The Glider

Many researchers have tried unsuccessfuly to use artificial intelligence(AI)to program bots to interact with humans and gather information, because the human party detects the bot very soon and drop the conversation. Well, there is now a man-in-the-middle bot that relays messages between two people to avoid detection by the parties involved in the conversations. Also detects gender of the people involved in the conversation and alters the messages accordingly. Pretty cool stuff.
Want to read the paper? Check the following document: http://seclab.tuwien.ac.at/papers/autosoc-leet2010.pdf
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

As Syzop over at UnRealCD put it...This is very embarassing. It appears that the popular UnRealCD IRCServer has been compromised with a Trojan since November 2009. If you are the keeper of one of the many UnRealCD instances I suggest you upgrade ASAP, and it probably wouldn't be a bad idea to take a long hard look at your server for other indications of compromise.
More information over at the UnRealCD forums.
Thanks to reader Colin for the heads-up!

-- Rick Wanner - rwanner at isc dot sans dot org - http://rwanner.blogspot.com/ (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

-- Rick Wanner - rwanner at isc dot sans dot org
- http://rwanner.blogspot.com/ (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

All eyes will be on South Africa for the next few weeks whilst the FIFA World Cup unfolds. However with an event reportedly bigger than the Olympics. It is likely that scams, spam and other money making efforts will target the event or at least will use the interest in the event to hide and do their thing. A little reminder to staff to be vigilant and a little less eager to click that OK button will go a long way. As always if you see something interesting, let us know via the contact form.
As for my pick a -)
Mark
(8 minutes to go)
Update
The first few SPAM emails have already been sighted (in fact yesterday) subject along the lines of FIFA World Cup South Africa._. bad news and attachment,news.html. Typically these redirect to another site.


(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

Microsoft has issued a Security Advisory for the vulnerability in the Windows Help and Support

Centre function that is delivered with supported editions of Windows XP and Windows Server 2003.

The information is referenced under CVE-2010-1885.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885
Full information for the advisory can be found at:
http://www.microsoft.com/technet/security/advisory/2219475.mspx

Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

On June 5th Handler Guy posted a diary about a Security Advisor for Adobe Products.http://isc.sans.edu/diary.html?date=2010-06-05
We have received notification that a proof of concept (POC) has been found in malware taken from the wild and is currently being exploited.

For those that are Adobe users please patch before it is too late.
Thanks to our readers whobrought thistoour attention.
Update: For more information see US-CERT Technical Cyber Security Alert TA10-159A. http://www.us-cert.gov/cas/techalerts/TA10-159A.html
Thanks to those of you who have pointed out that I made a mistake in the Diary.It appears that there is not a patch available rather currently

just mitigation steps.It looks like the patch will be released for Flash Player soon and for Reader and Acrobat later in the month.


Deb Hale Long Lines, LLC

It appears that the Security Update has been released by Adobe.Thanks to Juha-Matti for providing this information.



http://www.adobe.com/support/security/bulletins/apsb10-14.html (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

It appears that a problem has been discovered with Microsoft Help Centre that may lead to problems for

for those who are using it.
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html
According to the information provided by Microsoft on this issue:
We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003.

We are not aware of any current exploitation of this issue and customers running Windows Vista,

Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this

issue, or at risk of attack.
Microsoft warns that the analysis from the original disclosure of the event is incomplete and the

workaround provided by Google is incomplete.They have made recommendations for and have

given the steps tounregister the hcp protocol to protect from exploitation. See the information for

mitigation at:
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

Wireshark has released an update.This update corrects some vulnerabilities found

in earlier versions. Thanks to J. for sending this information to us.
http://www.wireshark.org/download.html
http://www.securityfocus.com/bid/40728/discuss
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

Computerworld this week posted a rather thought provoking article on the risks that Social Networking

sites may pose on a company or organization. We all know that even if we tell the employees that

discussion of work related issues is strictly forbidden that there is a good possibility that it will slip

through. We also know that social networking sites are laden with badware/malware and viruses.

That is the nature of the beast.But are there other issues to consider. My company has been

discussing just this issue at length.We have a policy but we know that it is not near comprehensive

enough.



Take a look at this article if you are interested.
http://www.computerworld.com/s/article/9177786/Group_lists_top_five_social_media_risks_for_businesses
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.