TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 INTERNET RISK UPDATE for 05-16-2002 ISS X-Force Internet Threat Intelligence Center www.iss.net - Click on the AlertCon logo for more information. ******************************************** ALERTCON 1 Projected: AlertCon 1 ******************************************** ALERTCON 1 - We are at AlertCon 1, the usual unregulated chaos on the Internet. Vulnerabilities: Okay folks, a busy day in the realm of continuous patching. Microsoft and Cisco have released patches for several vulnerabilities. We rate these risks as high if not patched. See recommendations below for further information and clarification. As always, we maintain a list of current vulnerabilities as note below. VIRUSES/WORMS: W97/Dest-J is a Word macro virus that infects Microsoft Word documents and the global NORMAL.DOT template file. The virus does not have a payload. ******************************************** RECOMMENDATIONS ******************************************** For the Microsoft vulnerability and patch: <http://www.microsoft.com/technet/treeview/default .asp?url=/technet/security/bulletin/MS02-023.asp> For the Cisco advisories, please refer to: http://www.cisco.com/warp/public/707/css-http-post - -pub.shtml and, <http://www.cisco.com/warp/public/707/transparentc ache-tcp-relay-vuln-pub.shtml> For a list of current vulnerabilities, please see: https://gtoc.iss.net/vulnerabilities.php For information on the W97/Dest-J, please refer to: http://www.sophos.com/virusinfo/analyses/w97destj. html Information regarding viruses and worms please see: https://gtoc.iss.net/viruses.php ******************************************** FACTOID: Gartner estimates that by 2005, one in five enterprises will experience a serious attack that results in a material loss for the company. Repairing that damage will exceed the cost of prevention measures by 50 percent-not to mention the damage done to the reputation of the victim. A startling 90 percent of these attacks will exploit known security flaws for which a patch is already available, a statistic that illustrates a serious lack of awareness of the problems, according to Mogull. The analyst says companies often wait too long to install patches on their systems or have difficulty adding patches because of testing procedures required in their computing environments. http://www2.cio.com/metrics/2002/metric364.html ******************************************** ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total ******************************************** Protocol Decode 48.38% Unauthorized Access Attempt 21.05% Suspicious Activity 17.65% Denial Of Service 08.77% Pre-Attack Probe 04.11% Back Door 00.04% ******************************************** TOP TEN ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ten (ports found at) http://www.neohapsis.com/neolabs/neo-ports/neo-por ts.html ******************************************** 80 (http) 74.60% 161 (SNMP) 11.84% 25 (smtp) 06.92% 69 (tftp) 02.27% 162 (SNMPTrap) 01.10% 1500 (ADSM/TSM) 01.09% 139 (NetBIOS) 00.77% 21 (ftp) 00.66% 5190 (AIM) 00.38% 23 (telnet) 00.36% ******************************************** BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER ******************************************** Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2002 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Threat Update electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. You can download the public key from MIT's PGP key server and PGP.com's key server. Patrick Gray Manager, X-Force Internet Threat Intelligence Center Internet Security Systems 6303 Barfield Road Atlanta, GA 30328 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPOPMFpG41ROSQPncEQKRRACgqwPcCn1RIQhUczb3WT39SZW/vH8Anj1V LckfZRsTBq8/DznyogVWeb+u =POHY -----END PGP SIGNATURE-----
