Is This a Virus?
Edsonet
administrator at yellowhead.com
Thu Aug 3 22:45:20 UTC 2000
Noticed unusually high volume on our DNS server the other day, and
investigated
further. One of our customers appeared to have a virus similar to the
<network.vbs> worm. This worm only uses 2 octets starting at 0.1, whereas the
<network.vbs> virus has a specific starting address. It also uses the full
domain name first, and then <.com>, whereas <network.vbs> just uses the IP
address and then adds the domain name. Search by the customer of his machine
did not locate any unusual vbs files.
Has anyone seen or heard of such a virus. I have not been able to locate
anything like it on the common anti-virus sites. A single machine acting like
this is relatively harmless, but several acting together an bring down a DNS.
J.A. Coutts
Systems Engineer
Edsonet/TravPro
-------------------------------------------
12:10:07 Request from 207.34.82.38 for A-record for .0.1.yellowhead.com.
12:10:08 Request from 207.34.82.38 for A-record for .0.1.yellowhead.com.
12:10:10 Request from 207.34.82.38 for A-record for .0.1.yellowhead.com.
12:10:13 Request from 207.34.82.38 for A-record for .0.1.com.
12:10:15 Request from 207.34.82.38 for A-record for .0.1.com.
12:10:16 Request from 207.34.82.38 for A-record for .0.1.com.
12:10:21 Request from 207.34.82.38 for A-record for .0.2.yellowhead.com.
12:10:23 Request from 207.34.82.38 for A-record for .0.2.yellowhead.com.
12:10:24 Request from 207.34.82.38 for A-record for .0.2.yellowhead.com.
12:10:27 Request from 207.34.82.38 for A-record for .0.2.com.
12:10:29 Request from 207.34.82.38 for A-record for .0.2.com.
12:10:30 Request from 207.34.82.38 for A-record for .0.2.com.
12:10:39 Request from 207.34.82.38 for A-record for .0.3.yellowhead.com.
12:10:40 Request from 207.34.82.38 for A-record for .0.3.yellowhead.com.
12:10:42 Request from 207.34.82.38 for A-record for .0.3.yellowhead.com.
12:10:45 Request from 207.34.82.38 for A-record for .0.3.com.
12:10:46 Request from 207.34.82.38 for A-record for .0.3.com.
12:10:48 Request from 207.34.82.38 for A-record for .0.3.com.
12:10:53 Request from 207.34.82.38 for A-record for .0.4.yellowhead.com.
12:10:55 Request from 207.34.82.38 for A-record for .0.4.yellowhead.com.
12:10:56 Request from 207.34.82.38 for A-record for .0.4.yellowhead.com.
12:10:59 Request from 207.34.82.38 for A-record for .0.4.com.
12:11:01 Request from 207.34.82.38 for A-record for .0.4.com.
12:11:02 Request from 207.34.82.38 for A-record for .0.4.com.
12:11:11 Request from 207.34.82.38 for A-record for .0.5.yellowhead.com.
12:11:12 Request from 207.34.82.38 for A-record for .0.5.yellowhead.com.
12:11:14 Request from 207.34.82.38 for A-record for .0.5.yellowhead.com.
12:11:17 Request from 207.34.82.38 for A-record for .0.5.com.
12:11:18 Request from 207.34.82.38 for A-record for .0.5.com.
12:11:20 Request from 207.34.82.38 for A-record for .0.5.com.
12:11:25 Request from 207.34.82.38 for A-record for .0.6.yellowhead.com.
12:11:27 Request from 207.34.82.38 for A-record for .0.6.yellowhead.com.
12:11:28 Request from 207.34.82.38 for A-record for .0.6.yellowhead.com.
12:11:31 Request from 207.34.82.38 for A-record for .0.6.com.
12:11:33 Request from 207.34.82.38 for A-record for .0.6.com.
12:11:34 Request from 207.34.82.38 for A-record for .0.6.com.
12:11:39 Request from 207.34.82.38 for A-record for .0.7.yellowhead.com.
12:11:41 Request from 207.34.82.38 for A-record for .0.7.yellowhead.com.
12:11:42 Request from 207.34.82.38 for A-record for .0.7.yellowhead.com.
12:11:45 Request from 207.34.82.38 for A-record for .0.7.com.
12:11:47 Request from 207.34.82.38 for A-record for .0.7.com.
12:11:48 Request from 207.34.82.38 for A-record for .0.7.com.
.........and on and on and on........
More information about the bind-users
mailing list