Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-02-18 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The 866-PC-SAFETY poll

Published: 2006-02-18
Last Updated: 2006-02-19 02:56:06 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Well, we put the current poll up on Tuesday when we heard about problems installing the KB913446 via Microsoft Update.  In 4 days, we've had over 2600 responses and the surprising result is that more than half of the respondents didn't even know about the number even though it is included at the bottom of all of the Microsoft security bulletins.  I guess Microsoft's marketing folks need to do a better job of publicizing it.  Another common theme in the responses is that the 866 number is only available from the US and Canada.  If there are similar numbers in other contries (I guess there are, see the first link below), that fact needs to be publicized, too.  I think we'll probably be mentioning the number every month on Black Tuesday since calls related to problems with patches are free (as are worm/virus-related calls according to the second link below).

You can find the international support numbers at http://support.microsoft.com/common/international.aspx
Also see http://www.microsoft.com/gp/securityhome for other ways of contacting/getting info from Microsoft about security-related problems.

-----------------------------------
Jim Clausing, jclausing --at-- isc.sans.org
Keywords:
0 comment(s)

New variant of mambo exploit making the rounds

Published: 2006-02-18
Last Updated: 2006-02-19 01:18:35 UTC
by Jim Clausing (Version: 1)
0 comment(s)
We've gotten e-mail from some of our readers that indicates a new variant of the Mambo/XML-RPC exploits from last year (see http://isc.sans.org/diary.php?storyid=870 and http://isc.sans.org/diary.php?storyid=823) are making the rounds.  As far as we can tell, it still exploits the same vulnerabilities, so those who patched last year should be okay, but obviously there are some servers out there that haven't because we have word of a few that have been defaced via this exploit. :(

-------------------------
Jim Clausing, jclausing --at-- isc.sans.org
Keywords:
0 comment(s)

Malware Analysis Quiz 6

Published: 2006-02-18
Last Updated: 2006-02-18 11:59:34 UTC
by Pedro Bueno (Version: 2)
0 comment(s)
UPDATE:
On question 2, when reading 2. Without running the applications, is it possible to identify what the malware can and will do?
please replace to: 2 (a & b). (a) Without running the applications, identify what the malware can/will do, then (b)run the applications and identify addtitional details evident when the applications are run.

Welcome to the Linux world! Yes, this time, for those following my quizes, it is a linux based one...Not much information is available, except for some log files and two suspicious files found on the machine...
I enjoyed to create it, as I hope that you enjoy to answer it!
Check it here! Any comment can be done to me at pbueno //&&// ( isc. sans. org ).


Keywords:
0 comment(s)
Diary Archives