Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New poll; DNS spikes; Witty worm analysis; LISTSERV vuln; ZoneAlarm clarification SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New poll; DNS spikes; Witty worm analysis; LISTSERV vuln; ZoneAlarm clarification

New poll: Snort interface

Check out the new poll to the right about which Snort
alerting/management interface you like best.

DNS spikes

Some folks have reported strange DNS activity that is occuring in
spikes. The traffic doesn't seem to decode into anything useable
according to the DNS protocols. If you have observed anything strange
in DNS land lately (over UDP), please send over some packet captures.
*joking:* Or it could just be Kaminsky playing around with real-time video
bouncing off public DNS servers. Maybe he's got Episode 3 up there?

Extensive statistical analysis of last year's Witty worm

A new paper has been released that analyzes a huge amount of data from
the Witty worm of March 2004. This paper makes some interesting
conclusions about the initial "Patient 0" and the initial target hit
list that it was seeded with.

The paper:

A good article from Rob Lemos at SecurityFocus with some interesting
theories about the author of the worm:

Serious vulnerability in L-Soft LISTSERV

A serous vulnerability was released today by NGS Software that affects
the L-Soft LISTSERV mailing list software. If you run this software,
you are highly recommended to update to the latest version:

ZoneAlarm products that are vulnerable to CA VET bug

We reported earlier this week that several ZoneAlarm products include
the VET library from Computer Associates, which has a serious
vulnerability. Today, ZoneLabs released a list of products that include
the anti-virus engine which contains the vulnerable VET dll:

Affected Products:

* ZoneAlarm Anti-virus

* ZoneAlarm Security Suite

Unaffected Products:

* ZoneAlarm and ZoneAlarm Pro

* Check Point Integrity clients and Integrity Server

* Integrity Clientless Security products


112 Posts
May 26th 2005

Sign Up for Free or Log In to start participating in the conversation!