-----BEGIN PGP SIGNED MESSAGE-----

======================================================================
                                                   JPCERT-PR-2006-0005
                                                             JPCERT/CC

JPCERT/CC $B3hF035MW(B [ 2006$BG/(B7$B7n(B1$BF|(B $B!A(B 2006$BG/(B9$B7n(B30$BF|(B ]

$BH/9TF|(B: 2006-10-17
======================================================================

$B!x(B1. $B%$%s%7%G%s%HJs9p(B

       http://www.jpcert.or.jp/ir/

  $B>pJs%7%9%F%`$K$*$1$k%$%s%7%G%s%H$H$O!"@5Ev$J8"8B$r$b$?$J$$?M$,%3%s(B
$B%T%e!<%?$rIT@5$KMxMQ$9$k$h$&$J%3%s%T%e!<%?$N%;%-%e%j%F%#$K4X$o$k;v7o!"(B
$B=PMh;v$NA4HL$r;X$7$^$9!#$3$N$h$&$J%$%s%7%G%s%H$,H/@8$7$?>l9g!"$=$NHo32(B
$B$N3HBg$r:G>.8B$K$9$k$?$a$N9TF0$r!"2f!9$O%$%s%7%G%s%HBP1~(B ($B%l%9%]%s%9(B) 
$B$H8F$s$G$$$^$9!#(B

  JPCERT/CC $B$G$O!"9-$/3'MM$K%$%s%7%G%s%H$K4X$9$k>pJsDs6!$N$46(NO$r$*4j(B
$B$$$7$F!"%$%s%7%G%s%HBP1~$N%5!<%S%9$r9T$C$F$*$j$^$9!#(B

  JPCERT/CC $B$,(B 2006$BG/(B7$B7n(B1$BF|$+$i(B2006$BG/(B9$B7n(B30$BF|$^$G$N4V$K<uNN$7$?%3%s%T%e!<(B
$B%?%;%-%e%j%F%#%$%s%7%G%s%H$K4X$9$kJs9p$N7o?t$O(B 670$B7o$G$7$?!#(B

  $BCm(B: $B$3$3$K$"$2$??t;z$O!"(BJPCERT/CC $B$,<u$1IU$1$?Js9p(B ($B%a!<%k!"(BFAX) $B$N(B
      $B7o?t$G$9!#=>$C$F!"<B:]$N%"%?%C%/$NH/@87o?t$d!"Ho327o?t$rN`?d$G$-(B
      $B$k$h$&$J?tCM$G$O$"$j$^$;$s!#$^$?N`7?$4$H$N<B:]$NH/@8HfN($r<($9$b(B
      $B$N$G$b$"$j$^$;$s!#0lDj0J>e$N4|4V$KEO$k%"%/%;%9$NMWLs%l%]!<%H$b4^(B
      $B$^$l$k$?$a!"%"%/%;%9$N2s?t$HJs9p7o?t$b0lHL$KBP1~$7$^$;$s!#$^$?!"(B
      $BJs9p85$K$O!"9qFb30$N%5%$%H$,4^$^$l$^$9!#(B


I. $B%$%s%7%G%s%HJs9p$NAw?.85$K$h$kJ,N`(B

  JPCERT/CC $B$,<uNN$7$?%$%s%7%G%s%HJs9p$NAw?.85$r%H%C%W%l%Y%k%I%a%$%s$G(B
$BJ,N`$7$?$b$N$N$&$A!"7o?t$NB?$$$b$N$O0J2<$NDL$j$G$9!#(B

       .com   330 $B7o(B
       .jp    269 $B7o(B
       .br     30 $B7o(B
       .kr     13 $B7o(B
       .edu     9 $B7o(B
       .de      4 $B7o(B


II. $B%$%s%7%G%s%HJs9p$h$jGI@8$7$?DLCNO"Mm(B

  JPCERT/CC $B$+$i9qFb30$N4XO"$9$k%5%$%H$KDLCNO"Mm$7$?7o?t$O(B 252$B7o$G$9!#(B
$B$3$NDLCNO"Mm?t$O!"%"%/%;%985$J$I$X$NO"MmCg2p0MMj$r4^$`%$%s%7%G%s%HJs9p(B
$B$K4p$E$$$F9T$o$l$?$b$N$G$9!#(B


