TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Internet Threats and Solutions Update for November 26-27th, 2001
ISS X-Force Special Operations Group, Atlanta

*************************************************
AlertCon 2
*************************************************

- - - We have increased our threat assessment to AlertCon 2 based upon
the fast propagation of the Virus W32/Badtrans.B. This virus is
deemed a "High Risk" for consumers. W32/Badtrans.B is a mass mailing
worm that drops a remote-access Trojan. The virus arrives via the
Microsoft Outlook email program and attempts to send itself by
replying to unread email messages. The email may contain the text,
"Take a look at the attachment" in the message body and will contain
an attachment that is 13,312 bytes in size. The attachment name is
created in three sections, e.g., card.doc.pif.

- - -------------------------------------------------
SOLUTIONS
- - -------------------------------------------------

- - - The solution to the virus problem is first to keep your AV
software
up to date. Beyond that, it is also a good idea to disable the more
exotic file extensions on clients where they are not used. Filtering
for extensions .scr and .pif will also provide a defense against this
virus.

- - -------------------------------------------------
BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER
- - -------------------------------------------------

Background. We provide this information in the spirit of PDD 63 to
help security professionals wage the war against Internet threats
more
effectively. Information in this update derived primarily from
global,
real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research, and
professional liaison. Other sources as noted. AlertCon 1 reflects the
global, malicious, determined, 24 x 7 attacks experienced by all
networks. AlertCon 2 means increased vigilance/action recommended due
to a specific threat or concern. AlertCon 3 means increased attacks
against specific targets or vulnerabilities on a scale that is
unusually high, action required. AlertCon 4 reflects an Internet
emergency for a target or group of targets whose business continuity
may depend on some sort of immediate, decisive action. All summaries
cover 24 hours the previous workday, GMT. Monday summaries may cover
some weekend activity.

Copyright 2001 Internet Security Systems, Inc. Permission is granted
for the redistribution of the Internet Threat Update electronically.
It is not to be sold or edited in any way without express consent of
ISS. Refer comments or questions to: pgrayiss.net
<mailto:pgrayiss.net>
or dtreeceiss.net <mailto:dtreeceiss.net>

Disclaimer: This information is subject to change without notice. Use
of this information constitutes acceptance for use in an 'as is'
condition. There are no warranties with regard to this information.
In
no event shall the author be liable for any damages whatsoever
arising
out of or in connection with the use or spread of this information.
Any use of this information is at the user's own risk. No other use
authorized. FOIA Exemption 4.

Patrick Gray
Manager,
Internet Threat Intelligence Center
Global MSS Special Operations Group
Internet Security Systems (ISS)
6303 Barfield Road
Atlanta, Georgia 30328

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBPALa1pG41ROSQPncEQKodACghIuI7QeciVYw70TlLzH+KRoeauYAoPVr
lp/v1YpAH6ycSaV89XbjD6LR
=omWG
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]