It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

SCI/TECH: Internet Threats 6/22/2004

page: 1
0

log in

join
share:

posted on Jun, 22 2004 @ 06:27 AM
link   
It has been another somewhat quiet week on the Internet. To the surprise of none, Internet Explorer has come under scrutiny for security flaws, some new and unexpected holes have been detected in other software packages, and the virus/worm developments have been limited to minor variations on existing bugs. Update 6/24/2004: Major ISPs move to curb Spam and worm/virus traffic.
 

ISP’s Take Actions to Curb Spam/Worm Problems
“Corporate Inertia” is being overcome and the big Internet Service Providers are recognizing and taking responsibility for the roles their networks are playing in the distribution of junk email and the spread of Internet Worms. They are implementing some technical and policy fixes as well as introducing some basic customer education.

Big six unite to can spam
Some of the world's largest ISPs and email providers are joining forces to fight spam by using existing technology and best practice rather than just looking for future technical solutions. Founder members include AOL, BT, Comcast, EarthLink, Microsoft and Yahoo!.

Please visit the link provided for the complete story.


Rate Limiting as an Anti-Spam Tool
Opinion by Larry Seltzer. Many ISPs (Internet service providers) are proposing standards for authenticating e-mails in efforts to combat spam. While Mr. Seltzer is in favor of such approaches, he also supports limiting the rate at which everyday consumers can send e-mails. Effective rate limits would go unnoticed by most users while making high-volume spamming impractical. Many ISPs have already begun to monitor customers' use of port 25, used by SMTP (Simple Mail Transfer Protocol) for unusual activity, such as high e-mail volumes and evidence that a computer may be remotely controlled. Such measures could also slow the spread of mass-mailer worms. Rate limiting can also put an extra roadblock in front of spammers who find ways to exploit holes in e-mail authentication.

Please visit the link provided for the complete story.

Related News Links
The Washinton Post (registration required)



New Vulnerabilities & Exploits
Outlook's security compromised by spammers

ZDNet
Spammers have found an exploit to deliver unsolicited e-mails past Microsoft Outlook 2003's anti-spam technology. Outlook 2003 comes with a Bayesian filter which examines the text of e-mails and calculates the probability the message is spam. It also gives users the option of blocking e-mails from downloading Internet content. John Cheney of BlackSpider Technologies notes that spammers are attaching pornographic images to e-mails, then including HTML links to the attachment; since the HTML does not connect to the Internet, Outlook will display the image within the message body. The image can also contain words and web addresses that otherwise would have been caught by the filter.

Please visit the link provided for the complete story.

This method has some minor disadvantages for professional spammers because of the increased size of individual messages and the inability to track how many people are successfully targeted, but the increasingly common use of huge networks of worm-infected home computers to relay spam offsets these drawbacks. This exploit is confirmed to be in use, and is growing in frequency.


IBM faces highly critical support security hole

Tech World
eEye Digital Security has announced flaws in two IBM ActiveX controls that could allow an attacker to write files to a computer's hard disk through a special webpage and Internet Explorer. The two flaws lie in the eGatherer 2.0.0.16 and acpRunner 1.2.5.0 ActiveX controls; eGatherer comes default in many IBM personal computers.

Please visit the link provided for the complete story.

Proof-of-concept exploits for these flaws are in circulation, but no malicious uses have been reported. IBM has released a fix for the problem on its website.

More Internet Explorer Attacks
In addition to the IBM bugs, more attacks against IE browsers have been reported, this time loading an ActiveX control on the victim machine using the vulnerabilities reported earlier this month. This new attack downloads a Certificate Revocation List
into the infected system's browser, revoking over one hundred certificates. No patch the resolve this problem has been issued to-date, but antivirus software with current signatures should intercept the exploit.

These items serve as examples of Microsoft’s Internet Explorer being the number one target for attackers, and more reasons to switch to a different browser.