III. $B%$%s%7%G%s%HJs9p$N%?%$%WJLJ,N`(B

(1) $B%W%m!<%V!"%9%-%c%s!"$=$NB>IT?3$J%"%/%;%9(B (scan)

  JPCERT/CC $B$G$O!"KI8f$K@.8y$7$?%"%?%C%/$d!"%3%s%T%e!<%?(B/$B%5!<%S%9(B/$B<eE@(B
$B$NC5::$r0U?^$7$?%"%/%;%9!"$=$NB>$NIT?3$J%"%/%;%9Ey!"%7%9%F%`$N%"%/%;%9(B
$B8"$K$*$$$F1F6A$,@8$8$J$$!"$^$?$O!"L5;k$G$-$k%"%/%;%9$K$D$$$F(B 219$B7o$NJs(B
$B9p$r<uNN$7$F$$$^$9!#(B

  $B$3$N$h$&$JC5::$O!"<+F02=%D!<%k$rMQ$$$F9-HO0O$KEO$kG$0U$N%[%9%H$KBP$7(B
$B$F9T$J$o$l$F$$$^$9!#%;%-%e%j%F%#>e$N<eE@$rJ|CV$7$F$$$k$H!"<eE@$NB8:_$r(B
$B8!=P$5$l!"%[%9%H$X$N?/F~Ey$5$^$6$^$J%"%?%C%/$r<u$1$k2DG=@-$,$"$j$^$9!#(B
$B;29MJ88%(B [1] [2] [3] [4] [5] [6] $B$r$4;2>H$/$@$5$$!#(B

        22  (ssh)                       41$B7o(B (*1)
       135  (epmap)                     25$B7o(B (*1)
       445  (microsoft-ds)              22$B7o(B (*1)
       139  (netbios-ssn)               13$B7o(B (*1)
      9898  (monkeycom)                  5$B7o(B (*1)
        80  (http)                       5$B7o(B (*1)
      5554  (sgi-esphttp)                5$B7o(B (*1)
      1023                               5$B7o(B (*1)
      1433  (ms-sql-s)                   4$B7o(B (*1)

       $BAm9gE*$J%W%m!<%V!"%9%-%c%s(B       97$B7o(B (*2)


   (*1) $B%o!<%`$K$h$k46@w$N;n$_$d%o!<%`$J$I$K$h$C$F@_CV$5$l$?%P%C%/%I%"(B
        $B$+$i$N?/F~$N;n$_$H;W$o$l$k%"%/%;%9$,Js9p$5$l$F$$$^$9!#;29MJ88%(B
        [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19]
        [20] [21] [22] [23] [24] [25] [26] [27] [28] $B$r$4;2>H$/$@$5$$!#(B
        $B$^$?!"0J2<$N(B URL $B$b$4;2>H$/$@$5$$!#(B

        TCP 1025$BHV%]!<%H$X$N%9%-%c%s$NA}2C$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050012.txt

        Microsoft $B@=IJ$N@H<e@-$r;H$C$FEAGE$9$k%o!<%`$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050008.txt

        Microsoft $B@=IJ$K4^$^$l$k@H<e@-$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050007.txt

        TCP 1433$BHV%]!<%H$X$N%9%-%c%s$NA}2C$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050006.txt

        VERITAS Backup Exec $B$K4^$^$l$k@H<e@-$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050004.txt

        OpenSSH $B$N@H<e@-$r;H$C$?%7%9%F%`$X$N?/F~$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050003.txt

        phpBB $B$N@H<e@-$r;H$C$FEAGE$9$k%o!<%`$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2004/at040011.txt

        Windows LSASS $B$N@H<e@-$r;H$C$FEAGE$9$k%o!<%`(B W32/Sasser
        http://www.jpcert.or.jp/at/2004/at040006.txt

