Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Botnet?

Published: 2006-11-27
Last Updated: 2006-11-27 19:17:54 UTC
by Joel Esler (Version: 3)
0 comment(s)

We've received reports from .edu (Thanks!) of a massive new outbreak of bots exploiting the Symantec Client Security and Antivirus escalation of privilege vulnerability.  ("new" implying the outbreak, not the vulnerability :)

More details on the vulnerability here.

We have not seen the botnet here at the ISC, but if you are having experience with it, please write in via our "Contact Us" Button, and let us know!

Update #1:

Port traffic on the Symantec Client port (2967) has drastically increased in the past few days.

0 comment(s)

Spam Increase

Published: 2006-11-27
Last Updated: 2006-11-27 17:38:36 UTC
by Joel Esler (Version: 1)
0 comment(s)
Thanks to the many readers who have written in.  We have received multiple reports of a big increase in spam traffic overnight.  (Heck, I've noticed it myself)

Mostly non-us based as I have noticed, and ranging from topics old and new such as Stocks, Microsoft Updates, and the nearly-famous 'Nigerean' emails.

As always make sure your users are educated as to the presence of these emails.   It's generally recomended to avoid html email totally. 

Good luck, and welcome back to work .us people!

Joel Esler
0 comment(s)
Diary Archives