TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET THREAT UPDATE for 02-04-2002 ISS X-Force Internet Threat Intelligence Center www.iss.net - Click on 'Current Internet Threat' for more information. ****************************************************** ALERTCON 1 Projected: AlertCon 1 ****************************************************** ALERTCON 1 - AlertCon 1 reflects the malicious, determined, global, 24 x 7 attacks experienced by all networks. Security Rollup patches which also cover the 'trust' function vulnerability are available for NT 4.0 as well as Windows 2000 running service pack 2. Microsoft: A vulnerability has been discovered in Windows NT 4.0 and 2000 in the 'trust' functions of domains that may allow a privileged escalation. WU-FTPD: Scanning activity continues looking for this vulnerability. The known exploits of this vulnerability may allow attackers to execute arbitrary code resulting in root compromise. SSH: Information from our Global sensor database continues to indicate an increase in SSH scanning across the Internet. This coordinated reconnaissance effort has been observed across several networks. VIRUSES/WORMS: A couple of new viruses out there, Comical, a mass-mailer, and Nomed, a macro-type. No real danger in these, just of the nuisance variety. Please update your anti-virus signatures. ****************************************************** RECOMMENDATIONS ****************************************************** For Microsoft information, please refer to: https://gtoc.iss.net/secure/currentthreat.php#recommendations For the Wu-ftpd vulnerability, System administrators should limit access to the Wu-ftpd service, disable anonymous FTP access, or disable the FTP service entirely until properly patched by your vendor. For additional details and links to vendor patches see X-Force and Aris alerts: http://xforce.iss.net/alerts/advise103.php http://aris.securityfocus.com/alerts/wuftpd/011128-Alert-wuftpd.pdf With respect to SSH, System administrators should closely monitor port 22 traffic for increased or unusual scanning activity and see: http://www.linuxjournal.com//article.php?sid=5672 For further virus and worm information, please refer to: https://gtoc.iss.net/secure/viruses.php For more vulnerabilities and solutions, please see: https://gtoc.iss.net/secure/vulnerabilities.php ****************************************************** FACTOID: A survey suggests British businesses may be losing more than a billion pounds each year on email. The research found staff resources are increasingly being tied up on email administration, according to Ananova.com. More than half those questioned said the deluge is stopping them from working productively. Sixty-two per cent of respondents say sorting emails is adding to their stress because it is preventing them from concentrating on other tasks. A further 58% said their email workload means they end up working late or through their lunch breaks. The research was carried out on behalf of Mitsubishi Electric Telecom Europe. NEWS: President Bush To Realign Information Security Budget: http://www.newsfactor.com/perl/story/16153.html U.S. Military Prepares for Cyberattacks: http://www.pcworld.com/news/article/0,aid,82363,tk,dn020102X,00.asp Hackers hijack routers: http://news.com.au/technology_story/0,6257,3712626%255E15318,00.html Computer security bill backed by ITAA: http://www.computeruser.com/news/02/02/04/news11.html ***************************************************** ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total ***************************************************** Unauthorized Access Attempt 39.10% Protocol Decode 37.10% Pre-Attack Probe 09.71% Suspicious Activity 09.35% Denial Of Service 04.72% Back Door 00.01% ***************************************************** TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at) http://www.networkice.com/Advice/Exploits/Ports/default.htm ***************************************************** 80 (http) 83.45% 22 (ssh) 09.23% 21 (ftp) 03.68% 25 (smtp) 01.56% 6768 (unassigned) 00.44% 139 (NetBIOS) 00.43% 68 (bootpd/dhcp) 00.40% 443 (ssl) 00.33% 1028 (unassigned) 00.26% 515 (lp,lpr,printer) 00.21% ****************************************************** BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER ****************************************************** Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2001 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Patrick Gray Manager, X-Force Internet Threat Intelligence Center Internet Security Systems 6303 Barfield Road Atlanta, GA 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPF7WwZG41ROSQPncEQL6gwCfevNt5wHjE7ei9xFzfrecZjF7780An1Eo EbEA7jOMfmGYFw3vDfWzJt7F =gZvA -----END PGP SIGNATURE-----
