Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: More SoBig comments, and Whack-A-Scam, Ultr@VNC Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More SoBig comments, and Whack-A-Scam, Ultr@VNC Vulnerability
Alex Shipp of Message Labs email further comments on the SoBig.F

resurrection. Alex pointed out that their statistics show no overall

increase in SoBig.F emails - instead, just normal fluctuation in the daily

It's been pointed out that while the trojan-loaded website EV1.NET has

been shut down, in typical whack-a-mole fashion, a new one has already

popped up at If you happen to see any more of these pop up,

it's probably worth mentioning them.
Ultr@VNC[1] is a VNC variation for administrating Windows based platforms

remotely. It supports Windows logins and access rights - however, today

Secure Network Operations released a new security escalation example (you

have to already be logged into VNC) and Ultr@VNC has not been patched yet

to fix the problem. A quick fix (via commenting out some lines and

recompiling) was mentioned in the release on BugTraq.
(Mentioned because I know a number of Windows admins who make use of some

of the VNC variants for remote server configuration. Since it's unknown

when the patch will be released at this time, )
Handler On Duty, Davis Ray Sickmon, Jr

Midnight Ryder Technologies (

10 Posts
Jan 18th 2004

Sign Up for Free or Log In to start participating in the conversation!