Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-06-15 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Akamai/Internet DNS Problems (Updated), Exploitation of IE URL Spoofing, MS Re-Releases NT 4.0 Patch, ISC Site Under Heavy Load

Published: 2004-06-15
Last Updated: 2004-06-15 22:29:15 UTC
by Lenny Zeltser (Version: 1)
0 comment(s)
Akamai/Internet DNS Problems

Starting at around 8:30 am EDT (12:30 UTC), a number of sources started to report a widespread Akamai DNS issue. Large web sites, which use Akamai for its DNS service, no longer resolved in DNS, and became inaccessible to their users. The affected sites were Yahoo, Google, Microsoft, FedEx, Xerox, Apple and likely many others. The situation improved around 10:30 EDT, mainly because some of the affected domains temporarily switched from using Akamai DNS servers to their own DNS servers.

The problems seem to be attributable to a DDoS attack on Akamai's DNS servers, though we do not presently have the information to make a definitive assessment. According to the Akamai spokesperson, the problem was not limited to Akamai. He attributed the outage to an attack on the Internet infrastructure on a larger scale. We do not currently know of any sites that were affected by the attack without using Akamai's services.

*Posts to the NANOG mailing list regarding this issue:
http://www.merit.edu/mail.archives/nanog/msg05267.html

* The Washington Post article regarding the possible attack:
http://story.news.yahoo.com/news?tmpl=story&u=/washpost/20040615/tc_washpost/a43635_2004jun15
Continued Exploitation of IE URL Spoofing

Today's post to the Full Disclosure mailing list warned readers about a phishing scam that directed its victims to a well-designed website that posed as the U.S. Bank site. The site uses an Internet Explorer flaw to place text outside the rendered page window and over the URL location bar, leading victims to believe that they are actually visiting a real banking site. The exploit cleverly calculates where to position the text, and works surprisingly well for most installations of Internet Explorer. Other browsers are not affected by the problem, as far as we know.

The U.S. Bank-spoofing site uses the same exploit as the PayPal-spoofing site reported recently on a Broadband Reports forum. The same exploit was used by another PayPal-spoofing site that we saw several weeks ago. These attack vectors are based on the Bugtraq post that dates to approximately a year ago. We are alarmed at the increased number of exploit sightings in the wild, and are not aware of an Internet Explorer that corrects this issue.

* Today's Full Disclosure mailing list post:
http://seclists.org/lists/fulldisclosure/2004/Jun/0449.html

* The initial Bugtraq mailing list post:
http://www.securityfocus.com/archive/1/328947

* The Broadband Reports forum mention of the scam:
http://www.dslreports.com/forum/news,45692~mode=full~days=2000

Re-Released MS04-011 Patch for NT 4.0 Workstations using Pan Chinese Language

Microsoft re-released its MS04-001 patch, initially issued in April 2004, to address issues with Windows NT 4.0 Workstation systems that use the Pan Chinese language. According to the security bulletin, "this issue only affects the Pan Chinese language version of the update and only those versions of the update are being re-released. Other language versions of this update are not affected and are not being re-released." (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx)

ISC Site Under Heavy Load

Visitors to our site may have experienced intermittent load problems today because of the high number of visitors who accessed our site today. These connectivity problems were not directly related to the Akamai outage. Thanks for being patient while waiting for the ISC site to load.
Keywords:
0 comment(s)
Diary Archives