'Twas the night before Christmas, when all through the house Not a creature was stirring, not even a mouse.

Published: 2006-12-24
Last Updated: 2006-12-24 23:38:22 UTC
by Mark Hofman (Version: 1)

Maybe no mice, but if the internet is on, plenty of things are flowing.

First, reports of a few million break and enter in Australia, New Zealand and some of the pacific Islands, possibly related to the unauthorised air traffic in the same regions. Also wanted for littering (not collecting animal droppings).

On a packet note:
Cheat Trojan

Robert reported that a friend downloaded a Battlefield cheat which proceeded to infect his system. We'll be having a look at that one.

Webmin
Gordon has reported that he is seeing some packets with flags (CWR ECE) set, going towards webmin ports. There was a new release back on the 28th of November, but currently no reported vulnerabilities.

Port 855/2967
Port 8555 and 2967 activity has tapered off (for the moment). This specific instance we were looking at looks like a variation of the SAV activity of recent weeks. If your corporate AV is not yet up to date (that is software, not just patterns) then you may still be vulnerable. The timing of this was exquisite, just the few days of the year on which corporate types would be on the net and checking emails, finishing off that last report etc.

SPAM

Spam in AU has tapered off a little as well over the last day or two. One or two readers have reported similar results in their region. Everybody probably has already bought their, medicine, extensions, reductions, software and penny stock for the year. Maybe with the January sales it will start ramping up again.

Happy holidays to all from the ISC

Mark

Keywords:

0 comment(s)

Careful with the seasonal attachments!

Published: 2006-12-24
Last Updated: 2006-12-24 08:21:00 UTC
by Swa Frantzen (Version: 1)

0 comment(s)

Season greetings are all good and fine, but we must alert our respective user bases that those that don't go along with the seasonal spirit are out there to hurt us.

Christmas.exe
Christmas+Blessing-4.ppt
Christmas_Puzzle.exe
...

Any of those can and will get you in trouble. And the reliance on anti-virus software should not be too high. The powerpoint file above was detected badly at the time we got our copy of it:

Vendor	Version	Result
AntiVir	7.3.0.21 12.23.2006	EXP/PPT.Dropper.Gen
Authentium	4.93.8 12.22.2006	no virus found
Avast	4.7.892.0 12.21.2006	no virus found
AVG 386	12.23.2006	no virus found
BitDefender	7.2 12.23.2006	no virus found
CAT-QuickHeal	8.00 12.23.2006	no virus found
ClamAV	devel-20060426 12.23.2006	no virus found
DrWeb	4.33 12.23.2006	no virus found
eSafe	7.0.14.0 12.23.2006	no virus found
eTrust-InoculateIT	23.73.97 12.23.2006	no virus found
eTrust-Vet	30.3.3271 12.23.2006	PP97M/MS06-012!exploit
Ewido	4.0 12.23.2006	no virus found
Fortinet	2.82.0.0 12.23.2006	no virus found
F-Prot	3.16f 12.22.2006	no virus found
F-Prot4	4.2.1.29 12.22.2006	no virus found
Ikarus	T3.1.0.27 12.23.2006	no virus found
Kaspersky	4.0.2.24 12.23.2006	no virus found
McAfee	4925 12.22.2006	no virus found
Microsoft	1.1904 12.23.2006	no virus found
NOD32v2	1936 12.23.2006	no virus found
Norman	5.80.02 12.22.2006	no virus found
Panda	9.0.0.4 12.23.2006	no virus found
Prevx1	V2 12.23.2006	no virus found
Sophos	4.12.0 12.22.2006	no virus found
Sunbelt	2.2.907.0 12.18.2006	no virus found
TheHacker	6.0.3.135 12.20.2006	no virus found
UNA	1.83 12.22.2006	no virus found
VBA32	3.11.1 12.23.2006	no virus found

With thanks to Michael for sending in the powerpoint sample.

The abuse of the season greeting habit by the bad guys isn't somthing new. We warned about it last year (Dec 2005) already. It's still just as a valid as it was then.

--
Swa Frantzen -- Section 66

Keywords:

0 comment(s)

phpBB 2.0.22 - upgrade time

Published: 2006-12-24
Last Updated: 2006-12-24 00:06:02 UTC
by Swa Frantzen (Version: 1)

0 comment(s)

phpBB had an early X-mas gift in the form of a release of phpBB 2.0.22. The release fixes a number of security issues as well as functional issues. The security issues can be summarized as:

Check for the avatar upload directory reinforced

Changes to the criteria for "bad" redirection targets

Fixed a non-persistent XSS issue in private messaging

Fixing possible negative start parameter

Added session checks to various forms

Considering the past exploitation of phpBB vulnerabilites, it might be best not to postpone this upgrade till after the holidays and get to it now.

Don't forget to upgrade both the files and run the script as well as applying the patch to the subSilver template in any derived template you might have.

--
Swa Frantzen -- Section 66

Keywords: phpBB

0 comment(s)

Comments

cwqwqwq

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

dwqqqwqwq mashood

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

What's this all about ..?

password reveal .

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

https://thehomestore.com.pk/

Internet Storm Center

'Twas the night before Christmas, when all through the house Not a creature was stirring, not even a mouse.

Careful with the seasonal attachments!

phpBB 2.0.22 - upgrade time

Comments

www

Nov 17th 2022
4 months ago

EEW

Nov 17th 2022
4 months ago

qwq

Nov 17th 2022
4 months ago

mashood

Nov 17th 2022
4 months ago

isc.sans.edu

Nov 23rd 2022
3 months ago

isc.sans.edu

Nov 23rd 2022
3 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

'Twas the night before Christmas, when all through the house Not a creature was stirring, not even a mouse.

Careful with the seasonal attachments!

phpBB 2.0.22 - upgrade time

Comments

www

Nov 17th 20224 months ago

EEW

Nov 17th 20224 months ago

qwq

Nov 17th 20224 months ago

mashood

Nov 17th 20224 months ago

isc.sans.edu

Nov 23rd 20223 months ago

isc.sans.edu

Nov 23rd 20223 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 26th 20222 months ago

isc.sans.edu

Dec 26th 20222 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 23rd 2022
3 months ago

Nov 23rd 2022
3 months ago

Dec 3rd 2022
3 months ago

Dec 3rd 2022
3 months ago

Dec 26th 2022
2 months ago

Dec 26th 2022
2 months ago