Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Manual de usuario Pagina 23
- Pagina / 33
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
NIPC CyberNotes #2002-12 Page 23 of 33 06/17/2002
Trends
●
The CERT Coordination Center (CERT/CC) has issued an advisory on a new vulnerability in
the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND). The
vulnerability is in version 9 to 9.2 and not in versions 4 or 8. Exploitation of this vulnerability
will cause vulnerable BIND server(s) to abort and shut down. For more information, see “Bugs,
Holes, & Patches” table and NIPC Advisory 02-004.1, located at:
http://www.nipc.gov/warnings/advisories/2002/02-004.htm.
● The National Infrastructure Protection Center (NIPC) is monitoring an Internet worm called
"Spida,” also known as SQLSnake. This worm takes advantage of default settings within
Microsoft's SQL Server (MSSQL) when there is a system administrator username of "sa" and
no password. Administrators are advised to change all passwords on infected machines, not
simply that of the system administrator account, For more information see NIPC Advisory 02-
003 located at: http://www.nipc.gov/warnings/advisories/2002/02-003.htm.
● There has been an increase in the number of scans to port 80 scans, still being caused by Nimda and
Code Red.
● There has been an increase in the number of scans to port 1433 lately. The most common use of this
port is Microsoft’s SQL server. A vulnerability in SQL Server 7.0 and 2000 exists which allows access
to the security context of the server. Microsoft released an advisory and a patch for this problem which
is available at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-020.asp.
Viruses
The following virus descriptions encompass new viruses and variations of previously encountered viruses
that have been discovered in the last two weeks. The viruses are listed alphabetically by their common
name. While these viruses might not all be in wide circulation, it is highly recommended that users update
anti-virus programs as often as updates become available. NOTE: At times, viruses may contain names or
content that may be considered offensive.
Bat/Cup-A (Batch File Worm): This worm arrives in an e-mail message with the characteristics:
● Subject line: "WorldCup News!"
● Message text: "read me for more world cup news!"
● Attached file: WorldCup.BAT.
When executed, the worm will create, execute, and on occasions delete the files worldcup_score.vbs,
eyeball.reg, japan.vbs, england.vbs, ireland.vbs, uraguay.vbs and argentina.bat. Worldcup_score.vbs is the
file that executes the mass mailing properties of the worm. An e-mail with the above characteristics
will be sent to all contacts in the user's Microsoft Outlook address book. Eyeball.reg creates the registry
value:
● HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cqlyg
so that a copy of the worm is run when Windows starts up. An attempt will be made to copy eyeball.reg
over all REG files contained in folders in the user's path and the Windows current and parent folders.
Japan.vbs will attempt to start a copy of the worm called argentina.bat. An attempt will be made to copy
japan.vbs over all VBS files contained in the folders of the users path and the Windows, current and parent
folders. England.vbs will set the registry value:
● HKLM\Software\Microsoft\Windows\CurrentVersion\Run\eifxi
so that a copy of the worm is run when Windows starts up. Ireland.vbs attempts to create a shortcut in the
root folder to a copy of the worm. The shortcut would be called pif.lnk. Uraguay.vbs attempts to create a
shortcut to brazil.vbs that in turn will try to execute paraguay.vbs. Paraguay.vbs does not exist. The worm
creates copies of itself using the names world_cup_.bat, germany.bat, china.bat, russia.bat, turkey.bat,
denmark.bat, costarica.bat, wini.bat, spain.bat, and italy.bat. These copies are most likely to be in the
Windows folder. The following anti-virus related executables will be deleted:
● C:\progra~1\norton~1\*.exe
Relacionado con productos y manuales para Servidores Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
(51 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.059 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales