IDGNet Virus & Security Watch Friday 27th September 2002

This issue's topics: Introduction: * Two suspected malware writers arrested, critical FPSE update Virus News: * Slapper suspect arrested * Rootkit author arrested in UK Security News: * Patch for FrontPage Server Extensions * Disaster recovery paper

This issue's topics:

Introduction:

* Two suspected malware writers arrested, critical FPSE update

Virus News:

* Slapper suspect arrested

* Rootkit author arrested in UK

Security News:

* Patch for FrontPage Server Extensions

* Disaster recovery paper

Introduction:

Those despairing the apparent lack of action by law enforcement in tracking virus and other malware writers may take some joy from news this week that two suspected malware writers have been arrested. These items are detailed in the virus section, below.

On the security front, a critical patch for machines with FrontPage Server Extensions 2000 and 2002 has been released by Microsoft and we include a discussion paper on good disaster recovery planning.

Virus News:

* Slapper suspect arrested

Ukrainian officials are reported to have arrested a 21 year old man for writing and releasing the Slapper worm reported in last week's newsletter. Few details are available apart from the fact that the e-mail address the worm sent the network addresses of the machines it compromised was in the Ukraine and apparently it was checked from a traceable location.

Arrest for Slapper author - vunet.com

* Rootkit author arrested in UK

The UK Computer Crime Unit have arrested a man on charges relating to the writing and distribution of the T0rn rootkit. A rootkit is a set of programs that allow a hacker to take control of a system and hide the fact they have done so from the system's administrators. A machine compromised in this way should appear to its administrators to run more or less 'normally', but hackers with access to it can use it for anything they want as well. Chaining several such machines together can make tracing the source of another attack launched through such a chain very difficult, as the hackers can clear any system logs on the intermediary machines they control.

UK hacking suspect arrested - bbc.co.uk

Security News:

* Patch for FrontPage Server Extensions

Microsoft has released patches for a buffer overflow flaw in FrontPage Server Extensions (PFSE) that can allow remote denial of service or remote execution of arbitrary code. Both supported versions of FPSE, 2000 and 2002, are affected by this vulnerability, but it manifests itself differently in the two versions. Microsoft rates the severity of the vulnerability as critical for both platforms and administrators of either should obtain, test and install the updates as soon as is practical.

There are some mitigating factors to this. For example, if a server has been configured as a static web server with the IIS Lockdown Tool, or if FPSE have been uninstalled (FPSE is included in default IIS 4.0 and 5.x installations), the machine is not vulnerable.

Microsoft Security Bulletin MS02-053

* Disaster recovery paper

A discussion paper covering the main points of computer disaster recovery planning is available at the link below. It presents a succinct introduction to the vagaries of designing such systems, and particularly focuses on the special need to ensure that items external to the file system are included in the plan. For example the configuration data of many specialized hardware devices are commonly not stored where they will be recoverable by simply restoring file systems from backups.

The Weakest Link in Disaster Recovery - net-security.org

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments

Market Place

[]