IE URL Bug; Phishing Attacks; Port 6129 Remains High; Proper Incident Response
IE URL Bug
On the recent released of IE URL Bug [1], Microsoft has not yet released an official patch for this vulnerability. However, Microsoft has published an article on steps that you can take to help identify and to help protect yourself from spoofed websites and malicious hyperlinks.
http://support.microsoft.com/?id=833786
It discusses steps you can take to help protect yourself from spoofed Web sites and malicious hyperlinks, including how to identify the URL of the current web page.
Phishing Attacks
There is an increasing trend in phishing attacks where a malicious attack will set up a website with malicious hyperlinks (exploiting the IE URL bug) and lure people to the malicious website (commonly technique is via email from a trusted source) and trick you to reveal your personal information such as credit card number, PIN and password. A recent one is the Earthlink case (http://isc.sans.org/diary.html?date=2003-12-21).
There is a good website that archive some of the known phishing attacks:
http://www.antiphishing.org/phishing_archive.htm
Port 6129 Remains High
Since 20 Dec 03, we see a spike in port 6129 (http://isc.sans.org/diary.html?date=2003-12-21). The scan on port 6129 remains to be high. This could be due to the recent dameware exploit.
http://isc.incidents.org/port_details.html?port=6129
Proper Incident Response
During this festive seasons, it is common that hackers will take this opportunity to break into systems. Should your systems unfortunately be compromised, proper incident response should be followed.
The following links will provide useful tips on proper incident handling/response.
http://www.fedcirc.gov/incidentResponse/index.html
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html">http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
http://www.sans.org/rr/catindex.php?cat_id=27
http://www.cert.org/tech_tips/
https://store.sans.org/store_item.php?item=62
[References]:
1. http://www.zapthedingbat.com/security/ex01/vun1.htm
2. http://support.microsoft.com/?id=833786
3. http://www.microsoft.com/security/incident/spoof.asp
4. http://www.antiphishing.org/phishing_archive.htm
5. http://xforce.iss.net/xforce/alerts/id/159
6. http://isc.sans.org/diary.html?date=2003-12-21
7. http://www.fedcirc.gov/incidentResponse/index.html
8. http://www.cert.org/tech_tips/win-UNIX-system_compromise.html">http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
9. http://www.sans.org/rr/catindex.php?cat_id=27
10. http://www.cert.org/tech_tips/
11. https://store.sans.org/store_item.php?item=62
On the recent released of IE URL Bug [1], Microsoft has not yet released an official patch for this vulnerability. However, Microsoft has published an article on steps that you can take to help identify and to help protect yourself from spoofed websites and malicious hyperlinks.
http://support.microsoft.com/?id=833786
It discusses steps you can take to help protect yourself from spoofed Web sites and malicious hyperlinks, including how to identify the URL of the current web page.
Phishing Attacks
There is an increasing trend in phishing attacks where a malicious attack will set up a website with malicious hyperlinks (exploiting the IE URL bug) and lure people to the malicious website (commonly technique is via email from a trusted source) and trick you to reveal your personal information such as credit card number, PIN and password. A recent one is the Earthlink case (http://isc.sans.org/diary.html?date=2003-12-21).
There is a good website that archive some of the known phishing attacks:
http://www.antiphishing.org/phishing_archive.htm
Port 6129 Remains High
Since 20 Dec 03, we see a spike in port 6129 (http://isc.sans.org/diary.html?date=2003-12-21). The scan on port 6129 remains to be high. This could be due to the recent dameware exploit.
http://isc.incidents.org/port_details.html?port=6129
Proper Incident Response
During this festive seasons, it is common that hackers will take this opportunity to break into systems. Should your systems unfortunately be compromised, proper incident response should be followed.
The following links will provide useful tips on proper incident handling/response.
http://www.fedcirc.gov/incidentResponse/index.html
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html">http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
http://www.sans.org/rr/catindex.php?cat_id=27
http://www.cert.org/tech_tips/
https://store.sans.org/store_item.php?item=62
[References]:
1. http://www.zapthedingbat.com/security/ex01/vun1.htm
2. http://support.microsoft.com/?id=833786
3. http://www.microsoft.com/security/incident/spoof.asp
4. http://www.antiphishing.org/phishing_archive.htm
5. http://xforce.iss.net/xforce/alerts/id/159
6. http://isc.sans.org/diary.html?date=2003-12-21
7. http://www.fedcirc.gov/incidentResponse/index.html
8. http://www.cert.org/tech_tips/win-UNIX-system_compromise.html">http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
9. http://www.sans.org/rr/catindex.php?cat_id=27
10. http://www.cert.org/tech_tips/
11. https://store.sans.org/store_item.php?item=62
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments