Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC returning to Green; Comcast Problems; Microsoft Update Spoof

Published: 2005-04-08
Last Updated: 2005-04-08 17:00:54 UTC
by Deborah Hale (Version: 1)
0 comment(s)

Internet Storm Center Returning to Green




You may have noticed that the InfoCon has returned to Green. We do this not because we think the DNS cache poisoning is solved, but due to that we now understand the issues and have clear things people should do to protect themselves. Here are the suggestions we have for you:



- add the right key to the registry on NT


http://isc.sans.org/diary.php?date=2005-04-07

(Note: Windows systems are not protected even with their magic registry entry IF they trust an upstream dns system that doesn't clear additional dns records from the answer to the query and site the article.
- upgrade to the right SP on W2K

- not forward to vulnerable windows DNS caches

- not forward to pre-BIND9 bind DNS caches



And a heads-up to ISP's and others running BIND4 and BIND8
- Please upgrade to BIND9 if you are likely to have people forwarding
to you with a MSFT DNS cache.




Thanks to Kyle, Swa, Eric and Donald for their input. You guys are awesome.

A heartfelt thanks to all of you who participated in the research and investigation on this issue. It is because of you and you willingness to assist that we are as successful as we are.



Comcast Problems





We have received a couple of inquiries regarding the unavailablity of Comcast. Apparently Comcast is experiencing problems nationwide due to an equipment update. This does not appear to have any connection to the DNS Cache Poisoning that we have been following over the last few days.

The Comcast technical problems should be resolved shortly and all will return to normal.




[Note: additional discussion of this issue is happening at
http://www.dslreports.com/forum/comcast"> http://www.dslreports.com/forum/comcast ]





Microsoft Update Spoof



With Microsoft Patch Tuesday looming on the horizon we thought it wise to alert everyone to a malicious email that is circulating the globe.
"A mass SPAM email has been sent out claiming to be from Microsoft. This email spoofs users into thinking that they must update their Windows software. Upon clicking on the link, users are forwarded to a fraudulent website. This website is hosted in Australia, and was up at the time of this alert."


http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=163



When the link is clicked it installs a Trojan program. The Trojan program (Wupdate-20050401.exe) is installed and opens a backdoor to your computer.


This is a reminder to everyone, "Microsoft Does NOT Email Update Links".


Deb Hale


Handler on Duty
Keywords:
0 comment(s)
Diary Archives