ISP", >>>>> which is another state agency. >>>>> >>>>> Joe Heaton >>>>> >>>>> -----Original Message----- >>>>> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] >>>>> Sent: Wednesday, July 09, 2008 8:33 AM >>>>> To: NT System Admin Issues >>>>> Subject: Re: Major DNS protocol issue effecting most implementations >>>> of >>>>> DNS >>>>> >>>>> This blog has a good overview and some relevant info in the comments >>>>> (a lot of bs in there too though): >>>>> >>>>> >>>> >> <http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issu >>>>> e-in-dns-massive-multivendor-patch-released/> >>>>> >>>>> On Wed, Jul 9, 2008 at 11:23 AM, Micheal Espinola Jr >>>>> <[EMAIL PROTECTED]> wrote: >>>>> > Affected systems include both client and server systems [that >>>>> > implement DNS caching and stub resolution], and any other >> networked >>>>> > systems that include this functionality. >>>>> > >>>>> > * US-CERT (TA08-190B) Multiple DNS implementations vulnerable to >>>> cache >>>>> > poisoning - >>>>> > <http://www.us-cert.gov/cas/techalerts/TA08-190B.html> >>>>> > * Microsoft Security Bulletin MS08-037 - >>>>> > >>>>> <http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx> >>>>> > >>>>> > -- >>>>> > ME2 >>>>> > >>>>> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>>> > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>>> > >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> ME2 >>>>> >>>>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>>> >>>>> No virus found in this incoming message. >>>>> Checked by AVG. >>>>> Version: 8.0.101 / Virus Database: 270.4.6/1540 - Release Date: >>>> 7/8/2008 >>>>> 6:33 AM >>>>> >>>>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>> >>>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>> >>>> No virus found in this incoming message. >>>> Checked by AVG - http://www.avg.com >>>> Version: 8.0.138 / Virus Database: 270.4.7/1542 - Release Date: >> 7/9/2008 >>>> 6:50 AM >>>> >>>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>> >>> >>> >>> >>> >>> -- >>> ME2 >>> >>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >> >> >> >> >> -- >> ME2 >> >> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >> >> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >> > > > > -- > ME2 > -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
