Security Log File - March 2002

March 25, 2002 - Fraud Alert from Paetec for Calling Cards

Description of email:
To: "Microsoft Customer" <'customer@yourdomain.com'>
Subject: Internet Security Update
Microsoft Customer,
This is the latest version of security update, the known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer.

March 18, 2002 - VIRUS/WORM. All Windows Versions There is currently a mass-mailing worm masquerading as a Microsoft Security Update patch (named Q216309.EXE) in order to dupe users into executing it. If you receive an email with Internet Security Update as the Subject, please delete it. *NOTE* Microsoft will never send you attachments via e-mail.

AudioGalaxy/FTP problems - March 15, 2002 CIS has received several reports from clients who are experiencing problems with using AudioGalaxy. This statement explains the situation. A planned network security upgrade documented at http://www.unh.edu/cis/notices/security_updates.html corrected a security problem associated with incorrect implementations of FTP services. AudioGalaxy uses FTP as its transfer mechanism. However, it fails to comply with standard FTP practices and for that reason it does not successfully negotiate its way past the upgraded UNH Internet security systems.

This is the same issue that caused the problem with QVT-FTP as documented at the above URL. These programs fail to comply with recommended best practices, and therefore are not compatible with the UNH’s security architecture. Recent upgrades to that architecture prevented these applications from establishing connections, as these upgrades prevent certain historic FTP exploits. Any program that fails to implement the standard FTP protocol can create network traffic that appears to be very similar to these exploits.

The upgrades, while necessary, were delayed as long as possible to enable the UNH user community to migrate to an alternative FTP program. However, recent malicious activities that threatened the UNH network required that the upgrade be completed and finalized. While AudioGalaxy was not specifically targeted when these upgrades were implemented, services for this product cannot be restored as long as the product has the problematic implementation of FTP.

March 11, 2002 - SSH Unix (All Versions) A new exploit regarding SSH versions 2.0 3.0.2 has been announced. http://www.pine.nl/advisories/pine-cert-20020301.txt