This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects the attempts of Microsoft DNSList utility performing Drive-By download downloading malicious payload.
DNSLint is a Microsoft Windows CL utility that helps you to diagnose common DNS name resolution issues. The tool doesn't verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by
downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of
a normally expected domain name.
- Microsoft Windows with DNSList installed.