Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-04-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Week of Vista bugs is a hoax

Published: 2007-04-02
Last Updated: 2007-04-03 00:08:26 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Month (or weeks/days/...) of bugs: We try to give them as little publicity as possible in order to discourage the behavior and encourage a bit more responsibility than to disclose vulnerability details in a blog.

Now with April 1st just behind us we were ready for a good laugh with people falling for a hoax or two, but once it's April 2nd, you expect people to resume normal behavior.

Still the first installment of the week of Vista bugs seemed bad on reading it diagonally, but just unfounded and hard to believe at all upon closer inspection.

A friendly contact gave us this link:
https://www.securinfos.info/english/the-week-of-vista-bugs-the-truth.php
Where the perps expose their own hoax.

Just don't believe everything you read on the Internet ... not even on April 2nd and the days after it.

And forget the Week of Vista bugs unless you urgently need a laugh.
--
Swa Frantzen -- NET2S
Keywords:
0 comment(s)

*Microsoft to Release Out-of-Schedule Patch for ANI Vulnerability

Published: 2007-04-02
Last Updated: 2007-04-02 12:45:31 UTC
by Kevin Liston (Version: 1)
0 comment(s)
I don't think this is an April Fools' Hoax. 

The Microsoft Security Response Center blog reports that they "have been working around the clock to test this update and are currently planning to release the security update that addresses this (ANI) issue on Tuesday April 3, 2007."

This is further supported here: www.microsoft.com/technet/security/bulletin/advance.mspx
Keywords:
0 comment(s)

and in other news

Published: 2007-04-02
Last Updated: 2007-04-02 12:40:37 UTC
by Mark Hofman (Version: 1)
0 comment(s)
ANI has been keeping us busy over the last few days, but it hasn't been the only thing that has been going on.  So here is a mini update.
  • ie7.0.exe - This started appearing about the same time as the ANI exploits, mainly on web sites, but currently it is being distributed as SPAM messages.  Typically an image SPAM message which links to a web page with the exploit.  We've seen two names ie7.0.exe and DirectX-10.exe.  Detection rates are improving and most AV products should catch this one.  Once infected the compromised host will start to SPAM (but since we are all blocking executables, especially in emails this shouldn't be much of a problem).
  • PHP scanning - We've had a few reports of PHP scanning coming out of Hong Kong (based on the source addresses).  It seems to be fairly generic as it is hitting sites that do not have HP as well as PHP sites.
  • DST Part 2 - The original Daylight Savings Time start passed on the weekend.  So far the only reports we've had were:
    • Church Bells ringing at the wrong time
    • A web site providing TV guides was out by an hour causing some initial confusion for one user at least
  • April Fools - ISC did not participate in light of the ANI issue (disappointing several handlers who were all geared up to go) , but there were plenty of others who did.  We received a number of emails that got a "check the date" reply.
Mark H
Shearwater
Keywords:
0 comment(s)
Diary Archives