Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Back to green, but the exploits are still running wild - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Back to green, but the exploits are still running wild
Folks, as is our policy here at the Internet Storm Center, once we feel we've raised awareness of an issue by raising infocon to yellow, we move it back to green (otherwise, with the constant release of exploits of unpatched vulnerabilities, infocon would stay at a heightened level and become as meaningless as the DHS terrorist threat level).  Normally, we do this after 24 hours, but in this case, since we didn't raise infocon until Saturday, we felt we should wait until most folks had made it back to work on Monday before going back.  That doesn't mean that there is no more risk.  Quite to the contrary, until the vulnerabilities are patched, the risk remains high because we know there are many variants of the exploit in the wild as I type this.  There were even Metasploit modules released over the weekend, so it doesn't take much talent at this point to create a new exploit.  However, we feel that things have leveled off somewhat.  We've published pointers to the workarounds in Saturday's story, so there isn't much more that we can do at this point other than remain vigilant. I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Oct 2nd 2006

Sign Up for Free or Log In to start participating in the conversation!