TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET THREAT UPDATE for Dec 4th, 2001 ISS X-Force Special Operations Group ****************************************************** ALERTCON 1 ****************************************************** **********************ALERT*************************** !!!!!! - We have just discovered that there is a new mass-mailer virus in the wild and it is named W_Gone.A. The Worm is delivered via e-mail and the message begins with "Hi" This worm is a PE EXE file that spreads itself using Outlook and ICQ, if it's installed. It's trying to run scripts on IRC channels; and, the worm connects itself to the Outlook address book and sends itself to all the addresses with an attachment of itself. This worm is a Visual Basic-compiled Windows executable, which is capable of propagating via email in MS Outlook and possibly via ICQ. This Worm is rated a medium risk at this time!!!!!! - - We remain at AlertCon 1 and will continue to monitor the growth of the Worm_Gone.A. - ------------------------------------------------------ RECOMMENDATIONS - ------------------------------------------------------ - - For the W32.Worm.A, your Anti-Virus vendor should have a solution within a matter of hours. Please refer to your vendor's site or refer to these sites: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_GO NE.A http://www.europe.fsecure.com/v-descs/goner.shtml - ------------------------------------------------------ ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous day, % of total - ------------------------------------------------------ Protocol Decode 63.40% Unauthorized Access Attempt 21.79% Suspicious Activity 06.99% Denial Of Service 06.18% Pre-Attack Probe 01.62% Back Door - ------------------------------------------------------ TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at http://www.iana.org/assignments/port-numbers - ------------------------------------------------------ 80 (http) 87.36% 23 (telnet) 04.65% 15104 (unassigned) 03.69% 21 (ftp) 01.37% 25 (smtp) 01.13% 12754 (unassigned) 00.50% 22 (ssh) 00.38% 137 (NETBIOS) 00.36% 69 (tftp) 00.32% 143 (imap) 00.23% - ------------------------------------------------------ BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER - ------------------------------------------------------ Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2001 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Patrick Gray Manager, Internet Threat Intelligence Center MSS Special Operations Group 6303 Barfield Road Atlanta, GA 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBPAz8ypG41ROSQPncEQKLqgCg/zJnkurqOQMIC/qC+WxFJdqgmLwAnRgr d5x7inRh1fYOYM4XLPGB50i1 =gJZb -----END PGP SIGNATURE-----