        Status Tracking Note TRJVN-2004-02
        W32/Sasser $B%o!<%`(B
        http://jvn.jp/tr/TRJVN-2004-02/

        JP Vendor Status Note JVNCA-2004-02
        $BBgNL$KEE;R%a!<%k$rG[?.$9$k%o!<%`(B
        http://jvn.jp/cert/JVNCA-2004-02/

        Netsky.Q $B$N%5!<%S%91?MQK832967b$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2004/at040002.txt

        Microsoft ASN.1 Library $B$N@H<e@-$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2004/at040001.txt

        TCP 139$BHV%]!<%H$X$N%9%-%c%s$NA}2C$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2003/at030007.txt

        Microsoft IIS 5.0 $B$N@H<e@-$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2003/at030003.txt

        TCP 135$BHV%]!<%H$X$N%9%-%c%s$NA}2C$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2003/at030005.txt

        Windows RPC $B$N@H<e@-$r;HMQ$9$k%o!<%`$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2003/at030006.txt

        OpenSSL $B$N@H<e@-$r;H$C$FEAGE$9$k(B Apache/mod_ssl $B%o!<%`(B
        http://www.jpcert.or.jp/at/2002/at020006.txt

        TCP 1433$BHV%]!<%H$X$N%9%-%c%s$NA}2C$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2002/at020002.txt

        Microsoft IIS $B$N@H<e@-$r;H$C$FEAGE$9$k%o!<%`(B
        http://www.jpcert.or.jp/at/2001/at010018.txt

        Microsoft IIS $B$N@H<e@-$r;H$C$FEAGE$9$k%o!<%`(B "Code Red II"
        http://www.jpcert.or.jp/at/2001/at010020.txt

        80$BHV%]!<%H(B (HTTP) $B$X$N%9%-%c%s$NA}2C$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2001/at010023.txt

   (*2) $BAm9gE*$J%W%m!<%V%9%-%c%s$H$O!"F10lH/?.85$+$i$NJ#?t%]!<%H$KBP$9(B
        $B$k%9%-%c%s$J$I!"$$$/$D$+$N%W%m!<%V%9%-%c%s>pJs$r$^$H$a$F$4Js9p(B
        $B$$$?$@$$$?$b$N$G$9!#(B


(2) $BAw?.%X%C%@$r:>>N$7$?EE;R%a!<%k$NG[Aw(B (forged)

  JPCERT/CC $B$G$O!":9=P?M%"%I%l%9$J$I$NAw?.%X%C%@$r:>>N$7$?EE;R%a!<%k$N(B
$BG[Aw$K$D$$$F(B 3$B7o$NJs9p$r<uNN$7$F$$$^$9!#(B

  $BEE;R%a!<%k$NAw?.%X%C%@$r:>>N$7$F!"%a!<%k$NCf7Q$K$O4XM?$7$F$$$J$$Bh;0(B
$B$N%5%$%H$X$N%a!<%kG[Aw$,9T$J$o$l$F$$$^$9!#$3$N7k2L!"B?NL$N%(%i!<%a!<%k(B
$B$,:n@.$5$l!"7W;;5!;q8;$d%M%C%H%o!<%/BS0h$,>CHq$5$l$k2DG=@-$,$"$j$^$9!#(B

  $B$^$?!":9=P?M%"%I%l%9$r:>>N$5$l$?>l9g!"$3$l$i$N%a!<%k$NH/?.85$G$"$k$H(B
$B$$$&5?$$$r$b$?$l$k2DG=@-$,$"$j$^$9!#Aw?.%X%C%@$r:>>N$7$?EE;R%a!<%k$NG[(B
$BAw$K$D$$$F$O;29MJ88%(B [20] [22] [29] $B$r$4;2>H$/$@$5$$!#(B


(3) $B%7%9%F%`$X$N?/F~(B (intrusion)

