Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Tsunami.exe, Oracle critical patch update, got packets? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Tsunami.exe, Oracle critical patch update, got packets?
Tsunami.exe

A piece of malicious code is making the rounds of the Internet masquerading as a Tsunami relief donation request. While not really surprising I find this is somewhat of a new low even for the writers of malware. Words like despicable, shameful, contemptible, pathetic, and feeble come to mind. I had to check a thesaurus for printable comments, can you tell? Filter attachments at your perimeter in organizations, use up-to-date anti-virus, and as users do not open attachments.
Oracle critical patch update released

Oracle has released a critical patch update to address vulnerabilities in the RDBMS products. The full details of the vulnerabilities have not yet been released. Oracle has rated some of them as having wide impact. NGSSoftware, who have released an advisory, rates many of them as high risk. They include privilege escalation and a buffer overflow condition.

For more info:

http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf

and

http://www.ngssoftware.com/advisories/oracle-02.txt

Got packets?

Upswings in scanning activity for ports tcp/901 un-explained, possibly looking for swat/samba installs? Share your theories and packet captures.

http://www.dshield.org/port_report.php?port=901

Cheers,
Adrien de Beaupré

Internet Storm Center Handler of the Day

http://www.cinnabar.ca
Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!