Looks like we got us another DNS server trying to poison DNS caches:
218.38.13.108
If you run a larger network, we recommend to block all traffic to this host.

A quick check with 'dig' shows that this server advertises itself as authoritative for '.com', and returns the same IP for all queries to .com domains.

For the particular report we have, the original domain that caused a querry against this DNS server was intelliview.com. (Thanks Adrien for figuring this out!!)

Once your cache is poisoned. All requests to .com hosts are redirected either to 205.162.201.11 or 217.16.26.148. You will see a minimal search enigne like page and an advertisement for _http_://www.privacycash.com (DO NOT CLICK),

dig www.cnn.com @218.38.13.108

; <<>> DiG 9.2.4 <<>> www.cnn.com @218.38.13.108
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59667
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.cnn.com. IN A

;; ANSWER SECTION:
www.cnn.com. 99999 IN A 205.162.201.11
www.cnn.com. 99999 IN A 217.16.26.148

;; AUTHORITY SECTION:
com. 99999 IN NS besthost.co.kr.

;; ADDITIONAL SECTION:
besthost.co.kr. 1800 IN A 218.38.13.108

;; Query time: 236 msec
;; SERVER: 218.38.13.108#53(218.38.13.108)
;; WHEN: Thu Mar 31 16:01:07 2005
;; MSG SIZE rcvd: 105