1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Microsoft DNSList Drive-By Download Activity

Web Attack: Microsoft DNSList Drive-By Download Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects the attempts of Microsoft DNSList utility performing Drive-By download downloading malicious payload.

Additional Information

DNSLint is a Microsoft Windows CL utility that helps you to diagnose common DNS name resolution issues. The tool doesn't verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by
downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of
a normally expected domain name.


  • Microsoft Windows with DNSList installed.


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube