Incidents Mode:
(Page 15 of 170)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >
Re: Re: suspicious firewall rules in WinXP firewall 2006-07-04
shenba_rake hotmail com
i had the same problem. later we found out that it was due to a trojan named WORM_RONTOKBRO.Q . you can get the solution from google. and you have to reload your browser.

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Bla

[ more ]  [ reply ]
Re: suspicious firewall rules in WinXP firewall 2006-07-03
jimm22222 hotmail com
Have you checked for a modified hosts file?

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats toda

[ more ]  [ reply ]
RE: suspicious firewall rules in WinXP firewall 2006-07-03
Darren Clarke (mailcentre2 gmail com)
Did your packet traces show evidence of attempted connections to your
known DNS server when you attempted to browse a website?
What about the hosts file, any "suspicious" entries in there?
Lastly what about a proxy server running (or proxy settings that have
been modified in the browser)?

Regards,

[ more ]  [ reply ]
suspicious firewall rules in WinXP firewall 2006-06-30
belka att net (4 replies)
While setting a port for Symantec to query XP Pro workstations for virus updates, I noticed two machines that had firewall rules (exceptions in WinXP firewall parlance) that were in unreadable charcaters, such as an asian font set that couldn't be displayed. The rule name was in blocks or in other u

[ more ]  [ reply ]
Re: suspicious firewall rules in WinXP firewall 2006-07-03
kent crispin (kent songbird com) (2 replies)
Re: suspicious firewall rules in WinXP firewall 2006-07-03
Jamie Riden (jamesr europe com)
Re: suspicious firewall rules in WinXP firewall 2006-07-03
Bob Madore (bob dexis net) (1 replies)
Re: suspicious firewall rules in WinXP firewall 2006-07-04
Valdis Kletnieks vt edu (1 replies)
Re: suspicious firewall rules in WinXP firewall 2006-07-05
Thor (Hammer of God) (thor hammerofgod com)
RE: suspicious firewall rules in WinXP firewall 2006-07-03
David Gillett (gillettdavid fhda edu)
Re: suspicious firewall rules in WinXP firewall 2006-07-03
killy (killfactory gmail com)
Re: suspicious firewall rules in WinXP firewall 2006-07-03
Harry Hoffman (hhoffman ip-solutions net)
Pix 515 - need help identifying possible attack - simultaneous traffic and memory spikes... 2006-06-28
nick leachman (nleachman gmail com)
Hi,

I have a pix 515 (not e), running 6.3.5, that I manage; and last week
I noticed a couple of spikes that caught my attention. (This pix is
still in limited production - thus the lack of traffic.)

From looking at MRTG it looks to me like a small amount of traffic -
2.4 MB - is entering intf2 (f

[ more ]  [ reply ]
Excel 0-day FAQ updated with Microsoft advisory information 2006-06-21
Juha-Matti Laurio (juha-matti laurio netti fi)
Microsoft Excel 0-day Vulnerability FAQ document at SecuriTeam Blogs has been updated with information included to related Microsoft Security Advisory.
Updates included to Revision History too.

Additionally, my research say there was sample available as early as 12th June. TrendMicro TROJ_EMBED.AN

[ more ]  [ reply ]
Microsoft Excel 0-day Vulnerability FAQ document written 2006-06-18
Juha-Matti Laurio (juha-matti laurio netti fi)
I have written FAQ document including 23 items about the new Excel 0-day vulnerability exploited by Trojan.

The document entitled as Microsoft Excel 0-day Vulnerability FAQ is located at
http://blogs.securiteam.com/index.php/archives/451

Permalink-type URL to the FAQ is http://blogs.securiteam.com

[ more ]  [ reply ]
Re: honeytrap 0.6.1 released 2006-06-18
Tillmann Werner (tillmann werner gmx de)
> Have a look at <http://honeytrap.sourecforge.net> and try it out. Please
> send comments and suggestions to me.

As you probably already thought, <http://honeytrap.sourceforge.net> is the
right link. :-)

Tillmann

------------------------------------------------------------------------
------
Thi

[ more ]  [ reply ]
honeytrap 0.6.1 released 2006-06-18
Tillmann Werner (tillmann werner gmx de)
Hello,

honeytrap has just been released in version 0.6.1.

