SkypePaul wrote about his firewall dropping a "huge amount" of packets after Skype was installed on a host behind the firewall. He suspected a backdoored version. Skype, a very popular Voice over IP (VoIP) application, does show this behavior as a result of its normal operation. As explained here http://www.skype.com/products/explained.html , Skype is a Peer to Peer application very much like Napster and others. In order to relay the voice data, it establishes connections with numerous peers, and will relay traffic for these peers even if you are not "on the phone". phpBB worms (and awstat exploits)We continue to receive reports about various phpBB worms. The worms attack various vulnerabilities, some of them are older. More recent worms will just check random URLs, not limiting themselves to well known phpBB pages like 'viewfiles'. awstats, another web application with vulnerabilities released recently, is another favorite. Here a quick 'grep' result from our own ISC web server: I am using this line of shell code to extract requests of interest: cut -d'"' -f2 < access_log | cut -f2 -d' ' | grep ';' Some highlights:
adding a quick 'sort -u | wc -l ' to the grep above suggests 45 unique attempts. Note that some of the URL hit look like they where extracted from links found on other sites, and modified to insert the exploit. COASTIn a past diary, we published excerpts from an offer made by a Spyware/Adware company. This letter was directed to a game software developer and included a note that the Adware maker has hopes of obtaining a "COAST Certification". COAST was originally founded as an anti Spy/Adware organization, but has come under some scrutiny recently, as reader Robert pointed out. As usual, buywer beware. Flashy "seals" may not only be just outright fake, but in some cases you have to look deeper to figure out what they are actually worth ISTS NewsA couple alert readers noticed that the ISTS news are missing. ISTS changed its format, and the news will be back as soon as the new parser is working. ---------- Johannes Ullrich jullrich_ATT_sans.org, CTO SANS Internet Storm Center ------------ http://johannes.homepc.org/blog I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Security West: March 2021 |
Johannes 4069 Posts ISC Handler Mar 3rd 2005 |
Thread locked Subscribe |
Mar 3rd 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!