[Qtx]

Automatic updates in production environments

ISC has changed it's ThreatLevel/InfoCon to Yellow.

Quote:

At the Storm Center, we are strict and judicious on moving the InfoCon status. We felt, after dialog, that Yellow is warranted in this case as we are seeing signs of worm/botnet activity. This combined with so many systems are impacted [worm], with no signs of letting up [met].

We will monitor this closely and relax InfoCon when the situation seems to be more stable.

[met] https://github.com/rapid7/metasploit...work/pull/3891
[worm] http://www.itnews.com.au/News/396197...-networks.aspx

First link is a nice metasploit module which acts as a DHCP, infecting machines that ask for an IP. All you have to do is attach the machine with it running on to a networkk...

Some of the ITV link:

Quote:

Wopbot has so far launched a distributed denial of service attack against servers hosted by content delivery network Akamai, and is also aiming for other targets, according to Gentili.

"Analysing the malware sample in a sandbox, we saw that the malware has conducted a massive scan on the United States Department of Defence Internet Protocol address range on port 23 TCP or Telnet for brute force attack purposes," he said.

The US DoD network in question is the 215.0.0.0/8 range, with approximately 16.7 million addresses.

Gentili said Tiger Security had contacted UK provider M247 and managed to get the wopbot botnet command and control system taken down from that network.

However, the botmaster server for wopbot - hosted by US network Datawagon - is still up and distributing malware, Gentili said.