Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: Symantec ThreatCon elevated



---------------------
http://www.symantec.com/security_response/threatcon/index.jsp

Symantec ThreatCon
The ThreatCon is currently at Level 2: Elevated.
The ThreatCon is currently at Level 2. The DeepSight honeynet has observed 
in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft 
on April 8, 2008. The malicious image appears to target the Microsoft Windows 
GDI Stack Overflow Vulnerability (BID 28570). At least three different sites 
are hosting the images; two different malicious binaries are associated with 
the attacks. Analysis of the images has shown that although they appear to be 
malicious, they do not contain enough data in the associated image property to 
sufficiently trigger the vulnerability. We are still investigating as to why 
this may be the case. Users are advised to apply the MS08-021 patches 
immediately. These attack attempts highlight the severity of this issue -- it 
is only a matter of time before new images that successfully trigger the issue 
are observed in the wild. Administrators are also advised to filter activity to 
the following IP addresses and/or domains: 211.239.126.10 
(hxxp://igloofamily.com) 59.124.92.168 (hxxp://amrc.com.tw) 
ad.goog1e.googlepages.com Symantec IPS detects the exploit; however, some of 
the associated malware that is delivered with the attack is not detected. 
Symantec Security Response is currently investigating the undetected malware 
and will make detection available soon.

-------------------------




 




Copyright © Lexa Software, 1996-2009.