Re: Viruset dhe parandalimi i tyre!
Per ata qe jane te interesuar dhe qe mund t'u sherbeje ky informacion:
Ka qe ne daten 3 Mars qe eshte raportuar "DNS Cache Poisoning" nga faqe/site te ndyshme ne internet, duke rezultuar ne ri-drejtimin e perdoruesve neper faqe qe shperndajne spyware, viruse dhe lloje te tjera malware, duke futur ketu dhe faqe shume te perdorura si Google, Yahoo, CNN, etj. Me te rrezikuar ndaj ketij fenomeni jane serverat DNS qe ngrihen mbi WinNT4 dhe Win2000. Win2003 eshte me konfigurim qe e menjanon(disi') kete lloj sulmi.
Gjithashtu eshte konfirmuar qe disa produkte te Symantec lejojne helmimin e DNS Cache, ku perfshihen:
Symantec Gateway Security 5400 Series, v2.x
Symantec Gateway Security 5300 Series, v1.0
Symantec Enterprise Firewall, v7.0.x (Windows dhe Solaris)
Symantec Enterprise Firewall v8.0 (Windows dhe Solaris)
Symantec VelociRaptor, Model 1100/1200/1300 v1.5
Ata qe kane keto software ne perdorim te drejtohen per me shume informacione ne faqet e suportit te Symantec.
Disa pjese te shkeputura lidhur me helmimin e DNS cache:
We have confirmation that the following software products are
vulnerable:
1. Windows NT4 and 2000 DNS servers.
The default configuration of the DNS server on Windows NT 4 and 2000
IS INSECURE against DNS cache poisoning attacks. By default, the
DNS server does NOT protect you against DNS cache poisoning. If you
run a resolving nameserver on Windows NT 4 or Windows 2000 (2003 is
configured securely by default), you are HIGHLY ADVISED to follow
the instructions here to protect yourself from these attacks:
http://support.microsoft.com/default.aspx?scid=kb;en-us;241352
2. Symantec gateway products.
There was a confirmed bug that allowed DNS cache poisoning in
various Symantec products. A patch was released on March 15, 2005
for the following products:
Symantec Gateway Security 5400 Series, v2.x
Symantec Gateway Security 5300 Series, v1.0
Symantec Enterprise Firewall, v7.0.x (Windows and Solaris)
Symantec Enterprise Firewall v8.0 (Windows and Solaris)
Symantec VelociRaptor, Model 1100/1200/1300 v1.5
We have received reports that Windows 2003 and NT4/2000 (with the proper
registry key settings) are still vulnerable. We are currently working
with Microsoft to determine whether there is a bug or architectural
problem in their DNS software.
Possible theory #1: Windows DNS servers that forward to BIND nameservers
do not ignore the additional authority records in the DNS replies. In
this scenario, we think that the "secure cache against poisoning"
registry keys are just being ignored.
Additionally, we have received reliable reports from sites that were
poisoned by this attack altough they were running BIND entirely. By
default, the various UNIX-based DNS servers are not vulnerable to this
attack. However, it may be possible to make them insecure through poor
configuration choices.
.
.
.
The motivation for these attacks is very simple: money. The end goal of
the first attack was to install spyware/adware on as many Windows
machines as possible. A good spyware/adware program can generate
significant revenue for the attacker.
.
Ketu
mund te gjeni artikullin e plote si dhe me shume informacion.
ocuments and SettingsUserLocal Settings. Me e cuditshmja eshte se jote gjithe programet e konceptojne nje spyware si te tille. Nortoni madje i percepton dissa si viruse, te tilla si ad-wares or dial programs or log files.