Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-11-09 InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IE Exploit Email; DNS Vulnerability; Microsoft Patch Day

Published: 2004-11-09
Last Updated: 2004-11-09 18:25:46 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
IE Exploit Email. The Storm Center has received several reports of a hostile email that contains a link (not an attachment) that points to code exploiting the recently announced Internet Explorer vulnerabilities. The email has text similar to this:

Congratulations! PayPal has successfully charged $175
to your credit card. Your order tracking number is
A866DEC0, and your item will be shipped within three
business days.

To see details please click this 'link'
being sent by an automated message system and the reply
will not be received.

Thank you for using PayPal.

Clicking on the embedded link points the victim to a previously infected computer, downloads the exploit code, and infects the victim if the victim is using Internet Explorer on any Windows platform other than WinXP SP2. No patches are available (yet) from Microsoft. If today's Microsoft bulletins address this issue we will update this diary entry. The best mitigation is to avoid using Internet Explorer until patches are available. Take a look at Firefox from the Mozilla project team as an optional browser. Version 1.0 was released today.

DNS Vulnerability. The United Kingdom's National Infrastructure Security Co-ordination Centre (NISCC) published a bulletin today about vulnerabilities in various DNS implementations. Please note that ISC-BIND is not vulnerable to this issue. If successfully exploited, an attacker could cause a denial of service condition on a DNS server. Details are at

Microsoft "Patch Day" Today. Today is the second Tuesday of the month. Right on schedule, Microsoft published their monthly security summary:

There is only one issue listed: MS04-039 Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258). The issue is rated IMPORTANT by Microsoft and only affects this software:

Microsoft Internet Security and Acceleration Server 2000 SP 1 and 2

Microsoft Small Business Server 2000 (includes Microsoft Internet Security and Acceleration Server 2000)

Microsoft Small Business Server 2003 Premium Edition (includes Microsoft Internet Security and Acceleration Server 2000)

Microsoft Proxy Server 2.0 Service Pack 1

Unfortunately there is no mention of the new vulnerabilities in Internet Explorer. Stay tuned...
Marcus H. Sachs

Handler on Duty
0 comment(s)
Diary Archives