Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-07-03 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Problem in IE Patch?; Mailbag

Published: 2004-07-03
Last Updated: 2004-07-04 01:08:11 UTC
by Kevin Hong (Version: 1)
0 comment(s)
Problem in IE Patch?

Yesterday Microsoft released a patch for IE. We have received a report that one user has a problem after the patch is applied, resulting IE no longer has a URL field. Since the patch will just turn off the ADODB.Stream ActiveX Control, we do not see any problem if the patch is applied. However, if you do have, let us know the issue. If you wish to disable the ADODB.Stream object from Internet Explorer manually, you can refer to Microsoft Knowledge Base Article 870669:

http://support.microsoft.com/?kbid=870669


Mailbag

We received a report from Jon that he discovered someone has uploaded a php script into his website (his website allows people to upload photographs). From the php script description, it allows one to have a remote shell wrap in php to execute command on the server. Fortunately, the server has been configured to prevent people from running scripts. This highlights the importance of ensuring your server is configured and hardened properly. Patching can only fix the vulnerability but does not necessary mean your system is fully secured. Proper configuration and hardening are still necessary to protect your system. Of course don't forget to review your logs regularly to detect any suspicious attempts.

We also received a report from Susan that they are seeing attacks which appear to be a dictionary attack with a user name of "asdf" on their small server boxes. From the submission and doing a search (thanks to Patrick), we found Trend has a report on a worm WORM_DANSH.A which may explain the cause. If you see similar attacks, do let us know.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DANSH.A&VSect=T

Keywords:
0 comment(s)
Diary Archives