  JPCERT/CC $B$G$O!"4IM}<T8"8B$NEpMQ$,G'$a$i$l$k>l9g$r4^$`%7%9%F%`$X$N?/(B
$BF~$K$D$$$F(B 1$B7o$NJs9p$r<uNN$7$F$$$^$9!#(B

  $B?/F~J}K!$H$7$F$O!"<!$N$h$&$J;vNc$,Js9p$5$l$F$$$^$9!#(B

    - $B@H<e$J%Q%9%o!<%I$rAmEv$j967b!"<-=q967b$G2rFI$5$l?/F~$5$l$?(B
      $B$J$I(B

  $B?/F~$r<u$1$?>l9g$NBP1~$K$D$$$F$O!"0J2<$N(B URL $B$G8x3+$7$F$$$kJ8=q!V%3(B
$B%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H$X$NBP1~!W$N(B V. $B$*$h$S(B VI. $B$r;2>H$7(B
$B$F$/$@$5$$!#(B

        $B%3%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H$X$NBP1~(B
        http://www.jpcert.or.jp/ed/2002/ed020002.txt

  $B:#2s<uNN$7$?Js9p$K$*$$$F!"?/F~8e$K9T$J$o$l$?A`:n$N$&$A!"<g$J$b$N$r0J(B
$B2<$K>R2p$7$^$9!#(B

    - $BEpD0%W%m%0%i%`$N%$%s%9%H!<%k(B ($B%-!<%m%,!<$N@_CV$J$I(B) (*3)

   (*3) $B0J2<$N(B URL $B$r$4;2>H$/$@$5$$!#(B

        $B%-!<%\!<%IF~NO$J$I$r5-O?$730It$KAw?.$9$k%W%m%0%i%`$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2004/at040008.txt


(4) $B%U%#%C%7%s%0(B (phishing)

  JPCERT/CC $B$G$O!"6d9T$J$I$N%5%$%H$G$"$k$H:>>N$7$F!"(BWeb $B$N%U%)!<%`$J$I(B
$B$+$iF~NO$5$l$?8}:BHV9f$d%-%c%C%7%e%+!<%I$N0E>ZHV9f$H$$$C$?=EMW>pJs$rEp(B
$B$_<h$k%U%#%C%7%s%0(B (Web $B56Au:>5=(B) $B$K$D$$$F(B 159$B7o$NJs9p$r<uNN$7$F$$$^$9!#(B

  $B%U%#%C%7%s%0$KMQ$$$k(B web $B%5%$%H$N9=C[$rL\E*$H$7$?9T0Y$K$O!"%7%9%F%`(B
$B$X?/F~$9$k!"%I%a%$%s$r>h$C<h$k$J$I$N9T0Y$,$"$j$^$9!#(B

        Web $B56Au:>5=(B (phishing) $B$NF'$_Bf%5!<%P$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050002.txt

        DNS $B%5!<%P$N@_Dj$H%I%a%$%sL>$NEPO?$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2005/at050005.txt

  $B%7%9%F%`$,(B Web $B56Au:>5=$KMQ$$$i$l$?>l9g$NBP1~$K$D$$$F$O!"0J2<$N(B URL 
$B$G8x3+$7$F$$$kJ8=q!V%3%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H$X$NBP1~!W$N(B
V. $B$*$h$S(B VI.$B$r;2>H$7$F$/$@$5$$!#(B

        $B%3%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H$X$NBP1~(B
        http://www.jpcert.or.jp/ed/2002/ed020002.txt

  $B$^$?!"(BWeb $B56Au:>5=$KBP$9$k(B Web $B%V%i%&%6$N@_Dj$K4X$7$F$O!";29MJ88%(B 
[30] $B$r$4;2>H$/$@$5$$!#(B


(5) $B$=$NB>(B (other)

  JPCERT/CC $B$G$O!">e5-(B (1) $B$+$i(B (4) $B$K4^$^$l$J$$%$%s%7%G%s%H(B ($B%5!<%S%9(B
$B1?MQK832(B "DoS"$B!"%3%s%T%e!<%?%&%$%k%9$d(B SPAM $B%a!<%k$N<u?.!"2M6u@A5a!"$=(B
$B$NB>$K4X$9$kLd$$9g$o$;$J$I(B) $B$K$D$$$F(B 331$B7o$NJs9p$r<uNN$7$F$$$^$9!#(B

