Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-07-01 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Be on the Lookout for PHP compromises; Will New Anti-Spam Protocols Work?; Internet Survival Time by Sophos; phpBB: anti santy worm again ?

Published: 2005-07-01
Last Updated: 2005-07-01 22:37:49 UTC
by Handlers (Version: 1)
0 comment(s)
Late edition (Kyle Haugsness on duty):

Team Effort Today



Today's shift was really a team effort. Thanks to Swa, Lorna, Deb,
and Scott for covering different hours of the day. -Kyle



Be on the Lookout for PHP compromises



This is a call to all the network and system security folks out there...
Please be on the lookout for web-based intrusions happening in your
environments. There have recently been major vulnerabilities discovered
in phpBB and the XML_RPC libraries, which we have reported in the last
two days.



It's very likely that these vulnerabilities will be utilized to
compromise systems. Try to be vigilant about securing your environment
and reviewing your IDS alerts for attacks.



Will New Anti-Spam Protocols Work?



Not to be negative or anything... But it appears that the SPF (Sender
Policy Framework) and Sender-ID anti-spam approaches have been approved
as "experimental drafts" by IETF. So there is a new poll on the right
with my question. How long before the spammers defeat these methods?



Here are the relevant links:

SPF: http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt

SPF status:
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12662&rfc_flag=0




Sender-ID:
http://www.ietf.org/internet-drafts/draft-lyon-senderid-core-01.txt

Sender-ID status:
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12542&rfc_flag=0




Internet Survival Time by Sophos



Anti-virus company Sophos published their own statistic regarding
"internet survival time". Their number was 12 minutes. The survival
time currently reported by dshield.org is 31 minutes. Their story also
has some interesting statistics on the number of viruses in the first
half of 2005 compared to last year. But don't let it spoil your
weekend. If you are in the security field professionally, just think of
it as job security.



http://www.sophos.com/pressoffice/pressrel/uk/midyearroundup2005.html


Early edition

See also the

phpBB: anti santi worm resurrection?



With the release of the latest phpBB patch, we are seeing a reappearance of what looks like anti santi worm scanning for vulnerable hosts.

If you have been broken into using this method in the recent days we'd love to have a look at the dropped files to see it this is still the anti santy worm or something using the same scanning engine.

(Swa Frantzen on early duty)
Keywords:
0 comment(s)
Diary Archives