|
|
         |
 |
         |
|
|
|
On March 8, 2001, the Federal Bureau of Investigation released information about a series of economic extortion attacks that had already hit more than 40 e-banking and e-commerce sites running Windows NT. More than 1,000,000 credit cards have been stolen and the primary crime is extortion in which the criminals demand money to keep sites safe from "other hackers" and to keep the site's credit card information confidential. A more complete description of the attacks is posted at the SANS Institute site (www.sans.org). In its announcement, the FBI reported that the attackers were using specific well-known Windows NT vulnerabilities and often, after a successful attack, they left specific files on the victim's computers.
SANS and the Center for Internet Security asked Steve Gibson of Gibson Research (www.grc.com) to create a program that would determine instantly whether a Windows NT system is vulnerable to the attack and whether it has the files that indicate it has already been compromised. The program he created is called PatchWork. PatchWork checks for the vulnerabilities listed by the FBI, and if any are found, points you directly to the Microsoft patches. Then PatchWork allows you to verify that they were installed correctly. PatchWork has gone through an extensive series of tests on an enormous number of systems, but software often needs to be updated. PatchWork is available for download from this site. In addition you may use the form on this page to receive notifications of updates to PatchWork. Download the Latest Version of the PatchWork Tool (Version 1.1) How to Verify PatchWork's Digital Signature |
|
|
 |
|
|
|
 |