sans internet storm center

The creativity and resourcefulness of the criminal underground never ceases to amaze me. Granted, these guys have nothing else to do but sit around and come up with new scams, but still, some of these things are truly inspired. Have a look at this Google AdWords phishing scam that has been showing up in recent [...]  read more »

Tools are available to automate VoIP attacks, but the threat remains low until VoIP communications is more pervasive in the workplace.

The brute-force SSH attacks that have plagued the Internet for much of this year are continuing, and experts are responding by creating tools to stop the brute-force attempts and lists of the attacking IP addresses. The SANS Internet Storm Center has a good post with some information on SSH attack mitigation tools and advice on [...]  read more »

The trend toward large-scale attacks against Web sites through the use of SQL injection is continuing, as experts at both the SANS Internet Storm Center and Shadowserver Foundation are tracking a newly discovered SQL injection worm that appears to be exploiting a RealPlayer flaw and dropping malware on vulnerable sites. The attacks are focusing on [...]  read more »

With enterprises regularly trading .pdf files back and forth, IT administrators should be aware of some new attacks related to recently-patched flaws in the widely used Adobe Reader. Raul Siles at the SANS Internet Storm Center wrote a warning about the .pdf threat over the weekend on the organization Web site, and included additional advisories [...]  read more »

Valentine’s Day isn’t for another month, but that’s not stopping controllers of the Storm Trojan from using the holiday theme to trick users into downloading the malware.A posting on the SANS Internet Storm Center Web site describes another wave of Storm emails with a subject designed to catch the recipient’s attention and an email body [...]  read more »

Apple users tend to have a false sense of security superiority when it comes to their beloved Mac machines. But you gotta give Apple some credit — when a security hole is discovered, the company is pretty good about patching it quickly.This time around, Apple has released Security Update 2007-009 to fix some 41 flaws [...]  read more »

The SANS Internet Storm Center (ISC) warns that attackers may be attempting to exploit flaws in Trend Micro products to hijack computer systems.

Friday, I reported on a wave of pump-and-dump spam. According to the SANS Internet Storm Center (ISC), reports of massive spamming runs continued through the weekend.Handler Tony Carothers wrote on the ISC Web site that “some of our friends in Canada have been pounded … by a series of emails from a number of destinations.” [...]  read more »

There’s not a lot of passion in the security blogosphere this week over any topic in particular, but there are some nuggets worthy of note, including an announcement in the Symantec Security Response blog about a makeover for the company’s ThreatCon.Many security organizations use a measurement system to give customers a sense of the overall [...]  read more »

Maarten Van Horenbeeck at the SANS Internet Storm Center has been tracking the spam subject lines associated with the Sestorm worm. “Happy B-day America,” “Independence Day Party” and other lines to dupe email recipients. We reported in January that the Storm worm has been fairly successful in spreading using a variety of topical headlines. [...]  read more »

The prolific Storm malware is on the attack again, according to the folks at the SANS Internet Storm Center (ISC). ISC handler Lorna Hutcheson wrote on the storm center Web site that the latest email attack includes a subject line that says “You’ve received a postcard from a family member!” From there, variations of [...]  read more »

The folks at the SANS Internet Storm Center are warning of a fake Microsoft security bulletin that’s making the rounds. Here’s what it looks like:Microsoft Security Bulletin MS06-4Cumulative Security Update for Internet Explorer (113742734)Published: June 3, 2007Version: 1.0SummaryWho should read this document: Customers who use Microsoft WindowsImpact of Vulnerability: Remote Code ExecutionMaximum Severity Rating: CriticalRecommendation: [...]  read more »

The SANS Internet Storm Center is reporting that there has been a spike in activity on TCP port 5168 over the last few days, perhaps attributable to attackers looking to exploit a couple of vulnerabilities in Trend Micro’s ServeProtect. The ISC came across the activity on port 5168 through a report from a user whose [...]  read more »