Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IE URL Bug; Phishing Attacks; Port 6129 Remains High; Proper Incident Response

Published: 2003-12-23
Last Updated: 2003-12-23 18:14:04 UTC
by Kevin Hong (Version: 1)
0 comment(s)

On the recent released of IE URL Bug [1], Microsoft has not yet released an official patch for this vulnerability. However, Microsoft has published an article on steps that you can take to help identify and to help protect yourself from spoofed websites and malicious hyperlinks.

It discusses steps you can take to help protect yourself from spoofed Web sites and malicious hyperlinks, including how to identify the URL of the current web page.

Phishing Attacks

There is an increasing trend in phishing attacks where a malicious attack will set up a website with malicious hyperlinks (exploiting the IE URL bug) and lure people to the malicious website (commonly technique is via email from a trusted source) and trick you to reveal your personal information such as credit card number, PIN and password. A recent one is the Earthlink case (

There is a good website that archive some of the known phishing attacks:

Port 6129 Remains High

Since 20 Dec 03, we see a spike in port 6129 ( The scan on port 6129 remains to be high. This could be due to the recent dameware exploit.

Proper Incident Response

During this festive seasons, it is common that hackers will take this opportunity to break into systems. Should your systems unfortunately be compromised, proper incident response should be followed.

The following links will provide useful tips on proper incident handling/response.">













0 comment(s)
Diary Archives