What kind of attack, malware is this?

Discussion in 'other security issues & news' started by R2D2, Jan 26, 2006.

Thread Status:
Not open for further replies.
  1. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    I was just curious to what it could've been...

    Recently, I was unable to access specific websites such as my yahoo email, CNN, and certain others. This went on for weeks, (until a reformat :p ). I know it wasn't because their servers were down or overloaded because it's a very slim chance that the same specific websites over a long period of time wouldn't be accessible.

    Was this a Denial of Service attack? o_O
    Any ideas?

    Jeff
     
  2. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Maybe those websites had been added to your hosts file.
     
  3. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Thanks SpikeyB!

    Good to know.
    I'll check that file's contents if it happens again.

    Jeff
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Malware changing the HOSTS file is a very definite possibility.. there's a lot of worms and other malware out there that are still doing this to make it hard for you to disinfect (hard to disinfect when you can't get to a website to download a disinfection tool).. in addition some of these will attempt to kill security software and other tools used in remvoing malware.
     
  5. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Hi Notok,

    Yes, the HOSTS file is a popular target.:blink:
    I guess I could make a backup copy of the file so that if it gets infected, just delete the infected file and reinstall the clean one in its place.

    I thought my Spyware Doctor would protect the host file from infection.o_O

    Jeff
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    If you have all the "On-Guard" settings on, it should.. I suppose it's possible that it got it when it was down, though. There are other possibilities, but that's the most common one.
     
  7. spyware blaster can be keeping backups of hostfiles, so does spybot also winpatrol and spybot can lock host files from attack, i think..
     
  8. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Oops, I don't think I had it set right :blink: , but fixed it.
    Thanks Notok!

    Thanks chocolate doodle. I didn't have any of those running when it happened but good info to have.

    By the way, I just sent you a post to your thread, "What's the best download spot"

    Thanks,
    Jeff
     
Loading...
Thread Status:
Not open for further replies.