Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: and in other news SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
and in other news
ANI has been keeping us busy over the last few days, but it hasn't been the only thing that has been going on.  So here is a mini update.
  • ie7.0.exe - This started appearing about the same time as the ANI exploits, mainly on web sites, but currently it is being distributed as SPAM messages.  Typically an image SPAM message which links to a web page with the exploit.  We've seen two names ie7.0.exe and DirectX-10.exe.  Detection rates are improving and most AV products should catch this one.  Once infected the compromised host will start to SPAM (but since we are all blocking executables, especially in emails this shouldn't be much of a problem).
  • PHP scanning - We've had a few reports of PHP scanning coming out of Hong Kong (based on the source addresses).  It seems to be fairly generic as it is hitting sites that do not have HP as well as PHP sites.
  • DST Part 2 - The original Daylight Savings Time start passed on the weekend.  So far the only reports we've had were:
    • Church Bells ringing at the wrong time
    • A web site providing TV guides was out by an hour causing some initial confusion for one user at least
  • April Fools - ISC did not participate in light of the ANI issue (disappointing several handlers who were all geared up to go) , but there were plenty of others who did.  We received a number of emails that got a "check the date" reply.
Mark H

391 Posts
ISC Handler
Apr 2nd 2007

Sign Up for Free or Log In to start participating in the conversation!