Dit kreeg ik net in mijn mailbox:
--------------------------------
Virus Advisory
Network Associates Avert Places Lovsan Threat as Medium On Watch.
Network Associates Intrusion Prevention Solutions Block Threats without an Update
Geachte Partner,
Graag uw aandacht voor de nieuwe Lovsan bedreiging. Op dit moment heeft het de status Medium on Watch. Het is nog
geen High Risk Virus alert, maar wij zullen de ontwikkelingen nauwlettend in de gaten houden.
In onderstaand persbericht vindt u alle benodigde informatie omtrent Lovsan. Ook wordt toegelicht hoe de McAfee In Depth
Strategie netwerken en systemen beschermen tegen de nieuwe bedreiging.
Om u tijdig in te lichten is het persbericht niet vertaald.
------Persbericht-----
Network Associates, Inc. (NYSE: NET) the leading provider of intrusion prevention solutions, today announced that
McAfee(R) AVERT(TM) (Anti-Virus Emergency Response Team), the world-class anti-virus research division of Network
Associates, assigned a medium on watch risk assessment to the newly discovered Lovsan threat, also known as
Win32/Lovesan.worm. Lovsan is an Internet worm that exploits the MS03-026 vulnerability and is spreading quickly to
thousands of machines around the globe, according to initial reports from Network Associates customers.
SYMPTOMS
Because the worm spreads quietly, and does not arrive as an e-mail
attachment, users may not immediately realize that they have been infected. Some users have reported excessive
use of broadband home Internet connections as a symptom.
PATHOLOGY
By exploiting a vulnerability in Windows XP, NT and 2000, the worm is able to execute without requiring any action on
part of the user. When run, it scans a random IP range to look for vulnerable systems on TCP port 135. The worm
attempts to exploit the DCOM RPC vulnerability on the found systems to create a remote shell on TCP port 444, and
then pass a TFTP command to download the worm to the %WinDir%\system32 directory and executes it.
CURE
Immediate information and cures for this virus can be found online at the
Network Associates AVERT site located at http://vil.nai.com/vil/content/v_100547.htm . This threat was proactively
detected as a variant of Exploit-DCOM RPC with the 4283 DAT files and 4.1.60 or later scan engine. Many users of
McAfee Security anti-virus solutions were protected before the threat began to spread. AVERT recommends that users
of McAfee Security anti-virus solutions update their systems from http://vil.nai.com/vil/content/v_100547.htm
and use the 4283 DATS and 4.1.60 or later scanning engine to detect, remove and identify the threat
as W32/Lovsan.worm.
McAfee Entercept also stopped Lovsan before it was a known threat. The McAfee Entercept solution provides
patented protection against code execution as a result of buffer overflows, such as the one exploited by Lovsan.
The McAfee Entercept solution will prevent attack code from being executed from writable memory as a result of a
buffer overrun, protecting the integrity of the server. This protection functions whether or not the server has the
latest security patch installed. The McAfee Entercept solution and its patented technology safeguards servers
against buffer overflows, without any signature or code updates.
McAfee IntruShield users with signature set 1.5.9.3 or later will receive alerts on attempts to exploit the vulnerability.
IntruShield sensors deployed in in-line mode can be configured to drop the attack packets before they even reach the
targeted host, preventing the spread of the worm, even to unpatched systems.
To contain and stop the spread of the threat, users of Sniffer Distributed or Sniffer Portable can use two filters that
enable customers to detect if attempts are being made to exploit the vulnerability. Additionally, customers can use
Sniffer Distributed and InfiniStream Security Forensics to monitor the network, from the edge to the core, to detect
events that may trigger these vulnerabilities.
Network Associates McAfee(R) Protection-in-Depth(TM) Strategy delivers the industry's only complete set of system
and network protection solutions differentiated by intrusion prevention technology that can detect and block these
types of attacks. This allows customers to protect themselves while they plan their patch deployment strategy.
AVERT Labs is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers
in offices on five continents. AVERT protects customers by providing cures that are developed through the combined
efforts of AVERT researchers and AVERT AutoImmune technology, which applies advanced heuristics, generic detection,
and ActiveDAT technology to generate cures for previously undiscovered viruses.
With headquarters in Santa Clara, California, Network Associates, Inc. creates best-of-breed computer security
solutions that prevent intrusions on networks and protect computer systems from the next generation of blended
attacks and threats. Offering two families of products, McAfee(R) System Protection Solutions, securing desktops
and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate
network, Network Associates offers computer security to large enterprises, governments, small and medium sized
businesses, and consumers. These two product portfolios incorporate Network Associates' leading McAfee, Sniffer(R)
and Magic Solutions(R) product lines.
-----einde persbericht-----
Met vriendelijke groet,
Network Associates Channel Team
______________________________________________________________________
This message was sent by NAI Channel Marketing using Responsys Interact (TM).
--------------------------------
Virus Advisory
Network Associates Avert Places Lovsan Threat as Medium On Watch.
