Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-03-25 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Updated Security Advisory (917077) and APWG Report released

Published: 2006-03-25
Last Updated: 2006-03-25 22:47:43 UTC
by Patrick Nolan (Version: 1)
0 comment(s)

Microsoft Updated Security Advisory (917077) (Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution) and says "Advisory updated with indication of limited attacks." In this instance, "attacks" = malicious websites. And speaking of attacks/malicious websites, the APWG January Phishing Trends Report (APWG Report graph below) was released and reports "The number of unique phishing websites detected by APWG was 9715 in January 2006, a huge increase in unique phishing sites from the previous two months.". I wonder if the authors of trojans that steal banking information are capable of deploying 9,715 "attack" websites a month with exploits for unpatched IE vulnerabilities? Handler Donald Smith mentioned how easy it'd be to spam links to the world. What's your IE threat analysis folks? Drop me a line!
Update - McAfee calls malware used with an exploit for this vulnerability PWS-PartyPooper.

Keywords:
0 comment(s)

Joker.com confirms DDOS Attack on Nameservers

Published: 2006-03-25
Last Updated: 2006-03-25 20:02:12 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
We received a report yesterday about a DDoS against Joker.com's DNS servers. Thanks for the report! From the site "Joker.com currently experiences massive distributed denial of service attacks against nameservers.
This affects DNS resolution of Joker.com itself, and also domains which make use of Joker.com nameservers.
We are very sorry for this issue, but we are working hard for a permanent solution.
Thank you for your understanding".
Keywords:
0 comment(s)

Deja Vu - PHP(BB) attack increase reports

Published: 2006-03-25
Last Updated: 2006-03-25 19:58:10 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Over the last week or so, ISC participants have been sporadically reporting increases in php(bb) attacks, Websense and Jupiter (graph) are also seeing attack increases.
Keywords:
0 comment(s)

Veritas pulls (some) patches for Backup Exec

Published: 2006-03-25
Last Updated: 2006-03-25 04:43:57 UTC
by Bojan Zdrnja (Version: 2)
0 comment(s)
Symantec yesterday released two new security advisories about vulnerabilities in Veritas Backup Exec.

The first vulnerability, described in SYM06-004 allows a malicious user crashing of the Backup Exec Remote Agent by sending a specially malformed packet.
This leads to a DoS attack on the service, but considering that this is typically used for backups of critical data, the severity could be pretty high (it's easy to imagine a scenario when you need business critical data that was supposed to be backed up yesterday, but it wasn't due to the Backup Exec crashing).
In normal circumstances we would say to update as soon as possible, but it looks like there are some issues with some of the patches (we got a submission from one of our readers, thanks Charles). Symantec also pulled patches for Backup Exec 10d (10.1) and 10.0 for Windows Servers - the original advisory available at http://seer.support.veritas.com/docs/282255.htm says that the hotfix has temporarily been removed and will be re-released later.

The other advisory (SYM06-005) is related to a low risk vulnerability in the Job Engine service. This vulnerability can be exploited only in certain circumstances ("full details" logging has to be enabled, and a user has to host a specially formatted file on their system). Details about this vulnerability can be found at http://seer.support.veritas.com/docs/282254.htm.

UPDATE 2006-03-25

Seems like Symantec re-released the patches. You can download them from the URLs above.





Keywords:
0 comment(s)
Diary Archives