/ Reading Logs / More Phishing / TCP 135, Welchia and Lovgate / Sasser slowing / Egress Filtering and You /
Reading Your Logs Pays Off
Chas Tomlin, a sysadmin and programmer for the University of Southampton noticed some odd entries in his web logs and forwarded it to the ISC for analysis. Examination showed that an attack based on the do_brk exploit (http://secunia.com/advisories/10328/ ) was attempted and failed. Systems shown to be vulnerable to this attack have the following kernels:
2.4.20-18.9 as shipped with RedHat 9.0
2.4.22 with grsecurity patch
Please make sure your systems are patched and/or upgraded as needed.
Another eBay Phishing Scam
Anthony Congiano a helpdesk administrator alerted the ISC earlier today to another attempt at Phishing information from eBay users. The e-mail in question tells the recipient that their account has been used "to make fake bids" and "you are required to verify your eBay account by following the link below." The scam is designed to collect E-Bay member names, user names, passwords and credit card information. eBay, and the web host have been notified.
Port 135 Spikes, Lovgate and Welchia
Mystery of MS's missing AV software
By John Leyden
Published Friday 7th May 2004 16:38 GMT
Microsoft's plans to improve the security of Windows through the purchase of an anti-virus company almost a year ago appear to be stuck in limbo. The software giant entered the AV market with the surprise acquisition of little known Romanian AV firm GeCAD Software for an undisclosed sum in June last year.
At the time Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform" and extend support for third-party antivirus vendors. "The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements," it said.
Speaking at the recent Infosecurity Europe show Jonathan Perera, Senior Director at Microsoft's Security Business and Technology Unit, said the company is not ready to announce a product strategy for GeCAD almost a year after the acquisition. GeCAD's technology is been used in programming interfaces to make it easier to plug anti-virus software into Windows, he said.