TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET RISK UPDATE for 05-10-2002 ISS X-Force Internet Threat Intelligence Center www.iss.net - Click on the AlertCon logo for more information. ******************************************** ALERTCON 1 Projected: AlertCon 1 ******************************************** ALERTCON 1 - We are at AlertCon 1, the usual unregulated chaos on the Internet. Vulnerabilities: MSN: The MSN Chat control is an ActiveX control that allows groups of users to gather in a single, virtual location online to engage in text messaging. An unchecked buffer exists in one of the functions that handles input parameters in the MSN Chat control. A successful attack could allow code to run in the user's context. Cisco: Cisco has released an advisory for their Network Time Protocol (NTP). This vulnerability can be exploited remotely. The successful exploitation may cause arbitrary code to be executed on the target machine. The vulnerability is present regardless of the role played by the device. The device may be an NTP server or client and it will still be vulnerable. VIRUSES/WORMS: PE_PADANIA.1335 - This variant of PE_PADANIA inserts its code to cavities in a target file. It uses the Entry Point Obscuring (EPO) technique to avoid detection. It does not have a destructive payload. ******************************************** RECOMMENDATIONS ******************************************** MSN: Microsoft has provided a patch for the ActiveX vulnerability in MSN Messenger and Chat. It is recommended that users of these utilities update immediately. Please refer to: http://www.microsoft.com/Downloads/Release.asp?Rel easeID=38790 Cisco: The NTP vulnerability affects many different platforms. Cisco has up-to-date solutions to remedy this problem. To see which platforms have patches currently available, please see: http://www.cisco.com/warp/public/707/NTP-pub.shtml For a list of current vulnerabilities, please see: https://gtoc.iss.net/vulnerabilities.php For information on the PE-PADANIA, please refer to: <http://www.antivirus.com/vinfo/virusencyclo/defau lt5.asp?VName=PE_PADANIA.1335> Information regarding viruses and worms please see: https://gtoc.iss.net/viruses.php ******************************************** FACTOID: U.S. Attorney General John D. Ashcroft is proposing legislation increasing by 2 to 5 years the jail time for persons convicted of aggravated identity theft a crime. "The Department of Justice is committed to seeing to it that criminals and terrorists cannot find refuge in the identities of law-abiding citizens of this country." Since October 1998, 2,223 criminal cases have been filed against 2,899 defendants. ******************************************** ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total ******************************************** Protocol Decode 25.57% Unauthorized Access Attempt 24.89% Suspicious Activity 22.13% Denial Of Service 17.80% Pre-Attack Probe 09.57% Back Door 00.04% ******************************************** TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at) http://www.networkice.com/Advice/Exploits/Ports/de fault.htm ******************************************** 80 (http) 62.83% 161 (SNMP) 11.83% 25 (smtp) 08.83% 69 (tftp) 05.28% 162 (SNMPTrap) 02.55% 22 (ssh) 02.54% 1500 (ADSM/TSM) 02.02% 21 (ftp) 01.84% 139 (NetBIOS) 01.33% 443 (ssl) 00.96% ******************************************** BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER ******************************************** Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2002 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. You can download the public key from MIT's PGP key server and PGP.com's key server. Patrick Gray Manager, X-Force Internet Threat Intelligence Center Internet Security Systems 6303 Barfield Road Atlanta, GA 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPNvrh5G41ROSQPncEQJP4wCgwrkXAcCUUw/Mc+UdR35ic8p5HgoAoJja 4qXwjnZreGSNa5EZLOqRPLbN =AGUV -----END PGP SIGNATURE-----
