Tech Alert Briefing for 4/11/2002
New Vulnerabilities Discovered in Microsoft IIS Server
Microsoft released a Security Bulletin on April 10, 2002 detailing new cumulative patches intended to fixten new remote vulnerabilities recently discovered in its IIS web server versions 4.0, 5.0, and 5.1. These vulnerabilities vary in severity from mild to critical.
According to a report released by X-Force, a remote attacker may exploit one or more of these vulnerabilities to cause a target Web server to crash, execute arbitrary commands on the server, or gain complete control of a target IIS server.
It is recommended that all affected IIS customers apply the following Microsoft supplied patches immediately:
- Microsoft IIS 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37931
- Microsoft IIS 5.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37824
- Microsoft IIS 5.1: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37857
More Twists on Domain Name Scams
In a recent action a U.S. District Court shut down an operation that used deceptive messages and appealsto patriotism to sell fake ".usa" domain addresses. According to the FTC, the bogus businesses sold domain names ending with".usa ." The domains were sold through aggressive spam campaigns arriving via email with the subject line, "Be Patriotic! Register .USA Domains."
While this operation may have been shut down, variants on the domain name scams continue.We recently discovered that a group known as the Domain Support Group, operating out of NYC, is sending thousands of official looking faxes warning"URGENT NOTICE OF DOMAIN EXTENSION".This particular scam is quite deceptive, since the domain in question is similar to a domain name that you may have already registered, except that the extension is ".info" or ".net" or some other variation that is currently unregistered.
The fax contains detailed information about your company, including an official looking account number that is deceptively meant to appear as if you have a relationship with the company.If you call the number they have what sounds like ahigh volume call center, "boiler room", operating in the background.Operators attempt to complete a sales pitch to register the domain for 5 or 10 year period.Be on the lookout for this latest variation of Domain Name registration scam.
Denial of Service Attacks on the Rise
The CERT Coordination Center released a recent report on the current trends detailing the techniques and tools used to purport Internet attacks.Banks and other organizations whose businesses increasingly depend on the Internet face significant challenges in ensuring that their networks continue to operate safely and that their systems continue to provide critical services even in the face of an attack.
Distributed Denial of Service attacks are significantly on the rise. Other trends noted were an increase in:
- Automation of the attack tools resulting in an increased speed of attack
- Sophistication of the attack tools
- Permeability of firewalls thereby making sites more vulnerable to an attack
CERT provides the following tips to help prevent a DOS attack:
- Regularly review publicly available information on recent security vulnerabilities and incidents. It helps in configuring and updating your public Web server against new forms of attacks.
- Regularly update your DOS detection tools to discover new patterns or events (resulting from new or updated attacks taking advantage of new vulnerabilities).
- Update firewall-filtering mechanisms to deny new attacks.
- Temporarily disable specific services that might be vulnerable.
- Augment your alerting procedures.
- Work with your Internet service provider to understand what precautions have been taken to guard against DOS attacks.
- Get a configuration that uses multiple connections built from different network backbones. This will help switch public Web servers to another connection in the event of a DDOS attack.
Previous Tech Alerts:
04/09/02 New Virus Hoax Circulating Around Net
03/22/02 MyLife.B Virus Makes Its Way Around the Net
03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed
- Work with your Internet service provider to understand what precautions have been taken to guard against DOS attacks.
- Augment your alerting procedures.
- Temporarily disable specific services that might be vulnerable.
- Update firewall-filtering mechanisms to deny new attacks.
- Regularly update your DOS detection tools to discover new patterns or events (resulting from new or updated attacks taking advantage of new vulnerabilities).
print
share