New Vulnerabilities Discovered in Microsoft IIS Server
Microsoft released a Security Bulletin on April 10, 2002 detailing new cumulative patches intended to fix ten new remote vulnerabilities recently discovered in its IIS web server versions 4.0, 5.0, and 5.1. These vulnerabilities vary in severity from mild to critical.
According to a report released by X-Force, a remote attacker may exploit one or more of these vulnerabilities to cause a target Web server to crash, execute arbitrary commands on the server, or gain complete control of a target IIS server.
It is recommended that all affected IIS customers apply the following Microsoft supplied patches immediately:
In a recent action a U.S. District Court shut down an operation that used deceptive messages and appeals
to patriotism to sell fake ".usa" domain addresses. According to the FTC, the bogus businesses sold domain names ending with ".usa ." The domains were sold through aggressive spam campaigns arriving via email with the subject line, "Be Patriotic! Register .USA Domains."
While this operation may have been shut down, variants on the domain name scams continue. We recently discovered that a group known as the Domain Support Group, operating out of NYC, is sending thousands of official looking faxes warning "URGENT NOTICE OF DOMAIN EXTENSION". This particular scam is quite deceptive, since the domain in question is similar to a domain name that you may have already registered, except that the extension is ".info" or ".net" or some other variation that is currently unregistered.
The fax contains detailed information about your company, including an official looking account number that is deceptively meant to appear as if you have a relationship with the company. If you call the number they have what sounds like a high volume call center, "boiler room", operating in the background. Operators attempt to complete a sales pitch to register the domain for 5 or 10 year period. Be on the lookout for this latest variation of Domain Name registration scam.
Denial of Service Attacks on the Rise
The CERT Coordination Center released a recent report on the current trends detailing the techniques and tools used to purport Internet attacks. Banks and other organizations whose businesses increasingly depend on the Internet face significant challenges in ensuring that their networks continue to operate safely and that their systems continue to provide critical services even in the face of an attack.
Distributed Denial of Service attacks are significantly on the rise. Other trends noted were an increase in:
Automation of the attack tools resulting in an increased speed of attack
Sophistication of the attack tools
Permeability of firewalls thereby making sites more vulnerable to an attack
CERT provides the following tips to help prevent a DOS attack:
Regularly review publicly available information on recent security vulnerabilities and incidents. It helps in configuring and updating your public Web server against new forms of attacks.
Regularly update your DOS detection tools to discover new patterns or events (resulting from new or updated attacks taking advantage of new vulnerabilities).
Update firewall-filtering mechanisms to deny new attacks.
Temporarily disable specific services that might be vulnerable.
Augment your alerting procedures.
Work with your Internet service provider to understand what precautions have been taken to guard against DOS attacks.
Get a configuration that uses multiple connections built from different network backbones. This will help switch public Web servers to another connection in the event of a DDOS attack.
Previous Tech Alerts: 04/09/02 New Virus Hoax Circulating Around Net 03/22/02 MyLife.B Virus Makes Its Way Around the Net 03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability 03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild 03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site 03/06/02 Klez-E Worm and W32.Gibe Virus Warnings 03/01/02 CERT Issues Warning on PHP Scripting Language Flaw 02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw 02/22/02 SNMP Patches and Detection Tools Available 02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm 02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings 02/13/02 SNMP VULNERABILITY 02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks 02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000 01/31/02 Copycat Virus Unleashed 01/30/02 Netscape Browser Vulnerable to Cookie Theft 01/28/02 "My Party" Mass Mailing Worm 01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability 01/15/02 Trojan.StartPage Alters Web Browsers 01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability 12/20/01 Holiday Themed Computer Virus Unleashed
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.