[95545] in North American Network Operators' Group
Re: On-going Internet Emergency and Domain Names
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Mar 30 22:57:56 2007
Date: Fri, 30 Mar 2007 22:48:51 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Jeff Shultz <jeffshultz@wvi.com>
Cc: nanog@merit.edu
In-Reply-To: <460DCB07.5090701@wvi.com>
Errors-To: owner-nanog@merit.edu
On Fri, 30 Mar 2007 19:44:23 -0700
Jeff Shultz <jeffshultz@wvi.com> wrote:
>
> So, is there a list of domains that we could null-route if we could
> convince our DNS managers to set us up as the SOA for those domains
> on our local DNS servers - thus protecting our own customers somewhat?
>
> I won't discount the assertion that there is some sort of emergency
> occurring. I would however, like to see a bit of a reference to where
> we can learn more about what is going on (I assume this is the
> javascript exploit I heard about a couple days ago).
>
No -- it's a 0day in Internet Explorer involving animated cursors --
and it can be spread by visiting an infected web site or even by email.
See
http://blogs.zdnet.com/security/?p=141&tag=nl.e622
http://www.avertlabs.com/research/blog/?p=230
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAX&VSect=T
or see lots of news stories about it at
http://news.google.com/?ned=us&ncl=1114901719&hl=en
--Steve Bellovin, http://www.cs.columbia.edu/~smb