[dns-operations] Microsoft name servers hijacked?
Robert Edmonds
edmonds at isc.org
Sat Oct 16 19:01:14 UTC 2010
Stephane Bortzmeyer wrote:
> Does anyone have technical details?
>
> http://cyberinsecure.com/microsoft-dns-hijacked-ip-addresses-are-used-to-push-farma-spam/
based on the IPs provided in the article, here is what i see in DNSDB:
http://users.isc.org/~edmonds/microsoft_hijacks.txt
http://users.isc.org/~edmonds/microsoft_hijack_rrsets.txt
it goes back further than the september 22 date given in the article:
;; first seen in zone file: 2010-04-13 16:13:17 -0000
[...]
;; first seen in zone file: 2010-10-15 16:10:04 -0000
;; last seen in zone file: 2010-04-18 16:12:07 -0000
[...]
;; last seen in zone file: 2010-10-15 16:10:04 -0000
(based on TLD zone file data)
and
;; first seen: 2010-06-24 03:30:01 -0000
[...]
;; first seen: 2010-10-15 20:35:14 -0000
;; last seen: 2010-06-25 07:29:18 -0000
[...]
;; last seen: 2010-10-16 17:08:10 -0000
(based on passive DNS data)
--
Robert Edmonds
edmonds at isc.org
More information about the dns-operations
mailing list