検索:
ホーム   »     »   Port 80 and an Old Vulnerability

Port 80 and an Old Vulnerability

  • 投稿日:2007年1月15日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

I noticed that in the past two days, there is a suspicious activity on port 80(HTTP). Our smallpot system captured packets sent to this port and after some rough analysis; it is known that the packets is exploiting the ASN.1 vulnerability (MS04-007) so un-patched machines from MS04-007 are affected. Below, I show a part of the packet when it is still Base64 encoded and the payload part of the packet after decoding.


Still base64 encoded:



After decoding:



This incident is not as proliferate as what we had way back 2005. This incident means that there are still users with machines un-patched from known vulnerabilities. On the bright side, the fact that the count of packets received is low means that users are getting educated to security threats and are applying security patches to their machines.


Again, it advised that users apply security patches provided by the software vendor to be secured from attacks exploiting known old vulnerabilities. Always have your antivirus pattern files updated. This is important if your business relies on connecting to the wild internet to have lesser chance of getting infected by malicious software.

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.