Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PHP Worm, Winace exploit, new toys

Published: 2005-02-23
Last Updated: 2005-02-24 02:02:33 UTC
by Michael Haisley (Version: 1)
0 comment(s)

PHP Worm spreading


We have received reports that yet another variant of the phpworm has started to spread, from the beginning analysis it appears that current antivirus vendors do not recognize this variant. Note that we have not received many reports of this worm spreading.

Canada's Security Report Card has been released



The best summary is a direct quote from the report. "two and a half years after revising its Government Security Policy, the government has much work to do to translate its policies and standards into consistent, cost-effective practices that will result in a more secure IT environment in departments and agencies."

http://www.oag-bvg.gc.ca/domino/reports.nsf/html/20050201ce.html

The folks over at k-otik released an advisory on a buffer overflow issue, which could allow arbitrary code execution.



http://www.k-otik.com/english/advisories/2005/0199
http://lists.freebsd.org/pipermail/cvs-all/2005-February/107553.html

Sysinternals has released a new utility which detects windows based root kits.


Its functions by looking for Registry and file system API discrepancies that may indicate the presence of a root kit.

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
Keywords:
0 comment(s)
Diary Archives