ISC Reader's Diary, PHP Include Worm, Trojan in wild that exploits new IE bug , Pacific Earthquake & Tsunami
ISC Reader's Diary
We are planning a diary for the first week of the New Year that is exclusively a "Reader's Diary". This will be a diary of inputs from you, our readers, to the rest of the world. We are looking for inputs that pertain to ISC, the Internet, New Year Predictions, suggestions, 'thank you' notes, almost anything (within reason). We will try to get all of the inputs posted, and they will be available for reading on January 2nd/3rd. Please include your name and valid email address. Names will be posted, however email addresses will be kept private.
Please submit entries to newyear@isc.sans.org by Jan. 2nd 1200hrs GMT to be added to the diary.
PHP Include Worm
It seems I came back from the holiday with the same mess on the Internet that was there when I left. Various forms and copycats of PHP Include worms are out there, and the AV vendors have adopted other nomenclatures to these variants due to the differences between this and the Santy strains. K-Otik has a write-up here: http://www.k-otik.com/news/20041226.PhpIncludeWorm.php
I imagine this will persist as long as people have vulnerable PHP installations out there and do not upgrade, however the methodology of detecting vulnerable machines will continue to change over time.
Trojan in wild that exploits new IE bug
OOPS! Update (by TL, 20:00 GMT):
Looks like we might have mis-spoken on this one. Earlier versions of the diary said that Trojan.Phel.A didn't affect WinXP SP2, but it appears that it only affects that platform. Also, despite what we said, this really didn't tie into the vulnerabilities discussed in the December 23rd diary... Dang. Strike two! Bad Handlers! BAAAAAD Handlers... no donut! (Thank you, James, for pointing that out!)
Symantec has released an alert on the first exploit out there, Trojan.Phel.A. More here: http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.html and
http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm
Thanks to Chris Mosby for the link.
Pacific Earthquake & Tsunami
Our condolences to any affected by the tragedy in South Asia with the earthquake and resulting tsunami.
----
bambenek /at/ gmail -dot- com
We are planning a diary for the first week of the New Year that is exclusively a "Reader's Diary". This will be a diary of inputs from you, our readers, to the rest of the world. We are looking for inputs that pertain to ISC, the Internet, New Year Predictions, suggestions, 'thank you' notes, almost anything (within reason). We will try to get all of the inputs posted, and they will be available for reading on January 2nd/3rd. Please include your name and valid email address. Names will be posted, however email addresses will be kept private.
Please submit entries to newyear@isc.sans.org by Jan. 2nd 1200hrs GMT to be added to the diary.
PHP Include Worm
It seems I came back from the holiday with the same mess on the Internet that was there when I left. Various forms and copycats of PHP Include worms are out there, and the AV vendors have adopted other nomenclatures to these variants due to the differences between this and the Santy strains. K-Otik has a write-up here: http://www.k-otik.com/news/20041226.PhpIncludeWorm.php
I imagine this will persist as long as people have vulnerable PHP installations out there and do not upgrade, however the methodology of detecting vulnerable machines will continue to change over time.
Trojan in wild that exploits new IE bug
OOPS! Update (by TL, 20:00 GMT):
Looks like we might have mis-spoken on this one. Earlier versions of the diary said that Trojan.Phel.A didn't affect WinXP SP2, but it appears that it only affects that platform. Also, despite what we said, this really didn't tie into the vulnerabilities discussed in the December 23rd diary... Dang. Strike two! Bad Handlers! BAAAAAD Handlers... no donut! (Thank you, James, for pointing that out!)
Symantec has released an alert on the first exploit out there, Trojan.Phel.A. More here: http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.html and
http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm
Thanks to Chris Mosby for the link.
Pacific Earthquake & Tsunami
Our condolences to any affected by the tragedy in South Asia with the earthquake and resulting tsunami.
----
bambenek /at/ gmail -dot- com
Keywords:
0 comment(s)
×
Diary Archives
Comments