Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New old virus; Apple patches; Corporations at large

Published: 2005-01-28
Last Updated: 2005-01-30 23:58:51 UTC
by Handlers (Version: 1)
0 comment(s)
The continuation of modified virus still seems to infect networks. Overlooked operating systems, sometimes you overlook the patches for those systems. Mumblings about corporate assets and job security.


Beagle/Bagle:

Various variants of virus seem to still be spreading around. Nothing that is new, but just annoying to those of us that have pledged to protect our networks. The latest is Beagle/Bagle worm/virus.


http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.az@mm.html

http://vil.nai.com/vil/content/v_131351.htm

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AZ


Apple Patches:

Sometimes I forget that there are other operating systems out there besides the obvious ones. Our own handler Swa, was mumbling around and found out that Apple notified subscribed customers only, that patches for the Mac OS X 10.2.8 and 10.3.7 were available. They cover the following:

at commands - local privilege escalation

ColorSync - heap overflow fixed though malformed input files

libxml2 - potentially exploitable buffer overflows

Mail - strange one: CAN-2005-0127: Message-ID info leak

PHP Ė multiple known vulnerabilities

Safari - pop-ups (when not blocked) can mislead users

SquirrelMail - CSS vulnerability fixed


More info at:

http://docs.info.apple.com/article.html?artnum=300770

Corporatations at large:

For most reading this, Iím preaching to the choir. The Beagle/Bagle variant, patches and mysql bot are all just examples of even if we donít know what we are protecting, we should be doing better. With the addition of IPS devices, application filtering firewalls, etc.. etc.. there really should be no excuse of why some of this stuff continues to spread around the networks at large. You canít continue to use just one piece of the technology, you have to Ö? Defense in Depth

With that said, there are various things that companies can do, and very soon will be required to do to further protect these assets. VISA and MasterCard have both released requirements that companies will have to follow in order to process credit cards in the future. I think that we are finally on to something. It doesnít matter how many times Iíve said to ďxĒ company in the past that they need to do ďyĒ now maybe they will start taking this advice more seriously than they would have previously done.

For some of us, protecting these networks is our day job, and allows us to continue to still be employed. So you might say that it is job security. But in the end we also get held responsible for what may or may not happen to these networks.

In the end I love what I do, and I can say that the work I do I take with pride. I often view the networks that Iím employed to protect, as my own, and treat them as such. And when something happens to them, I take a look back and learn from the mistakes Iíve made to better protect them.

Visa CISP information:

http://tinyurl.com/4ph6h

MasterCard SDP information:

https://sdp.mastercardintl.com/



The views expressed here are those of the handler on duty, and do not necessarily reflect the views of the ISC.
Keywords:
0 comment(s)
Diary Archives