Links

Other Posts

 


US-CERT Security Alert – November 29

Posted on November 29th, 2007 by Ryan Spanier

GSA Reference Number: AD071129-01

Simply Put: The Department of Homeland Security has alerted on a new wave of attacks directed toward corporate networks. Users are receiving emails containing Trojan horses or are directed to malicious websites. The sites are using “zero-day” vulnerabilities, meaning there are no patches or network IPS signatures available at this time to protect against the specific attacks that are in use.

Malicious websites and IP addresses associated with this attack:

  • Windowsupdates.net [note: this is not an official Microsoft Update site]
  • Huigezi.com
  • Huigezi.org
  • Localhost.3322.org
  • 3322.net
  • 3322.org
  • 60.248.47.52
  • 83.149.65.105
  • 59.33.247.30
  • 219.150.93.35
  • 61.129.112.73
  • 210.11.174.71
  • Daystar.meibu.com
  • Mylostlove1.6600.org
  • Cvnxus.8800.org
  • Sasi.xicp.net
  • Likeyoug.9966.org
  • Jieyu007.3322.org
  • 8866.org
  • 9966.org
  • 8800.org

Gladiator Customer Notes: Gladiator Firewall Management and Monitoring customers are protected already from many of these sites because they are included in our list of untrusted sources as part of our standard firewall security configuration. We are working quickly to block the rest of them. This process should be completed by tomorrow morning. If you have any questions, please contact the Gladiator Security Operations Center at 678.461.4620 or soc@gladtech.net.

Non-Gladiator Customer Notes: For customers that do not have firewall services with Gladiator, we recommend that you ensure all traffic is blocked at the firewall to and from the addresses listed below. Additional layers of protection, such as spam filtering, network- and server-level IPS, and security awareness training for your employees will also reduce the risk of a successful attack from these sources. However, since the only information we have at this time is about the source of the attacks, your firewall is your primary defense mechanism. As always, ensure employees do not open unsolicited emails or attachments and do not visit disreputable Web sites. If employees are unsure in any of the above referenced cases please have them contact their Network Administrator or Supervisor immediately.

Tags: ,


Reader Comments

Sorry, comments are closed.