Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network

   

















    Site Map

    Our Sponsors

    Home


















April 11, 2002

Print Friendly! Email This Article! Discuss NOW!



Safe Computing Guide
NIST Virus Info
Top Threat List
McAfee Anti-Virus
F-Secure
Trend Micro
Wells' Wild List
Stiller Research
Tracking Map
Virus News
Virus Myths/Hoaxes


New Vulnerabilities Discovered in Microsoft IIS Server

Microsoft released a Security Bulletin on April 10, 2002 detailing new cumulative patches intended to fix ten new remote vulnerabilities recently discovered in its IIS web server versions 4.0, 5.0, and 5.1. These vulnerabilities vary in severity from mild to critical.

According to a report released by X-Force, a remote attacker may exploit one or more of these vulnerabilities to cause a target Web server to crash, execute arbitrary commands on the server, or gain complete control of a target IIS server.

It is recommended that all affected IIS customers apply the following Microsoft supplied patches immediately:

More Twists on Domain Name Scams

In a recent action a U.S. District Court shut down an operation that used deceptive messages and appeals to patriotism to sell fake ".usa" domain addresses. According to the FTC, the bogus businesses sold domain names ending with ".usa ." The domains were sold through aggressive spam campaigns arriving via email with the subject line, "Be Patriotic! Register .USA Domains."

While this operation may have been shut down, variants on the domain name scams continue. We recently discovered that a group known as the Domain Support Group, operating out of NYC, is sending thousands of official looking faxes warning "URGENT NOTICE OF DOMAIN EXTENSION". This particular scam is quite deceptive, since the domain in question is similar to a domain name that you may have already registered, except that the extension is ".info" or ".net" or some other variation that is currently unregistered.

The fax contains detailed information about your company, including an official looking account number that is deceptively meant to appear as if you have a relationship with the company. If you call the number they have what sounds like a high volume call center, "boiler room", operating in the background. Operators attempt to complete a sales pitch to register the domain for 5 or 10 year period. Be on the lookout for this latest variation of Domain Name registration scam.

Denial of Service Attacks on the Rise

The CERT Coordination Center released a recent report on the current trends detailing the techniques and tools used to purport Internet attacks. Banks and other organizations whose businesses increasingly depend on the Internet face significant challenges in ensuring that their networks continue to operate safely and that their systems continue to provide critical services even in the face of an attack.

Distributed Denial of Service attacks are significantly on the rise. Other trends noted were an increase in:
  • Automation of the attack tools resulting in an increased speed of attack
  • Sophistication of the attack tools
  • Permeability of firewalls thereby making sites more vulnerable to an attack
CERT provides the following tips to help prevent a DOS attack:
  • Regularly review publicly available information on recent security vulnerabilities and incidents. It helps in configuring and updating your public Web server against new forms of attacks.
  • Regularly update your DOS detection tools to discover new patterns or events (resulting from new or updated attacks taking advantage of new vulnerabilities).
  • Update firewall-filtering mechanisms to deny new attacks.
  • Temporarily disable specific services that might be vulnerable.
  • Augment your alerting procedures.
  • Work with your Internet service provider to understand what precautions have been taken to guard against DOS attacks.
  • Get a configuration that uses multiple connections built from different network backbones. This will help switch public Web servers to another connection in the event of a DDOS attack.



Previous Tech Alerts:
04/09/02 New Virus Hoax Circulating Around Net
03/22/02 MyLife.B Virus Makes Its Way Around the Net
03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed




Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.