TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET THREAT UPDATE for 01-03-2002 ISS X-Force Special Operations Group www.iss.net - Click on 'Current Internet Threat' for more information. ****************************************************** ALERTCON 2 Projected: AlertCon 1 ****************************************************** - - We are at AlertCon 2 and expect to remain there until AOL offers a solution to the vulnerability found in the AOL Instant Messenger (AIM). AOL has confirmed this security hole and has stated that they would have a fix for the vulnerability by the end of the week. The vulnerable feature allows users to invite members of their buddy list to participate in online games, but could allow a hacker to send malicious code to the user's machine. - - Businesses should examine the efficacy of allowing the use of AIM or other chat services within the business environment by weighing the pros and cons of those services. By default, these services have the ability to display the user's name, address, employment and IP address, thus creating additional avenues for compromises via the Internet and through social engineering. It should also be noted that most recent worm activity has utilized chat programs to propagate. - - We continue to see many nuisance mass mailer worms in the wild, such as the iterations of Maldal and a new Trojan named DLDER.A. With folks coming back to work after the holidays, expect numerous e-mail problems associated with these socially engineered worms. Sysadmins are strongly encouraged to ensure that their anti-virus solution of choice is updated with current signatures. - ------------------------------------------------------ RECOMMENDATIONS - ------------------------------------------------------ - - For the AOL IM vulnerability, ISS X-Force recommends that users upgrade to the latest version of AOL Instant Messenger as soon as a fix becomes available. - - Until a fixed version of AOL Instant Messenger is available, system administrators are encouraged to block "login.oscar.aol.com" and port 5190 at the firewall. This will prevent AIM users from logging in to the AIM service. http://xforce.iss.net/alerts/advise107.php - - For information regarding the current worms and viruses moving across the Internet see: http://www.antivirus.com/vinfo/ - ------------------------------------------------------ ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total - ------------------------------------------------------ Unauthorized Access Attempt 44.63% Protocol Decode 23.38% Denial Of Service 14.63% Suspicious Activity 12.05% Pre-Attack Probe 05.23% Back Door 00.08% - ------------------------------------------------------ TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at) http://www.networkice.com/Advice/Exploits/Ports/default.htm - ------------------------------------------------------ 80 (http) 81.96% 21 (ftp) 04.60% 443 (ssl) 03.26% 25 (smtp) 02.51% 22 (ssh) 02.50% 515 (lp,lpr,printer) 01.79% 69 (tftp) 01.11% 6723 (unassigned) 01.03% 15104 (unassigned) 00.65% 137 (netbios-ns) 00.59% - ------------------------------------------------------ BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER - ------------------------------------------------------ Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2001 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Patrick Gray Manager, Internet Threat Intelligence Center X-Force, MSS Special Operations Group Internet Security Systems 6303 Barfield Road Atlanta, GA 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPDSw6pG41ROSQPncEQJR/wCglc2mvyRU3258PNZ2CTWqKTpZyv0AoKS7 ut7nX3X0qz9tD6EtTlhmzYYU =cnal -----END PGP SIGNATURE-----
