Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Be on the Lookout for PHP compromises; Will New Anti-Spam Protocols Work?; Internet Survival Time by Sophos; phpBB: anti santy worm again ? - SANS Internet Storm Center

SANS Site Network

Current Site

SANS Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Log In or Sign Up for Free!

Be on the Lookout for PHP compromises; Will New Anti-Spam Protocols Work?; Internet Survival Time by Sophos; phpBB: anti santy worm again ?
Late edition (Kyle Haugsness on duty): Team Effort Today Today's shift was really a team effort. Thanks to Swa, Lorna, Deb, and Scott for covering different hours of the day. -Kyle Be on the Lookout for PHP compromises This is a call to all the network and system security folks out there... Please be on the lookout for web-based intrusions happening in your environments. There have recently been major vulnerabilities discovered in phpBB and the XML_RPC libraries, which we have reported in the last two days. It's very likely that these vulnerabilities will be utilized to compromise systems. Try to be vigilant about securing your environment and reviewing your IDS alerts for attacks. Will New Anti-Spam Protocols Work? Not to be negative or anything... But it appears that the SPF (Sender Policy Framework) and Sender-ID anti-spam approaches have been approved as "experimental drafts" by IETF. So there is a new poll on the right with my question. How long before the spammers defeat these methods? Here are the relevant links: SPF: http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt SPF status: https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12662&rfc_flag=0 Sender-ID: http://www.ietf.org/internet-drafts/draft-lyon-senderid-core-01.txt Sender-ID status: https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=12542&rfc_flag=0 Internet Survival Time by Sophos Anti-virus company Sophos published their own statistic regarding "internet survival time". Their number was 12 minutes. The survival time currently reported by dshield.org is 31 minutes. Their story also has some interesting statistics on the number of viruses in the first half of 2005 compared to last year. But don't let it spoil your weekend. If you are in the security field professionally, just think of it as job security. http://www.sophos.com/pressoffice/pressrel/uk/midyearroundup2005.html Early edition See also the phpBB: anti santi worm resurrection? With the release of the latest phpBB patch, we are seeing a reappearance of what looks like anti santi worm scanning for vulnerable hosts. If you have been broken into using this method in the recent days we'd love to have a look at the dropped files to see it this is still the anti santy worm or something using the same scanning engine. (Swa Frantzen on early duty)	Handlers 76 Posts Jul 1st 2005
Thread locked Subscribe	Jul 1st 2005 1 decade ago

Sign Up for Free or Log In to start participating in the conversation!