Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-09-12 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Larger Power Outage in Los Angeles

Published: 2005-09-12
Last Updated: 2005-09-12 22:42:19 UTC
by Johannes Ullrich (Version: 3)
0 comment(s)
Large parts of Los Angeles are currently without power. The outage started about 1pm PST (4pm EST, 8pm UTC).
Dreamhost, a larger colocation provider, is currently down as a result of the power outage.
The power outage was caused by a utility working cutting a cable by mistake. At this time (3:30pm PST, 6:30pm EST, 10:30pm UTC),  most of the power has been restored.

LA Times Story
Dreamhost Network Status
Keywords:
0 comment(s)

New Beagle variant

Published: 2005-09-12
Last Updated: 2005-09-12 21:56:33 UTC
by Kevin Hong (Version: 3)
0 comment(s)
We've received several emails from our readers regarding the new variant beagle. It looks like the new variant bagle is in the wild. Here are little more information. if you have any other new variant, pleae let us know.

Subject : No Subject
Contents : new price or price
Attached file : new_price.zip (12490) or price.zip (12498)
                    new_price.zip : c3954e35d8b9b3a63d42c5718ed1624d
                    price.zip : c16ddcef3b01f1ec46750f7a1991ee91
                    More file names :  (new_prize.zip, price2.zip, newprice.zip, proce_09.zip).
Inside of zip file : 1.cpl (14340) or price.cpl (14340)
                        1.cpl (4fb426de872ee9b20c3312fae3adf018)
                         price.cpl (951053055f16d331a42475c209803430)

A few AV scanners detect it using various lables for it:
AntiVir	6.31.1.0	09.12.2005	DR/Bagle.P
Avast 4.6.695.0 09.12.2005 Win32:Beagle-DP
AVG 718 09.12.2005 I-Worm/Bagle.EP
Avira 6.31.1.0 09.12.2005 DR/Bagle.P
CAT-QuickHeal 8.00 09.12.2005 I-Worm.Bagle.cs
ClamAV devel-20050725 09.12.2005 Worm.Bagle.BB-gen
DrWeb 4.32b 09.12.2005 Win32.HLLM.Beagle.18848
F-Prot 3.16c 09.12.2005 security risk named W32/Mitglieder.FB
Kaspersky 4.0.2.24 09.12.2005 Email-Worm.Win32.Bagle.cs
Norman 5.70.10 09.12.2005 W32/Bagle.CS
Panda 8.02.00 09.12.2005 W32/Bagle.EI.worm
Sophos 3.97.0 09.12.2005 Troj/Dropper-BB
TheHacker 5.8.2.104 09.12.2005 W32/Bagle.cs
(excerpt from results provided by Virustotal.com)


Kevin Hong  - khong at kisa.or.kr
Handler on Duty
Keywords:
0 comment(s)

Firefox 1.5 beta 1 released

Published: 2005-09-12
Last Updated: 2005-09-12 15:14:44 UTC
by Tony Carothers (Version: 3)
0 comment(s)
You can get from here :  FireFox 1.5 Beta 1

One of our readers, Matthew, submitted that there is a new version of Firefox available for download.  The latest version of the Firefox web browser, 1.5, is out in beta 1.  After personally installing it earlier today I have found it be incredibly stable and feature rich.  According to Mozilla, Firefox 1.5 beta 1 is still vulnerable to the IDN buffer overflow vulnerability published on Sep. 8th.  It is highly recommended that all users take the steps indicated in the link below to secure against this vulnerability.

Patch information
https://addons.mozilla.org/messages/307259.html


Tony Carothers
Handler on Duty

Keywords:
0 comment(s)
Diary Archives