Network Associates Intrusion Prevention Solutions Block Threats without an Update
Geachte Partner,
Graag uw aandacht voor de nieuwe Lovsan bedreiging. Op dit moment heeft het de status Medium on Watch. Het is nog
geen High Risk Virus alert, maar wij zullen de ontwikkelingen nauwlettend in de gaten houden.
In onderstaand persbericht vindt u alle benodigde informatie omtrent Lovsan. Ook wordt toegelicht hoe de McAfee In Depth
Strategie netwerken en systemen beschermen tegen de nieuwe bedreiging.
Om u tijdig in te lichten is het persbericht niet vertaald.
------Persbericht-----
Network Associates, Inc. (NYSE: NET) the leading provider of intrusion prevention solutions, today announced that
McAfee(R) AVERT(TM) (Anti-Virus Emergency Response Team), the world-class anti-virus research division of Network
Associates, assigned a medium on watch risk assessment to the newly discovered Lovsan threat, also known as
Win32/Lovesan.worm. Lovsan is an Internet worm that exploits the MS03-026 vulnerability and is spreading quickly to
thousands of machines around the globe, according to initial reports from Network Associates customers.
SYMPTOMS
Because the worm spreads quietly, and does not arrive as an e-mail
attachment, users may not immediately realize that they have been infected. Some users have reported excessive
use of broadband home Internet connections as a symptom.
PATHOLOGY
By exploiting a vulnerability in Windows XP, NT and 2000, the worm is able to execute without requiring any action on
part of the user. When run, it scans a random IP range to look for vulnerable systems on TCP port 135. The worm
attempts to exploit the DCOM RPC vulnerability on the found systems to create a remote shell on TCP port 444, and
then pass a TFTP command to download the worm to the %WinDir%\system32 directory and executes it.
CURE
Immediate information and cures for this virus can be found online at the
Network Associates AVERT site located at http://vil.nai.com/vil/content/v_100547.htm . This threat was proactively
detected as a variant of Exploit-DCOM RPC with the 4283 DAT files and 4.1.60 or later scan engine. Many users of
McAfee Security anti-virus solutions were protected before the threat began to spread. AVERT recommends that users
of McAfee Security anti-virus solutions update their systems from http://vil.nai.com/vil/content/v_100547.htm
and use the 4283 DATS and 4.1.60 or later scanning engine to detect, remove and identify the threat
as W32/Lovsan.worm.
McAfee Entercept also stopped Lovsan before it was a known threat. The McAfee Entercept solution provides
patented protection against code execution as a result of buffer overflows, such as the one exploited by Lovsan.
The McAfee Entercept solution will prevent attack code from being executed from writable memory as a result of a
buffer overrun, protecting the integrity of the server. This protection functions whether or not the server has the
latest security patch installed. The McAfee Entercept solution and its patented technology safeguards servers
against buffer overflows, without any signature or code updates.
McAfee IntruShield users with signature set 1.5.9.3 or later will receive alerts on attempts to exploit the vulnerability.
IntruShield sensors deployed in in-line mode can be configured to drop the attack packets before they even reach the
targeted host, preventing the spread of the worm, even to unpatched systems.
To contain and stop the spread of the threat, users of Sniffer Distributed or Sniffer Portable can use two filters that
enable customers to detect if attempts are being made to exploit the vulnerability. Additionally, customers can use
Sniffer Distributed and InfiniStream Security Forensics to monitor the network, from the edge to the core, to detect
events that may trigger these vulnerabilities.
Network Associates McAfee(R) Protection-in-Depth(TM) Strategy delivers the industry's only complete set of system
and network protection solutions differentiated by intrusion prevention technology that can detect and block these
types of attacks. This allows customers to protect themselves while they plan their patch deployment strategy.
AVERT Labs is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers
in offices on five continents. AVERT protects customers by providing cures that are developed through the combined
efforts of AVERT researchers and AVERT AutoImmune technology, which applies advanced heuristics, generic detection,
and ActiveDAT technology to generate cures for previously undiscovered viruses.
With headquarters in Santa Clara, California, Network Associates, Inc. creates best-of-breed computer security
solutions that prevent intrusions on networks and protect computer systems from the next generation of blended
attacks and threats. Offering two families of products, McAfee(R) System Protection Solutions, securing desktops
and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate
network, Network Associates offers computer security to large enterprises, governments, small and medium sized
businesses, and consumers. These two product portfolios incorporate Network Associates' leading McAfee, Sniffer(R)
and Magic Solutions(R) product lines.
-----einde persbericht-----
Met vriendelijke groet,
Network Associates Channel Team
______________________________________________________________________
This message was sent by NAI Channel Marketing using Responsys Interact (TM).
/u/25932/icon.png?f=community){kind=icon}
:strip_icc():strip_exif()/u/31036/crop57b1c8dc676ec_cropped.jpeg?f=community)
Dit topic is gesloten.