May 2007 Summary and Trends
The total number of events reported to the STEAM-CIRT fell by 8% from last month, and the total number of actual IT incidents fell by 42%. The number of classified incidents compared to the same month a year ago is again lower, as it was for April 2007. These decreases are attributed to summer break and the lower numbers of students on campus. It is expected that the number of incidents will remain low during the remainder of summer break.
For the month, incident handlers have noted a trend of spam redirects being implemented by attackers on Purdue hosted web pages. In nearly every case, the website contained a vulnerable PHP application which had been used to upload redirects to 3rd party sites selling prescription drugs or pornography. In all of the cases, these have been the result of incorrect permission settings or vulnerable PHP code. No lasting impact has been seen from these incidents.
Also, it has been observed that IRC bot infections have been declining during the summer. Again, this is attributed to the low number student machines on Purdue networks.
Posted by William Harshbarger on August 22, 2007, in Handlers Log.