Re: ANOTHER possible Windows problem?

[Kris Carlier <root () iguana be>]

David,

> At around 3pm EST all of the Windows 98 boxes at my company suddenly 
> turned their proxy settings on (we don't use a proxy) and set their 
> proxy server to: cache.mycompany.com (substitute mycompany with the name 
> of mycompany) and port 3128.
>
> Now i know port 3128 is a Squid proxy port, so i guess that makes sense, 
> but has anyone ever seen anything like this before? the few win2k boxes 
> are fine, as are the linux boxes. Is there a trojan or something like 
> that where the payload changes proxy settings?
>
> or is it something else entirely?

it's the G8 conference I fear.

stupid wild guess, from one of the 'upgraded' machines, try pinging 
wpad.mycompany.com
and if that works out,  http://wpad.mycompany.com/wpad.dat or conf.pac or
whatever

If that works, find your DNS admin, and forgive him when he's using DDNS
;-)

kr=




                   \\\___///
                  \\  - -  //
                   (  @ @  )
 +---------------oOOo-(_)-oOOo-------------+
 |        kris carlier - kris () iguana be    |
 |   Freedom of speech has been suspended  |
 |          [RESUME] [OK] [CANCEL]         |
 | KC62-RIPE         SMS: +32-475-61.43.05 |
 +------------------------Oooo-------------+
                  oooO   (   )
                 (   )    ) /
                  \ (    (_/
                   \_)

"In 1555, Nostradamus wrote: 'Come the millennium, month 12, in the home of
greatest power, the village idiot will come forth to be acclaimed the
leader.'"



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com