Related News Links
eEye Security
Internet Storm Center
Security Focus - #10472
Security Focus - #10473

Related ATS Discussion
'Extremely Critical' Flaws in MS Internet Explorer

Opera Web Browser Exploit
Security Tracker
Internet Explorer may be the biggest target for hacking, but it is not alone.
A scripting vulnerability was reported in the Opera browser, version 7.51. A malicious user can create HTML code that will spoof the address displayed in the status bar to create a scenario for a "phishing" attack. The unsuspecting user is tricked into thinking they are seeing a trusted site, an online banking page for example, and entering personal information, passwords, account numbers, etc. No patch was available at this time

Related News Links
Opera Web Browser


Code Execution In The Unreal Engine
Gamers beware: the popular Unreal 3D engine, the foundation for a huge number of video games, can expose Internet users to a serious vulnerability. Games using the software developed by EpicGames provide a long "secure" packet to the game server, so an attacker can scan the Internet for the port the games uses to connects and run "arbitrary code" on the target computer. In other words, a hacker can run the program of his/her choice on YOUR computer! Currently, only Unreal Tournament 2004 has been patched. Download version 3236 or greater. If the games you play online are on the vulnerable list, check the vendor’s website for patches to fix the problem
Securiteam

Vulnerable Systems:
* DeusEx Version 1.112fm and lower
* Devastation Version 390 and lower
* Mobile Forces Version 20000 and lower
* Nerf Arena Blast Version 1.2 and lower
* Postal 2 Version 1337 and lower
* Rune Version 107 and lower
* Tactical Ops Version 3.4.0 and lower
* TNN Pro Hunter (?)
* Unreal 1 Version 226f and lower
* Unreal II XMP Version 7710 and lower
* Unreal Tournament Version 451b and lower
* Unreal Tournament 2003 Version 2225 and lower
* Unreal Tournament 2004 All versions lower than 3236
* Wheel of Time Version 333b and lower
* X-com Enforcer

Immune Systems:
* America's Army
* Dead man's hand
* Magic Battlegrounds
* Rainbow Six: Raven Shield
* Splinter Cell: Pandora tomorrow
* Star Trek: Klingon Honor Guard
* Unreal Tournament 2004 Version 3236 and above
* XIII
Related News Links
Epic Games


Virus/Worm Activity

RBOT.CC
An new and dangerous version of the “Rbot.cc” worm has surfaced.

Trend Micro This worm vociferously scans for TCP port 445, and then tries to break in via RPC DCOM flaws (a la Blaster), IIS5/WebDAV flaws (a la Nachi/Welchia), and LSASS vulnerabilties (a la Sasser). When it infects a system, Rbot.cc runs a process called systemse.exe that starts at boot time. Be on the lookout for it in your environment.

Please visit the link provided for the complete story.

The moral of this story is, “Run an antivirus program and keep it up-to-date!” (...and a firewall, and anti-spyware...!)
Related News Links
Sophos Antivirus
Symantec Security Response



General Internet Health
If you are curious about the workings of the Internet, take a look at these resources that let you see what is going on with the world’s ‘net traffic. These tools are similar to those used to detect and track the recent Denial of Service attacks against Microsoft, Yahoo, and other high-profile sites.

Internet Traffic Report
The Internet Health Report

Related ATS Discussion
Major websites hit with DDoS attack today, outages at google, yahoo...

[edit on 22-6-2004 by Zion Mainframe]

[edit on 22-6-2004 by Spectre]


[edit on 24-6-2004 by Spectre]




posted on Jun, 22 2004 @ 06:37 AM
link   
Good finds

Most people are not even aware of what a person could really do with the proper motivation, and the right computer tools.

WinXpnews, has a really good article , that all XP users should read.
It's under the editors corner and called "Only Fools Believe in Fool-Proof Security"

www.winxpnews.com...



Good finds Spectre



posted on Jun, 22 2004 @ 07:29 AM
link   

Originally posted by NetStorm
...WinXpnews, has a really good article , that all XP users should read.
It's under the editors corner and called "Only Fools Believe in Fool-Proof Security"

www.winxpnews.com...

It's always good news when you have to dig for computer security news! That is a great article, NetStorm, and the author makes good points. If you want a completely secure computer, bury it in a salt mine.

I will add that site to my bookmarks.



posted on Jun, 22 2004 @ 08:02 AM
link   
Nice article, and good links! The Internet health report is one of my favorites.



posted on Jun, 24 2004 @ 07:06 AM
link   
Updated 6/24/2004 - ISP’s Take Actions to Curb Spam/Worm Problems




top topics
 
0

log in

join