Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: 'Twas the night before Christmas, when all through the house Not a creature was stirring, not even a mouse. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
'Twas the night before Christmas, when all through the house Not a creature was stirring, not even a mouse.

Maybe no mice, but if the internet is on, plenty of things are flowing.

First, reports of a few million break and enter in Australia, New Zealand and some of the pacific Islands, possibly related to the unauthorised air traffic in the same regions.  Also wanted for littering (not collecting animal droppings).

On a packet note:  
Cheat Trojan

Robert reported that a friend downloaded a Battlefield cheat which proceeded to infect his system. We'll be having a look at that one. 

Webmin
Gordon has reported that he is seeing some packets with flags (CWR ECE) set, going towards webmin ports. There was a new release back on the 28th of November, but currently no reported vulnerabilities.

Port 855/2967
Port 8555 and 2967 activity has tapered off (for the moment).  This specific instance we were looking at looks like a variation of  the SAV activity of recent weeks.  If your corporate AV is not yet up to date (that is software, not just patterns) then you may still be vulnerable.  The timing of this was exquisite, just the few days of the year on which corporate types would be on the net and checking emails, finishing off that last report etc.

SPAM

Spam in AU has tapered off a little as well over the last day or two.  One or two readers have reported similar results in their region.  Everybody probably has already bought their, medicine, extensions, reductions, software and penny stock for the year.   Maybe with the January sales it will start ramping up again.

Happy holidays to all from the ISC

Mark
Mark

391 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!