Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New poll; DNS spikes; Witty worm analysis; LISTSERV vuln; ZoneAlarm clarification

Published: 2005-05-26
Last Updated: 2005-05-26 22:53:49 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)

New poll: Snort interface



Check out the new poll to the right about which Snort
alerting/management interface you like best.


DNS spikes



Some folks have reported strange DNS activity that is occuring in
spikes. The traffic doesn't seem to decode into anything useable
according to the DNS protocols. If you have observed anything strange
in DNS land lately (over UDP), please send over some packet captures.
*joking:* Or it could just be Kaminsky playing around with real-time video
bouncing off public DNS servers. Maybe he's got Episode 3 up there?



Extensive statistical analysis of last year's Witty worm



A new paper has been released that analyzes a huge amount of data from
the Witty worm of March 2004. This paper makes some interesting
conclusions about the initial "Patient 0" and the initial target hit
list that it was seeded with.



The paper: http://www.cc.gatech.edu/~akumar/witty.html



A good article from Rob Lemos at SecurityFocus with some interesting
theories about the author of the worm:
http://www.securityfocus.com/news/11235


Serious vulnerability in L-Soft LISTSERV



A serous vulnerability was released today by NGS Software that affects
the L-Soft LISTSERV mailing list software. If you run this software,
you are highly recommended to update to the latest version:



http://www.lsoft.com/news/securityadvisory2005-05.asp


http://www.securityfocus.com/archive/1/398919/2005-05-23/2005-05-29/0


ZoneAlarm products that are vulnerable to CA VET bug



We reported earlier this week that several ZoneAlarm products include
the VET library from Computer Associates, which has a serious
vulnerability. Today, ZoneLabs released a list of products that include
the anti-virus engine which contains the vulnerable VET dll:



Affected Products:

* ZoneAlarm Anti-virus

* ZoneAlarm Security Suite



Unaffected Products:

* ZoneAlarm and ZoneAlarm Pro

* Check Point Integrity clients and Integrity Server

* Integrity Clientless Security products


Keywords:
0 comment(s)
Diary Archives