TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
INTERNET RISK UPDATE for 06-25-2002 ISS X-Force Internet Threat Intelligence Center www.iss.net - Click on the AlertCon logo for more information. ******************************************** ALERTCON 3 Projected: AlertCon 2 ******************************************** ALERTCON 3 - Reflects focused attacks. Internet attacks have been noted against specific vulnerabilities or inherent information system weaknesses. Immediate defensive action is required. VULNERABILITIES: Apache Remote Compromise: X-Force has verified that this issue is exploitable on Apache HTTP Server for Windows (Win32) version 1.3.24 as well as Apache HTTP Server version 1.3.24 for OpenBSD. It has been reported that exploit code has been developed for the following operating systems and platforms: Sun Solaris 6-8 (sparc/x86), FreeBSD 4.3-4.5 (x86), OpenBSD 2.6-3.1 (x86), and Linux (GNU) 2.4 (x86). These vulnerabilities may lead to modification of Web content, denial of service, or further compromise. Apache accounts for over 63% of all active Web sites. VIRUSES/WORMS: WORM_GUBED.A: This mass-mailing worm propagates via Microsoft Outlook. It arrives as an attachment in an email message with the following details: Subject: Congratulations for your site Message Body: Congratulations for your site This is a good tool to improve it. Best Regards. Attachment: WebMakeFullInstall ******************************************** RECOMMENDATIONS ******************************************** Apache: The X-Force has released an advisory with patching instructions for the default setting of the Apache HTTP Server. This advisory requires immediate action on behalf of all system users with Apache HTTP Server. See Apache for additional details. http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20524 The NIPC issued an updated advisory to highlight the significance of the Apache vulnerability that can be viewed at: http://www.nipc.gov/warnings/advisories/2002/02-005.1.htm For a list of current vulnerabilities, please see: https://gtoc.iss.net/vulnerabilities.php For information on the current Virus/Worm of the day, please refer to: <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GUBED. A> Information regarding other viruses and worms please see: https://gtoc.iss.net/viruses.php ******************************************** ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous Day, % of total ******************************************** Protocol Decode 37.78% Unauthorized Access Attempt 26.92% Suspicious Activity 14.19% Pre-Attack Probe 11.30% Denial Of Service 09.72% Back Door 00.09% ******************************************** TOP ATTACK DESTINATION PORTS - global IDS, midnight - midnight, previous day, % of top ports (ports found at) http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html ******************************************** 80 (http) 67.18% 23 (telnet) 07.33% 25 (smtp) 07.07% 22 (ssh) 05.81% 161 (SNMP) 03.36% 69 (tftp) 03.35% 21 (ftp) 02.80% 162 (SNMPTrap) 01.65% 515 (printer) 00.73% 143 (imap) 00.72% ******************************************** BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER ******************************************** Background. We provide this information in the spirit of PDD 63 to help security professionals wage the war against Internet threats more effectively. Information in this update derived primarily from global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and professional liaison. Other sources as noted. AlertCon 1 reflects the global, malicious, determined, 24 x 7 attacks experienced by all networks. AlertCon 2 means increased vigilance/action recommended due to a specific threat or concern. AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, action required. AlertCon 4 reflects an Internet emergency for a target or group of targets whose business continuity may depend on some sort of immediate, decisive action. All summaries cover 24 hours the previous workday, GMT. Monday summaries may cover some weekend activity. Copyright 2002 Internet Security Systems, Inc. Permission is granted for the redistribution of the Internet Risk electronically. It is not to be sold or edited in any way without express consent of ISS. Refer comments or questions to: [EMAIL PROTECTED] or [EMAIL PROTECTED] Disclaimer: This information is subject to change without notice. Use of this information constitutes acceptance for use in an 'as is' condition. There are no warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. No other use authorized. FOIA Exemption 4. Patrick Gray Manager, X-Force Internet Threat Intelligence Center Internet | Security | Systems The Power to Protect www.iss.net
