TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET THREAT UPDATE for 02-05-2002 ISS X-Force Internet Threat Intelligence Center www.iss.net - Click on 'Current Internet Threat' for more information. ****************************************************** ALERTCON 1 Projected: AlertCon 1 ****************************************************** ALERTCON 1 - AlertCon 1 reflects the malicious, determined, global, 24 x 7 attacks experienced by all networks LOTUS DOMINO: A vulnerability exists that allows a malicious user to bring down the Web server. The Domino Web server does not handle URL requests for DoS-Devices correctly. This vulnerability can be exploited by a malicious user to bring down the web server. Microsoft: A vulnerability has been discovered in Windows NT 4.0 and 2000 in the 'trust' functions of domains that may allow a privileged escalation. Security Rollup patches which also cover the 'trust' function vulnerability are available for NT 4.0 as well as Windows 2000 running service pack 2. VIRUSES/WORMS: A new Trojan is out in the wild, TROJ_DSNX.A. This destructive Win32 Trojan enables a remote hacker access to an infected computer. It compromises network security. There are also a couple of new mass-mailer type worms out there as well. ****************************************************** RECOMMENDATIONS ****************************************************** For Lotus Domino information and upgrades, please refer to: http://www.securiteam.com/windowsntfocus/5OP06156AO.html http://notes.net/qmrdown.nsf For the Microsoft solutions, please go to: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q299444&ID=299 444%20target=%20blank and http://www.microsoft.com/windows2000/downloads/critical/q311401/defaul t.asp For information regarding the YROJ_DSNX.A Trojan, please see: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DS NX.A For information on other viruses and worms, please see: https://gtoc.iss.net/secure/viruses.php ****************************************************** FACTOID: New numbers from the U.S. Commerce Department indicate that in 2001, the number of Americans who use the Web passed the 50% mark for the first time. The report found that 143 million Americans, or 54 percent of the population, were using the Internet as of September, up from 26 percent a year earlier. E-mail continues to be the favorite activity, regularly used by 45 percent of the population (up from 35% in 2000). The figures for young people aged 5-17 are especially noteworthy, with 90 percent now using computers. The study also indicated that the so-called 'digital divide' is narrowing, with Internet use among the poorest citizens -- those earning less than $15,000 per household - up 25 percent, while growth among the richest households is up only 11 percent. (Wall Street Journal 4 Feb 2002) ***************************************************** NEWS: Who's to blame when hackers hack? Here's who: http://www.zdnet.com/anchordesk/stories/story/0,10738,2845286,00.html Hacktivists claim coup against global leaders site: http://www.theregister.co.uk/content/55/23928.html SuSE 7.3 offers solid server reach and desktop usability: http://www.techrepublic.com/article_guest.jhtml?id=r00320020204cnt01.h tm&fromtm=e101-6 For additional news items, please refer to: https://gtoc.iss.net/secure/inthenews.php ***************************************************** ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total ***************************************************** Unauthorized Access Attempt 44.87% Protocol Decode 28.94% Pre-Attack Probe 17.73% Denial Of Service 05.96% Suspicious Activity 02.49% Back Door 00.02% ***************************************************** TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at) http://www.networkice.com/Advice/Exploits/Ports/default.htm ***************************************************** 80 (http) 85.28% 21 (ftp) 10.13% 25 (smtp) 01.79% 443 (ssl) 00.95% 139 (NetBIOS) 00.57% 515 (lp,lpr,printer) 00.42% 30 (freeSM) 00.22% 110 (POP3) 00.22% 68 (bootpd/dhcp) 00.22% 15104 (unassigned) 00.20% ****************************************************** BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER ****************************************************** Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2001 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Patrick Gray Manager, X-Force Internet Threat Intelligence Center Internet Security Systems 6303 Barfield Road Atlanta, GA 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPGATf5G41ROSQPncEQImSACgiTqKeAr0i8P+46fxm7YvWiexkDYAn0xo Kfk30cwTxmi+gYhfXYoi+a3O =TXyo -----END PGP SIGNATURE-----
