[dns-operations] Microsoft name servers hijacked?

Robert Edmonds edmonds at isc.org
Sat Oct 16 19:01:14 UTC 2010


Stephane Bortzmeyer wrote:
> Does anyone have technical details?
> 
> http://cyberinsecure.com/microsoft-dns-hijacked-ip-addresses-are-used-to-push-farma-spam/

based on the IPs provided in the article, here is what i see in DNSDB:

    http://users.isc.org/~edmonds/microsoft_hijacks.txt
    http://users.isc.org/~edmonds/microsoft_hijack_rrsets.txt

it goes back further than the september 22 date given in the article:

    ;; first seen in zone file: 2010-04-13 16:13:17 -0000
    [...]
    ;; first seen in zone file: 2010-10-15 16:10:04 -0000

    ;;  last seen in zone file: 2010-04-18 16:12:07 -0000
    [...]
    ;;  last seen in zone file: 2010-10-15 16:10:04 -0000

    (based on TLD zone file data)

and

    ;; first seen: 2010-06-24 03:30:01 -0000
    [...]
    ;; first seen: 2010-10-15 20:35:14 -0000

    ;;  last seen: 2010-06-25 07:29:18 -0000
    [...]
    ;;  last seen: 2010-10-16 17:08:10 -0000


    (based on passive DNS data)

-- 
Robert Edmonds
edmonds at isc.org



More information about the dns-operations mailing list