TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET THREAT UPDATE for 01-02-2002 ISS X-Force Special Operations Group www.iss.net - Click on 'Current Internet Threat' for more information. ****************************************************** ALERTCON 2 Projected: AlertCon 2 ****************************************************** - - We enter 2002 at AlertCon 2 and will remain there until at least Friday. There is a reported vulnerability in the AOL Instant Messenger (AIM). Internet Security Systems (ISS) X-Force has learned of a remote buffer overflow vulnerability in the popular AOL Instant Messenger (AIM) software. An exploit for this vulnerability has been released publicly. This vulnerability may allow remote attackers to execute arbitrary commands on a victim's system. The victim is unable to refuse the request or determine who initiated the attack. - - We continue to see many nuisance mass mailer worms in the wild and with folks coming back to work after the holidays, expect numerous e-mail problems associated with these socially engineered worms. Sysadmins are strongly encouraged to ensure that their anti-virus solution of choice is updated with current signatures. - ------------------------------------------------------ RECOMMENDATIONS - ------------------------------------------------------ - - For the AOL IM vulnerability, ISS X-Force recommends that users upgrade to the latest version of AOL Instant Messenger as soon as a fix becomes available. Until a fixed version of AOL Instant Messenger is available, system administrators are encouraged to block "login.oscar.aol.com" and port 5190 at the firewall. This will prevent AIM users from logging in to the AIM service. - - For information regarding the multiple vulnerabilities in the Universal Plug and Play Service please refer to the X-Force Alert: http://xforce.iss.net/alerts/advise106.php - - For information regarding the serious vulnerability in the login program present in the SysV derived systems, please refer to the X-Force Advisory: http://xforce.iss.net/alerts/advise105.php - - For Microsoft solutions to their various vulnerabilities, please refer to: http://www.microsoft.com/security - - For information regarding the current worms and viruses moving across the Internet see: http://www.antivirus.com/vinfo/ - ------------------------------------------------------ ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total - ------------------------------------------------------ Unauthorized Access Attempt 40.33% Protocol Decode 33.05% Suspicious Activity 16.83% Denial Of Service 06.65% Pre-Attack Probe 03.10% Back Door 00.03% - ------------------------------------------------------ TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at) http://www.networkice.com/Advice/Exploits/Ports/default.htm - ------------------------------------------------------ 80 (http) 81.50% 21 (ftp) 08.21% 22 (ssh) 03.33% 515 (lp,lpr,line prntr) 02.77% 69 (tftp) 01.56% 25 (smtp) 00.82% 443 (ssl) 00.70% 161 (SNMP) 00.41% 53 (DNS) 00.37% 6346 (unassigned) 00.31% - ------------------------------------------------------ BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER - ------------------------------------------------------ Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2001 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Patrick Gray Manager, X-Force Internet Threat Intelligence Center Internet Security Systems 6303 Barfield Road Atlanta, GA 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPDOp1pG41ROSQPncEQJxMwCg7wrpSw0FTVYBIRtk9iuZ6Jm8fzsAoI9Q JwM76tuPasF5x8n55NQ5Vj9M =7kig -----END PGP SIGNATURE-----
