October 2006 Summary & Trends
Overall the number of events reported to the STEAM-CIRT increased by 25% from last month, while the total number of actual IT Incidents increased at 28%. This increase is likely due to a higher reporting rate of spam e-mail sent to Exchange users over the last month. Spammers are now sending messages directly to Exchange mailboxes, circumventing spam filtering in place on the Mailhub SMTP cluster. While server-side spam filtering is not available for Exchange, Junk mail filtering is available with the Outlook client. Users should be educated on how to best use client side filtering to reduce the impact and visibility of spam on their work environment.
Vulnerabilities in Microsoft products exploitable through Internet Explorer continue to be reported throughout October. Specifically, the ADODB.Connection, WMI Object Broker, and XMLHTTP ActiveX Controls. All of these attacks require a user to visit a website containing the exploit code to be successful. However, we have seen the method of sending users a link via e-mail or instant messaging to be moderately successful at the University. STEAM-CIRT recommends setting the kill bit for ActiveX controls with known vulnerabilities until a patch can be deployed to systems. Instructions for doing this can be found under Microsoft KB240797.
The STEAM-CIRT expects the relative number of IT Incidents to remain fairly constant over the next month as the Fall semester continues followed by a drop in December.
Posted by Addam Schroll on November 15, 2006, in Handlers Log.