After one year of development I think the code is in the state to cope with
feedback from the community now.

Have a look at <http://honeytrap.sourecforge.net> and try it out. Please send
comments and suggestions to me.

Regards,
Tillmann

[ more ]  [ reply ]
Re: Excel zero day in the wild 2006-06-17
Juha-Matti Laurio (juha-matti laurio netti fi)
Microsoft has posted new information regarding to upcoming security advisory to provide some workaround methods.
New MSRC Blog entry is located at
http://blogs.technet.com/msrc/archive/2006/06/17/436860.aspx

- Juha-Matti

> There has been a report of a targeted attack leveraging a previously
> u

[ more ]  [ reply ]
Excel zero day in the wild 2006-06-16
Incidents Moderators (modincidents securityfocus com)

There has been a report of a targeted attack leveraging a previously
unknown vulnerability in Microsoft Excel. The vulnerability is triggered
when a user opens a malicious xls file. Further information regarding this
incident is available from the following sources.

Microsoft Excel Unspecified

[ more ]  [ reply ]
Re: Website Defacement 2006-06-14
killy (killfactory gmail com)
Hi Jan,

Yes, I do have the HTTPERR logs and they were somewhat helpful.

We think it was a permission misconfiguration on the www-root.

THe admin did not make an image before rebuilding so there is not much
more I can look at from a distance.

These servers belong to an agency that is merging with

[ more ]  [ reply ]
Re: 0day worm spreading through Yahoo webmail 2006-06-13
no no net
Looks like activex. Yay for firefox.

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas.
World renowned security experts reveal tomorrow.s threats today. Fre

[ more ]  [ reply ]
Re: Re: 0day worm spreading through Yahoo webmail 2006-06-12
Juha-Matti Laurio (juha-matti laurio netti fi)
New report from SANS Internet Storm Center says Yahoo! is aware of the case and "Yahoo! Mail is blocking most of these messages, and is working on a fix."

ISC's entry is located at
http://isc.sans.org/diary.php?storyid=1398

Regards,
Juha-Matti

-----------------------------------------------------

[ more ]  [ reply ]
0day worm spreading through Yahoo webmail 2006-06-12
Jesse Gough (jgough securityfocus com) (1 replies)
In case anyone hasnt seen this yet, be careful about using your yahoo
webmail accounts.

-JG

----- Forwarded message from David Loyall <david.loyall (at) gmail (dot) com [email concealed]> -----

Hello, all.

I just received an email with an html attachment, on a yahoo account.

When I opened the mail, yahoo automatically disp

[ more ]  [ reply ]
Re: 0day worm spreading through Yahoo webmail 2006-06-12
Jesse Gough (jgough securityfocus com)
Re: Compromised Windows Server 2006-06-08
df odette es
Hi all,

I have had the same problem with the :

Mwvsta.exe found in c:\windows\system32

and

Ponoas.exe c:\windows\system32

although

rundll16.exe c:\windows\system23 was not present in my PC, obviously rundll32.exe is there anyway (it may serve the same purpose, probably).

I obser

[ more ]  [ reply ]
RE: Compromised Windows Server 2006-06-08
Alan Davies (Alan Davies homechoice net)
That would be OWA on the Exchange box. As you say, it should be
properly installed and configured though (with IISLockdown if on 2000).

a

-----Original Message-----
From: Kees Leune [mailto:C.J.Leune (at) uvt (dot) nl [email concealed]]
Sent: 07 June 2006 15:11
To: Patrick Beam; incidents (at) securityfocus (dot) com [email concealed]
Subject: Re: C

[ more ]  [ reply ]
Re: Re: Strange mail with number in subject line and body 2006-06-08
paul french abs gov au (2 replies)
We had a similar incident sometime back but it was a name in both the
subject and body.

Greylisting, which we are about to implement, is an extra line of defence
where an MTA will temporarily reject email from a new or unrecognised
source. A legitimate (and properly configured) mail server will a

[ more ]  [ reply ]
RE: Re: Strange mail with number in subject line and body 2006-06-08
Latalladi, Eric (e jbh com)
Re: Strange mail with number in subject line and body 2006-06-08
Jesse Gough (jgough securityfocus com)
(Page 15 of 170)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus