June 2007 Summary and Trends
The total number of events reported to the STEAM-CIRT remained relatively low in June and did not significantly change from the previous month. The number of classified incidents compared to the same month a year ago is, however, significantly higher. IT incidents increased by 140% versus June 2006. This increase is due to a three-fold increase in the number of IRC Bot infections being reported. The increase does not likely indicate a significantly greater threat of Bot infection, but rather that the STEAM-CIRT has expanded its capabilities in the last year to better detect this type of incident. Specifically, the campus intrusion detection and prevention service has yielded additional intelligence regarding Bot activity. It is expected that the number of incidents will remain low during the remainder of summer break.
For the month, incident handlers released two advisories to the STEAM Advisory mailing list regarding a UTF-8 word wrap heap overflow vulnerability in the Trillian instant messaging client, and an SMIL wallclock buffer overflow vulnerability in RealPlayer/Helix. These advisories were numbered 2007062001 and 2007062901, respectively. These were released to address concerns due to the large install base on campus. The complete advisories can be found on the STEAM website in the Advisory Alerts area, or directly at the following locations:
Posted by William Harshbarger on August 22, 2007, in Handlers Log.