copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

Week in review - Week Ending 10/08/2007

Date: 10 August 2007

Click here for printable version
For those following the Storm malware activity, we've noticed that the attackers have made some slight tweaks to the propagation spam. They now reference 123greetings.com, Greetings-Cards.com, vintagegreetings.com and many others, for example, it now uses a subject line in the form of:

"School mate sent you a greeting card from 123greetings.com!"

Also, bleeding edge threats has the following snort rule for the down loader:

http://www.bleedingthreats.net/index.php/2007/07/19/storm-worm-signature/?s=storm

If anyone has developed a snort signature for the detection of the subsequent UDP C&C traffic generated by an infected system, we'd be interested in seeing it.


This week saw the start of the Chaos Communication Camp 2007, the annual camp run by the Chaos Computer Club. This camp has been allocated a IP address range, so administrators may wish to see if they are seeing any "interesting" traffic from the 81.163.0.0/16 address range:

IP range : 81.163.0.0 - 81.163.255.255
Network name : TEMPORARY-CCC-CAMP-NET
Infos : Chaos Computer Club Veranstaltungsgesellschaft mbH
Infos : This network is set aside for various
Country : Germany (DE)
Abuse E-mail : cpunkt@ccc.de
Source : RIPE


Finally, for sites running the Bind name server, you may be interested that this week saw the official end of life announcement of Bind8:

http://marc.info/?l=bind-announce&m=118670081707688&w=2

Also, there has been the public release of a proof of concept for the BIND 9 DNS Cache Poisoning vulnerability to milw0rm. We have not verified this exploit as functional, but even if it is not, administrators are urged to patch their systems.

Robert Lowe