September 2006 Summary & Trends
Overall the number of events reported to the STEAM-CIRT increased by 28% from last month, while the total number of actual IT Incidents only increased at 15%. An increase in IT Incidents was expected since September was the first full month of the Fall semester. The majority of incidents continue to involve IRC Bots on unmanaged workstations, however, a small number of higher severity IT Incidents also took place during the month of September. The number of reports of spam sent from Purdue systems also increased slightly from August. Purdue machines found sending spam are typically compromised and set up as IRC bots or have been infected by a virus.
On September 26th, Microsoft released MS06-055, an out of cycle patch for a vulnerability in their Vector Markup Language engine. While VML is rarely used by applications, exploits were created to leverage this vulnerability through Internet Explorer and Outlook. The STEAM-CIRT recommends applying this patch to all Windows systems using Outlook or Internet Explorer if this has not been done already.
The STEAM-CIRT expects the number of IT Incidents to remain relatively steady until the end of the semester when the number will likely fall through December and January during the semester break.
Posted by Addam Schroll on October 20, 2006, in Handlers Log.