On-going Internet Emergency and Domain Names

Hash: SHA1

There is a current on-going Internet emergency: a critical 0day
vulnerability currently exploited in the wild threatens numerous desktop
systems which are being compromised and turned into bots, and the domain
names hosting it are a significant part of the reason why this attack has
not yet been mitigated.

This incident is currenly being handled by several operational groups.

...and before people starting bashing Gadi for being off-topic, etc.,
I'll side with him on the fact that this particular issue appears to
be quite serious.

Please check the facts regarding this issue before firing up your
flame-throwers -- this weekend could prove to be a quite horrible

- - ferg

So, is there a list of domains that we could null-route if we could convince our DNS managers to set us up as the SOA for those domains on our local DNS servers - thus protecting our own customers somewhat?

I won't discount the assertion that there is some sort of emergency occurring. I would however, like to see a bit of a reference to where we can learn more about what is going on (I assume this is the javascript exploit I heard about a couple days ago).


Fergie wrote:

I'm afraid disclosing these URLs at this time is not wise. The SANS ISC
released strings from them which would help you mitigate.

This email is about the problem with the current incident (which is being
handled) as the latest example of a situation going bad.



No -- it's a 0day in Internet Explorer involving animated cursors --
and it can be spread by visiting an infected web site or even by email.


or see lots of news stories about it at

    --Steve Bellovin, http://www.cs.columbia.edu/~smb

Wow, if both gadi and fergie say its important, it must be a real showstopper.

   Moral indignation is a technique to endow the idiot with dignity.
                                                 - Marshall McLuhan