The "Vista Anti-Virus" has nothing to do with RS 3.0

It is a coincidence due to DNS cache poisoning in your ISP. Here is the full story. You can find the article here.

DNS Flaw Leads To Internet ‘Poisoning’ AttacksBy Stefanie Hoffman, ChannelWeb 4:34 PM EDT Wed. Jul. 09, 2008 The U.S. Computer Emergency Readiness Team issued an advisory Tuesday warning the public that Domain Name Servers (DNS) protocol and implementations contain serious vulnerabilities that open the door for cache poisoning attacks. A cache poisoning attack occurs when an outside hacker creates a fake message that the DNS will accept, which can trick the server into delivering an incorrect request. The error, affecting numerous platforms and vendors, stems from a fundamental flaw in the in the DNS protocol. DNS provides a back and forth translation of host URLs to IP addresses. However, if the attacker is able to determine certain request functions, such as the source port and the query ID, the attacker could be able to send a phony response that is then cached by the DNS server. While DNS cache poisoning as a cyber threat has been around for years, recent research has uncovered faster and more reliable means for hackers to rapidly figure out the query ID and source port in order to exploit these vulnerabilities. “Tools and techniques have been developed that can reliably poison a domain of the attacker’s choosing on most current implementations,” the U.S. CERT advisory said. “Consequently, Web traffic, e-mail and other important network data can be redirected to systems under the attacker’s control.” Ultimately, the error enables cyber attackers to hijack certain Internet domains by redirecting a nameserver’s client to contact a different, and possibly malicious, host site. In a successful attack, a criminal could redirect users’ browsers to a Website with malicious or information stealing code that could allow an attacker to take complete control of their computer. Numerous vendors have either developed or are currently working on fixes for the serious cross-platform flaw. Microsoft addressed the DNS server vulnerability with a patch issued during its scheduled monthly update cycle, which was released Tuesday. The Internet Systems Consortium published a similar patch for its own DNS server, BIND, and more are expected to follow in subsequent days. U.S. CERT recommends that users apply some workarounds to address the error. Until a widespread and effective patch becomes available, the agency recommends that administrators limit or restrict sources that can ask for a recursion or disable altogether the recursion on any nameserver responding to DNS requests made by untrusted systems. Users can also find more effective ways to filter Web traffic at the perimeter while also running a local DNS cache. Security experts say that while the error might not be considered critical, they recommend that users patch this bug as soon as possible “It’s not necessarily a critical issue, but it is the first step in pulling of a hack on somebody else,” said Eric Schultze, CTO of Shavlik Technologies. “Because it’s a multi-vendor issue, it’s going to get a lot of press and going to stern up a lot of consternation.”

Edit: So now that things seem to be a bit more stable a few extra comments.

1) This situation was dangerous and having it happen at the same time as the RS 3.0 launch was unfortunate. The poisoned DNS caches were sending people to a site that downloads a trojan onto your computer. At the beginning of the day, many of the webshield types of products weren’t seeing it. If you haven’t updated your anti malware software sinces yesterday afternoon, you should do it now.

2) Just pointing to an unpoisoned DNS server wouldn’t fix the entire problem. Twice after I made that change, I had the trojan downloader pop up on me. I am not 100% sure why, but I suspect a downstream DNS poison of a server that one of the rotating ads uses. So far things are working fine for me on RS 3.0 (thanks for fixing the issues from yesterday guys!), but that is no guaruntee. We will see if it occurs again if I get a bad ad.

3) I spent my free time yesterday updating my iPhone to software version 2.0. It works very well with RS 3.0, and I can now view all the Youtube links on the phone. For a converged device, I’m really happy with the results.

4) I had the priviledge of helping establish US CERT back in the 90s. I’m stunned that they were able to keep this flaw a secret this long, until a fix was published. Notice how quickly people were able to develop and deploy an exploit. Even with patches being published on Tuesday, a significant trojan was released Friday that used the now public security flaw. Hopefully, some ISPs will learn from this mistake (but I doubt it).

5) When will these bozos learn to spell? I am so tired of malware windows popping up trying to scare the hell out of me, but using broken english. Losers.