On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 17 of 67:
Next »
« Previous
Symantec Internet Security Threat Report
Symantec Internet Security Threat Report

http://downloads.securityfocus.com/library/InternetThreatReportSept2003.pdf
QUOTE
Blended-Threat Targets MICROSOFT IIS

VULNERABILITIES
Microsoft IIS is one of the most widely deployed Web servers throughout the world. Symantec has documented several high-severity vulnerabilities affecting it. Their characteristics render these vulnerabilities attractive targets for future blended threats. Given Microsoft IIS s susceptibility to past blended threats such as Code Red and Nimda, Symantec believes that it may again be hit by highly destructive malicious-code attacks.

MICROSOFT INTERNET EXPLORER VULNERABILITIES
Several vulnerabilities allow attackers to compromise client systems through Web pages containing embedded malicious code. Others can enable the easy and almost undetectable installation of spyware, which allows attackers to extract confidential data.

THEFT OF CONFIDENTIAL DATA
The release of Bugbear and its variant Bugbear.B (discovered in early June 2003) were good examples of theft of confidential data. Once systems were infected, confidential data was extracted such as file names, processes, usernames, keystrokes, and other critical system information, and delivered to a third party, potentially compromising passwords and decryption keys. Furthermore, it appears that the creator of Bugbear specifically targeted banks. During the first half of 2003, Symantec saw a 50% increase in confidential data attacks using backdoors. By granting access to compromised systems, backdoors allow data to be exported to unauthorized individuals. For example, entire sessions can be logged, and passwords for systems and applications can be taken. Companies need to implement controls that make it difficult for malicious code to steal confidential data, such as updated firewalls, patch management policies, intrusion detection, virus protection, and so on. ATTACKERS EXECUTING COMMANDS FROM THOUSANDS OF INFECTED SYSTEMS Once a system is compromised, an attacker can install malicious code known as a bot that allows the attacker to use the system for future scanning or as a launching point for future attacks (such as planned, distributed denial-of-service attacks). Once a system has become infected, the attacker can maintain a running list of the entire botnet (network of infected systems) by simply issuing commands through Internet Relay Channel (IRC is a common communication channel used by bots). Afterwards, all listening bots (sometimes numbering in the thousands) will execute any command issued by the attacker. Symantec examined an automated tool like this, which accounted for supposable Nimda (blended threat) traffic, after it was captured in a Honeypot network3. CONCLUSION The evidence in this report clearly shows that the risk of blended threats and attacks is rising. Understanding how to budget for security and what products and services are needed will involve some of the most important decisions that every corporation faces in the 21st century. The trends that we discuss in this report help executives understand some of the threats faced by their systems administrators every day. Symantec carefully monitors other potential threats such as the rise in peer-to-peer attacks (including instant messaging), mass mailers (like SoBig), the general trend toward theft of confidential information, and the rapid increase in the number of Windows 32 (Win32) threats.
UNQUOTE
Posted by: David Mohring   Posted on: 01/29/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

2002-09-29:Why Linux will conquer the world  David Mohring | 01/29/04
That was actually pretty good  el1jones | 01/29/04
Updated links  David Mohring | 01/29/04
Excellent post...  prime21 | 01/29/04
I'm curious about something  IT_User | 01/29/04
What entices vendors...  prime21 | 01/29/04
For one thing:The insanity of software methord patents  David Mohring | 01/29/04
Funny  MEMSmaker | 01/29/04
Even funnier  Michael Kelly | 01/29/04
Funnier Still  MEMSmaker | 01/29/04
atleast stick to one story  ryusen | 01/29/04
I'm confused by your logic  Richard Flude | 01/29/04
what, no links?  MEMSmaker | 01/29/04
I think most of us already know this  Jose Jimenez | 01/29/04
ok, so what  MEMSmaker | 01/29/04
just to point it out  voska | 01/29/04
Symantec Internet Security Threat Report  David Mohring | 01/29/04
Sorry to disappoint  Michael Kelly | 01/29/04
All M$ User Have To Do  nikoli | 01/29/04
Completely incorrect...  prime21 | 01/29/04
So You're Going To Put Linux On  nikoli | 01/29/04
Of course  Bobby Sskcat | 01/29/04
So this doesn't apply  nikoli | 01/29/04
Yes and No...  prime21 | 01/29/04
And if you knew anything about Linux....  Jose Jimenez | 01/29/04
how many times?  MEMSmaker | 01/29/04
Until people like you and Nikoli understand....  Jose Jimenez | 01/29/04
i understand  MEMSmaker | 01/29/04
the masses?  ryusen | 01/29/04
Riddle me this..  Patrick Jones | 01/29/04
Exactly !!!  nikoli | 01/29/04
execute attachments?  dwest_z | 01/29/04
The Real World  voska | 01/29/04
Microsoft software is slapped together by a bunch of UNDERpaid programmers  DanIelWalker_z | 01/30/04
There's hogwash  IT_User | 01/29/04
isolated incidences  MEMSmaker | 01/29/04
Misconceptions?  IT_User | 01/29/04
no agreement on that  MEMSmaker | 01/29/04
Have seen the "study"  IT_User | 01/29/04
Interesting enough..  Patrick Jones | 01/29/04
And that was a bizarre assumption!  IT_User | 01/29/04
Microsoft is job security  voska | 01/29/04
nope, not funny at all  ryusen | 01/29/04
VHS tapes and M$N forever  prrawlins | 01/29/04
Well, hopefully nothing will dominate  FilledOut | 01/29/04
i can agree  MEMSmaker | 01/29/04
Yeah, we've seen the data  Jose Jimenez | 01/29/04
MS doesn't crush competition by offering superior products  criderja | 01/29/04
ie is better  MEMSmaker | 01/29/04
IE is better for criminals:Blended attacks  David Mohring | 01/29/04
Try using the new  voska | 01/29/04
apearences  ryusen | 01/29/04
Opera is better...  wploger | 01/29/04
better, faster, cheaper  jseigfreid | 01/29/04
When was the last time you tried it?  Jose Jimenez | 01/29/04
linux install?  ryusen | 01/30/04
Yes we have  openMind | 01/29/04
M$N forever  prrawlins | 01/29/04
No, $un forever  FilledOut | 01/29/04
Thanks everyone  MEMSmaker | 01/29/04
Microsoft advocates urinating directly into a heavy wind  David Mohring | 01/29/04
Pot, kettle, black. lower ground  FilledOut | 01/29/04
linux who?  izzy70 | 01/30/04
Fear, Uncertainty, and Doubt  Jose Jimenez | 01/30/04
www.LinuxCAD.com  yelenavt@... | 01/30/04
And you can suck right on site...  yelenavt@... | 01/30/04
Mac OSX: Unix-based & a single standard  YuridaMan | 02/01/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and