CRIME RE: NASCIO - Security - AlertCon 3 for ISS and the IT-ISAC

From: George Heuston (GeorgeH@private)
Date: Mon Aug 11 2003 - 17:14:37 PDT

  • Next message: Crispin Cowan: "Re: CRIME XP Home edition"

    Thanks Raj!  I'll post to CRIME in any event.
    
    Geo
    
    -----Original Message-----
    From: RAMAKRISHNAN Ranjit * DAS IRMD
    [mailto:Ranjit.Ramakrishnan@private] 
    Sent: Monday, August 11, 2003 2:53 PM
    To: George Heuston
    Subject: FW: NASCIO - Security - AlertCon 3 for ISS and the IT-ISAC
    
    May already be aware of this ISS alert.
    
    Ranjit Ramakrishnan, CISSP
    State CISO
    Information Resources Management Division
    ranjit.ramakrishnan@private
    Ph: (503) 378 4127
    Fx: (503) 378 3795
    
    
    -----Original Message-----
    From: Allor, Peter (ISS Atlanta) [mailto:PAllor@private] 
    Sent: Monday, August 11, 2003 2:22 PM
    To: security@private
    Subject: NASCIO - Security - AlertCon 3 for ISS and the IT-ISAC
    
    
    ATTN: NASCIO Security listserv members
    -----------
     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    We have raised the AlertCon to 3. The worm known as "MS BLAST", which is
    consistent with characteristics of an RPC DCOM worm, is actively
    propagating
    across the Internet. Our analysts have observed an average of 100 hits
    per
    second. Furthermore, Microsoft is currently under a DDoS (Distributed
    Denial
    of Service attack). This specimen scans in a sequential fashion for
    machines
    with open port 135, uses multiple TFTP servers to pull the binary and
    adds a
    registry key to initiate itself upon reboot. Our analysts are observing
    increased scanning efforts on port 135 at this time. For further
    details,
    please review the X-Force Alert
    <http://xforce.iss.net/xforce/alerts/id/147>
    
    
    Regards,
    
    Peter 
    
    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2
    
    iQA/AwUBPzgI/P1TrpsA3RjTEQI/5ACgjf5mI9xEoxAVwzzWmZqvep0JZL0An2UT
    GptmCOpouKhu9akJ1iAceuxO
    =8MH1
    -----END PGP SIGNATURE-----
    
    -----------
    1) To manage any aspect of your list membership, please visit
    http://listserv.transdig.com:81/guest/RemoteListSummary/nasciosecurity
    2) To request an up-to-date roster of listserv subscribers send a new
    message to "security-request@private" with the word "who" in the body
    of
    the message.
    
    
    



    This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 18:02:53 PDT