Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-02-03 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New, Unpatched Office Vulnerability

Published: 2007-02-03
Last Updated: 2007-02-03 14:15:40 UTC
by Lorna Hutcheson (Version: 2)
0 comment(s)
Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Office.  It is currently being reported to target  only Microsoft Excel at this point.  However according to Microsoft's advisory:  "While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable."  It has a CVE entry of CVE-2007-0671. McAfee has given the name Exploit-MSExcel.h to the malware that is known to currently target this new vulnerability.  The Microsoft advisory applies to the following products:

Office 2000
Office XP
Office 2003
Office 2004 for Mac
Office 2004 v. X for Mac


Just keep reminding folks to exercise caution when opening attachments received via email or documents found on the internet. 
Keywords:
0 comment(s)

Solution for: The Twelve Days of Christmas Packet Challenge

Published: 2007-02-03
Last Updated: 2007-02-03 03:26:45 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)
Once again, I want to thank everyone that participated.  I received alot of requests for more packet challenges which warms my heart:>)   This packet challenge was fun to create and the responses back were awesome as well.  I'm working to put together a series of challenges.  I hope to have the first one posted in the very near future so stay tuned!  For this packet challenge, you can find the packets here if you would like to give it a try and missed it over the holidays.  If so, stop reading now cause I'm going to reveal the correct answer.  I would like to say congratulations to the following folks who submitted correct answers and I hope I didn't miss anyone.  A job well done:

Michael Brown and Kenny Long (sent as a joint effort)
Brandon Greenwood
Nicholas Albright
J. Mike Rollins
Morgan Bailey
Andre M. DiMino

 
To solve the packet challenge, you needed to first decode the data contained in each packet.  The data was encoded using Base64.  There are lots of tools and scripts around that will encode/decode Base64 for you.  Once you got the data decoded, you had to decide the correct order the data from the packets should be arranged in to see what the handlers were giving you for Christmas.  The song it was based on was the 12 days of Christmas and the correct ordering of the packets could be accomplished by putting the Sequence Numbers in increasing order.  Here is the data decoded and in its correct order:

On the xxxx day of christmas the handlers gave to me a packet capture in its entirety
On the xxxx day of christmas the handlers gave to me xxxx C&Cs
On the xxxx day of christmas the handlers gave to me xxxx phat bots
On the xxxx day of christmas the handlers gave to me xxxx orange smurfs
On the xxxx day of christmas the handlers gave to me xxxx Token Rings
On the xxxx day of christmas the handlers gave to me xxxx sensors failing
On the xxxx day of christmas the handlers gave to me xxxx worms a spreading
On the xxxx day of christmas the handlers gave to me xxxx servers crashing
On the xxxx day of christmas the handlers gave to me xxxx phishers phishing
On the xxxx day of christmas the handlers gave to me xxxx logs for analyzing
On the xxxx day of christmas the handlers gave to me xxxx hackers hacking
On the xxxx day of christmas the handlers gave to me xxxx geeks a sleeping


I hope everyone who tried this had fun.  If you have questions, please feel free to ask.  If you have some interesting packets that you think might make for a good challenge and can share them, please pass them our way.  We can obfuscate them however you like.  This way we can all learn and have some fun together. 
Keywords:
0 comment(s)
Diary Archives