-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Wednesday, December 18, 2002 8:37 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 12/18/02 December 17, CERT/CC W32/Lioten. The CERT/CC has received reports of increased scanning destined to port 445/tcp. Several reports have indicated that this is evidence of propagation of a worm known as W32/Lioten. Systems involved in this activity have been discovered to contain an artifact named Iraqi_oil.exe. At this time, it appears that it may affect at least Windows 2000 and Windows XP systems. For more information, please see CERT Incident Note IN-2002-06, which is available at http://www.cert.org/incident_notes/IN-2002-06.html. The CERT/CC is interested in receiving reports of this activity. If you experience such activity or have more information, please send mail to cert@private with the following text included in the subject line: "[CERT#38858]". Source: http://www.cert.org/current/current_activity.html#W32Lioten December 17, InfoWorld Macromedia patches security hole in Flash software. A security vulnerability in the widely used Macromedia Flash player can allow an attacker to gain control over a user's PC, eEye Digital Security warned Monday. A specially formatted Flash file can cause a header overflow in the Flash software, potentially giving an attacker control over a PC, eEye said in a security advisory. Exploiting an overflow flaw generally allows attackers to load malicious code onto a victim's system and to run that code. The vulnerability is serious because Flash is widely used on various operating systems and because vulnerable versions of the software are delivered as part of many software packages, said eEye. Affected are all versions of the Macromedia Flash Player prior to Version 6.0.65.0, which was released late last week to fix the issue, Macromedia said. All users are advised to upgrade to the new version. The eEye advisory is available at http://www.eeye.com/html/Research/Advisories/AD20021216.html Source: http://www.infoworld.com/articles/hn/xml/02/12/17/021217hnmacromedia.xml ?121 7tuam December 16, Newsfactor Network Microsoft changes its flaw severity rating system. Last month, when a gaping security hole was found in Internet Explorer that could allow a hacker to take control of a user's hard drive, Microsoft initially labeled the flaw's severity "moderate." Soon afterward, Microsoft's "moderate" rating decision came under attack by the tech community, led by postings to the Bugtraq mailing list. On December 6th, Microsoft issued a follow-up patch to the original fix, this time listing the flaw as "critical." Just last month, Microsoft altered the way it rates security threats by adding an "important" rating between "moderate" and "critical." According to this new system, the IE bugs in question initially rated lower on the severity scale than they would have a month earlier. Such ratings are often decisive factors in determining whether -- and when -- an organization chooses to implement a patch, according to Julie Giera of Giga Information Group. When making a severity rating, "the vendor usually looks at the severity of the problem and the size of the customer audience that it would affect," she said. For smaller organizations, the rating may be one of the only factors used to distinguish between patches that must be deployed and others that need not be. Although they consume an IT department's time and resources to test and deploy, patches are among the best responses to threats. A recent Gartner study shows that through 2005, 90 percent of all cyberattacks will involve known vulnerabilities for which a patch or solution already exists. Source. http://www.newsfactor.com/perl/story/20251.html Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 53 (domain); 139 (netbios-ssn) 445(microsoft-ds); 27374 (asp); 135; 4662; 21 (ftp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 21:49:40 PST