Breaking news… it appears that Symantec firewalls with DNS caching enabled have been exploited and are being used in a DNS cache poisoning scheme to redirect users to malicious sites where their machines are being exploited with ActiveX-containing toolbars. My suggestions:
- Disable DNS caching
- Replace the Symantec firewall if possible
- Stop using IE.
Details, sketchy as they are, at: http://isc.sans.org/diary.php?date=2005-03-04