Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Other patches and updates du jour...

Published: 2009-02-06
Last Updated: 2011-01-24 23:56:00 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

AREVA e-terrahabitat SCADA systems vulnerabilities, US-CERT Vulnerability Note VU#337569
HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code SSRT080100
Sysinternals updates for Process Explorer v11.33, Autoruns v9.39, and ZoomIt v3.02 here

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Keywords: patches
0 comment(s)

Time to patch your HP printers

Published: 2009-02-06
Last Updated: 2011-01-24 23:55:28 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

HP have released a security bulletin for certain LaserJet printers. They require firmware updates. It is a directory traversal issue in the web admin interface. The vulnerability leads to unauthorized access to arbitrary files stored on the printer(s). The bulletin SSRT080166 is here. The CVE is CVE-2008-4419. Printers tend to be low on the priority list of systems or devices to be patched, this one will likely linger for years to come. The impact might not seem severe, as in the attacker can view the printer configuration, however viewing cached versions of printed documents can be.Other than patching, disallowing access to the web admin interface is likely the only other mitigation.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

0 comment(s)

Fake stimulus payments

Published: 2009-02-06
Last Updated: 2011-01-24 23:55:10 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

Amy sent us in a note regarding an email she had received. It had a subject line of "Economic Stimulus Payment form ID: [SP-251.9475]" and an attachment. The contents were:

"After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a Stimulus Payment.
Please submit the Stimulus Payment form in order to process it.

A Stimulus Payment can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To submit your Stimulus Payment form, please download the attached document.

Note: If filing or preparation fees were deducted from your 2007 Refund or you received a refund anticipation loan, you will be receiving a check instead of a direct deposit.

Regards,
Internal Revenue Service"

Hmm, look fake?

The attachment was a HTML document named: "Economic Stimulus Payment.htm", the contents of which were:

"<scr1pt language="JavaScr1pt">
<!--
w1ndow.location="http://bagatela. com /carrostunados/ wp-content/upgrade";
// -->
</scr1pt>

When we retrieve that page we get:

<scr1pt language="JavaScr1pt">
<!--
w1ndow.location="http://hawsedc. com /thomas/stimulus.refund/0,, id=181665,00.html";
// -->
</scr1pt>

Which gave me a 404 when I attempted to grab a copy.

Moral of the story, if it looks too good to be true, it is. The IRS will hopefully not be emailing out forms for economic stimulus payments any time soon.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Keywords: fake irs stimilus trojan
0 comment(s)
Diary Archives