TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

INTERNET RISK UPDATE for 06-21-2002
ISS X-Force Internet Threat Intelligence Center

www.iss.net - Click on the AlertCon logo for more information.

********************************************
ALERTCON 3
Projected: AlertCon 3
********************************************

ALERTCON 3 - We are at AlertCon 3.
 
VULNERABILITIES:

Apache Remote Compromise: X-Force has verified that this issue is
exploitable on Apache HTTP Server for Windows (Win32) version 1.3.24
as well as Apache HTTP Server version 1.3.24 for OpenBSD. It has been
reported that exploit code has been developed for the following
operating systems and platforms: Sun Solaris 6-8 (sparc/x86); FreeBSD
4.3-4.5 (x86); OpenBSD 2.6-3.1 (x86); and Linux (GNU) 2.4 (x86).
These vulnerabilities may lead to modified Web content, denial of
service, or further compromise. Apache accounts for over 63% of all
active Web sites.

VIRUSES/WORMS:

W97M_AYAM.A - This nondestructive macro virus arrives in an email
with details as follows:

Subject: Hi man, it's %user name%
Message Body: This is the new net Story
It's great
Attachment: Maya.doc

********************************************
RECOMMENDATIONS
********************************************

Apache: The X-Force has released an advisory with patching
instructions for the default setting of the Apache HTTP Server. This
advisory requires immediate action on behalf of all system users with
Apache HTTP Server. See Apache for additional details.
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=2052
4

For a list of current vulnerabilities, please see:
https://gtoc.iss.net/vulnerabilities.php

For information on the current Virus/Worm of the day, please refer
to:
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=W97M_
AYAM.A>

Information regarding other viruses and worms please see:
https://gtoc.iss.net/viruses.php

********************************************

FACTOID: According to the BBC, tensions in Kashmir are mirrored on
the Internet. There is mounting evidence that individual hacker
groups connected by a pro-Islamic agenda are working together to
carry out
hack attacks, say experts. An alliance of anti-Israel, anti-US and
anti-India groups are increasingly highlighting issues such
as the Middle East conflict, the war on terrorism and the Kashmir
stand-off as part of their destructive digital attacks.

********************************************
ATTACK SIGNATURE RANKING - global IDS, midnight - midnight, previous
Day, % of total
********************************************

Protocol Decode 51.48%
Suspicious Activity 16.18%
Unauthorized Access Attempt 15.07%
Denial Of Service 08.76%
Pre-Attack Probe 08.49%
Back Door 00.02%
        
********************************************
TOP ATTACK DESTINATION PORTS - global IDS, midnight - midnight,
previous day, % of top ports (ports found at)
http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html
********************************************

80 (http) 68.16%
25 (smtp) 08.10%
161 (SNMP) 06.01%
21 (ftp) 04.76%
23 (telnet) 03.95%
500 (isakmp) 03.10%
139 (NetBIOS) 02.28%
69 (tftp) 01.47%
1433 (SQL) 01.22%
162 (SNMPTrap) 00.95%

********************************************
BACKGROUND, COPYRIGHT NOTICE, and DISCLAIMER
********************************************

Background. We provide this information in the spirit of PDD 63 to
help security professionals wage the war against Internet threats
more effectively. Information in this update derived primarily from
global, real time, 24 x 7 IDS feeds, ISS X-Force R&D Team research,
and professional liaison. Other sources as noted. AlertCon 1 reflects
the global, malicious, determined, 24 x 7 attacks experienced by all
networks. AlertCon 2 means increased vigilance/action recommended due
to a specific threat or concern. AlertCon 3 means increased attacks
against specific targets or vulnerabilities on a scale that is
unusually high, action required. AlertCon 4 reflects an Internet
emergency for a target or group of targets whose business continuity
may depend on some sort of immediate, decisive action. All summaries
cover 24 hours the previous workday, GMT. Monday summaries may cover
some weekend activity.

Copyright 2002 Internet Security Systems, Inc. Permission is granted
for the redistribution of the Internet Risk electronically.
It is not to be sold or edited in any way without express consent of
ISS. Refer comments or questions to: pgrayiss.net or dtreeceiss.net

Disclaimer: This information is subject to change without notice. Use
of this information constitutes acceptance for use in an 'as is'
condition. There are no warranties with regard to this information.
In no event shall the author be liable for any damages whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information is at the user's own risk.
No other use authorized. FOIA Exemption 4.

Patrick Gray
Manager, X-Force
Internet Threat Intelligence Center
Internet Security Systems
6303 Barfield Road
Atlanta, GA 30328

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA/AwUBPRNK35G41ROSQPncEQIFAgCgi3adamHRx64ELrzizL/F/EDSfGQAoMKc
i8jpM2pw+8bqNjS7E0S+avZQ
=MnqY
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]