Toolkit

Story: Linux servers 'attacked more often'

• 
• 

The MI2G study of servers "did not include other methods of intrusion such as viruses and worms"

The same firm mi2g also wrote the following
http://www.mi2g.com/cgi/mi2g/press/190204.php
QUOTE
London, UK - 19 February 2004, 13:30 GMT - mi2g Intelligence Unit data shows that partially as a result of the growth of the MyDoom family of malware, lingering effects of Mimail, Dumaru, Sobig, Swen, Klez, Sober, Yaha, BugBear and Fizzer, and also as a result of new strains of Bagle, February 2004 has already become the worst month for malware proliferation on record with 10 days to go. As of today, the total economic damage from all malware epidemics in February is estimated to lie between $43.8bn and $53.6bn worldwide, two thirds more than the record breaking previous month of January.
UNQUOTE

Symantic also predicted this in its September 2003 Internet Threat report.

http://downloads.securityfocus.com/library/InternetThreatReportSept2003.pdf
QUOTE
Blended Threats
BLENDED THREATS INCREASING IN SPEED AND FREQUENCY
Blended threats, which use combinations of malicious code to begin, transmit, and spread attacks, are increasing and are among the most important trends to watch and guard against this year. By using multiple techniques, blended threats can spread to large numbers of hosts, causing rapid and widespread damage. During the first half of 2003, blended threats increased nearly 20% over the last half of 2002. One blended threat alone, Slammer, disrupted systems worldwide in less than a few hours. Slammer s speed of propagation, combined with poor configuration management on many corporate sites, enabled it to spread rapidly across the Internet and cause outages for many corporations. Companies hit by Slammer were not harmed as badly as they might have been, because it was designed to propagate quickly, degrade networks, and to compromise vulnerable systems rather than cause destruction or steal confidential data. Corporations that had updated firewalls, updated patches, and virus protection throughout the enterprise were prepared for this attack.

Blended-Threat Targets
MICROSOFT IIS VULNERABILITIES
Microsoft IIS is one of the most widely deployed Web servers throughout the world. Symantec has documented several high-severity vulnerabilities affecting it. Their characteristics render these vulnerabilities attractive targets for future blended threats. Given Microsoft IIS s susceptibility to past blended threats such as Code Red and Nimda, Symantec believes that it may again be hit by highly destructive malicious-code attacks.

MICROSOFT INTERNET EXPLORER VULNERABILITIES
Several vulnerabilities allow attackers to compromise client systems through Web pages containing embedded malicious code. Others can enable the easy and almost undetectable installation of spyware, which allows attackers to extract confidential data.

THEFT OF CONFIDENTIAL DATA
The release of Bugbear and its variant Bugbear.B (discovered in early June 2003) were good examples of theft of confidential data. Once systems were infected, confidential data was extracted such as file names, processes, usernames, keystrokes, and other critical system information, and delivered to a third party, potentially compromising passwords and decryption keys. Furthermore, it appears that the creator of Bugbear specifically targeted banks. During the first half of 2003, Symantec saw a 50% increase in confidential data attacks using backdoors. By granting access to compromised systems, backdoors allow data to be exported to unauthorized individuals. For example, entire sessions can be logged, and passwords for systems and applications can be taken. Companies need to implement controls that make it difficult for malicious code to steal confidential data, such as updated firewalls, patch management policies, intrusion detection, virus protection, and so on.

ATTACKERS EXECUTING COMMANDS FROM THOUSANDS OF INFECTED SYSTEMS
Once a system is compromised, an a

• 
• 

• 
• 
• 

Full Talkback thread