[Dshield] WMF - SETABORTPROC alarms

Timothy A. Holmes tholmes at mcaschool.net
Thu Jan 5 16:06:14 GMT 2006


> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Fielder, Wayne (CPE)
> Sent: Tuesday, January 03, 2006 1:50 PM
> To: 'General DShield Discussion List'; bschnzl at cotse.net
> Subject: Re: [Dshield] WMF - SETABORTPROC alarms
> 
> A couple things really jumped out at me in Mr. Scherr's note, the idea
> that
> "safe computing" might mitigate this and the idea that propogation
isn't a
> serious issue with this thing.
> 
> First, on Safe Computing Mr. Truitt hits the packet on the header, not
> everyone has or does practice perfect standards all the time.  I would
> wager
> that everyone one of us has a machine or two that we would LOVE to
tighten
> up but because of policy, business case, or personalities we simply
can't
> and that machine is watched like a hawk.  It may be that machine or
one of
> our Road Warriors that brings this "visitor" into our networks.
> 
> The idea of following "Best Practices" is the ideal and one worth
> pursuing.
> Unfortunately most of us can't reach that golden ring all the time.
> 
> Second, the propogation of this thing could explode at any minute.  As
> with
> coding anything, it's an exercise in lego building.  We take a piece
of
> this
> and a piece of that to make what we want.  Vx coders are no different
and
> I
> can almost hear the keystrokes as I type this.  What we have seen up
till
> now is the same PoC with different shell code.  Metasploit is a
wonderful
> tool and soon someone will come up with the shell to transport this
thing.
> 
> This vulnerability is just screaming for a reliable transport agent.
I'm
> betting on one of the IM applications as the primary target with email
> attachments(the bane of everyone's existence) a close second.
> 
> *********************************************
> Wayne Fielder GSECG, GCIHG
> 
> Join the Plain Text Email Campaign!
> 
> 
[Timothy A. Holmes] 
In all honesty, the threat that scares me to death right now is not so
much e-mail or IM, but the possibility of hacked web servers hosting the
infected file, and triggering every time someone views the file (like a
web page banner)

TIM



Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14




More information about the list mailing list