Conventionally, the drop sites for these attacks are hosted in Asia, however the ip address in this mail is registered to Pacific Bell, and is most plausibly a Pacific Bell ADSL customer machine acting as a reverse proxy to the actual machine collecting the Nat West customer banking details.
Posted by Netcraft Admin in Security
Posted by Mike Prettejohn in Security
The Gentoo event comes just two weeks after a server compromise at The Debian Project was traced to an exploit in the Linux kernel that allowed local users running Userland software to upgrade their privileges to root.
The Nachi worm exploited a RPC DCOM hole, for which Microsoft issued a patch a month prior to the worm's release, which Diebold neglected to install on the infected machines. Last week Diebold announced that it will include Sygate Security Agent software with all its new ATMs and offer to install Sygate agents on its existing Windows-based ATMs.
"The biggest problem I see is that a lot of protocols we use were developed in the 1970s," said Hancock, the Chief Security Officer at Cable and Wireless. "The bottom line is that all those protocols need to be redone. Until we start improving those protocols, we'll continue to see problems."
Your link here? Advertising on the Netcraft Blog