        DNS $B$N:F5"E*$JLd9g$;$r;H$C$?(B DDoS $B967b$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2006/at060004.txt

  $B0J>e(B (1) $B$+$i(B (5) $B$r$^$H$a$?$b$N$,!"0J2<$NI=$G$9!#(B


             scan    forged   intrusion phishing  other     Total
   -----------------------------------------------------------------
     7$B7n(B       68       0         0        57      143       268
     8$B7n(B       86       3         1        47       99       236
     9$B7n(B       65       0         0        55       89       209
   -----------------------------------------------------------------
              219       3         1       159      331       713


       scan      : $B%W%m!<%V!"%9%-%c%s!"$=$NB>IT?3$J%"%/%;%9(B
       forged    : $BAw?.%X%C%@$r:>>N$7$?EE;R%a!<%k$NG[Aw(B
       intrusion : $B%7%9%F%`$X$N?/F~(B
       phishing  : $BG'>Z>pJsEy$NIT@5<hF@(B
       other     : $B$=$NB>(B

$B!x(B2. $B%$%s%?!<%M%C%HDjE@4QB,%7%9%F%`(B (ISDAS) $B1?MQ(B

       http://www.jpcert.or.jp/isdas/

  $B%$%s%?!<%M%C%H>e$K@_CV$7$?J#?t$N%;%s%5!<$+$iF@$i$l$k>pJs$r<}=8$9$k$H(B
$B$H$b$K!"@$$NCf$KN.I[$9$k@H<e@->pJs$J$I$H$"$o$;$FAm9gE*$KI>2A$r9T$$!"%$(B
$B%s%?!<%M%C%H>e$N>u67$rGD0.$9$k$?$a$N>pJs$rDs6!$9$k%5!<%S%9$r9T$J$C$F$$(B
$B$^$9!#(B


I. $B%]!<%H%9%-%c%s3567(B

  $B%$%s%?!<%M%C%HDjE@4QB,%7%9%F%`$N4QB,7k2L$O%9%-%c%s?d0\$rI=$9%0%i%U$H(B
$B$7$F(B JPCERT/CC $B$N(B Web $B%Z!<%8$rDL$8$F8x3+$7$F$$$^$9!#(B $B%"%/%;%9@h%]!<%H(B
$BJL%0%i%U$O%9%-%c%s%m%0$r%"%/%;%9@h%]!<%HJL$K=87W$7!"Am7W$r%;%s%5!<$NBf(B
$B?t$G3d$C$?J?6QCM$rMQ$$:n@.$7$F$$$^$9!#(B

        JPCERT/CC$B%$%s%?!<%M%C%HDjE@4QB,%7%9%F%`$N@bL@(B
        http://www.jpcert.or.jp/isdas/readme.html

  2006$BG/(B7$B7n(B1$BF|$+$i(B2006$BG/(B9$B7n(B30$BF|$^$G$N4V$K(B ISDAS $B$G4QB,$5$l$?%"%/%;%9@h(B
$B%]!<%H$K4X$9$kJ?6QCM$N>e0L(B1$B0L!A(B5$B0L!"(B6$B0L!A(B10$B0L$^$G$N?d0\$r0J2<$N%0%i%U(B
$B$K<($7$^$9!#(B

  - $B%"%/%;%9@h%]!<%HJL%0%i%U(B top1-5 (2006$BG/(B7$B7n(B1$BF|(B-9$B7n(B30$BF|(B)
        http://www.jpcert.or.jp/isdas/2006/2006q3top1-5_port.png
  - $B%"%/%;%9@h%]!<%HJL%0%i%U(B top6-10 (2006$BG/(B7$B7n(B1$BF|(B-9$B7n(B30$BF|(B)
        http://www.jpcert.or.jp/isdas/2006/2006q3top6-10_port.png

  $B$^$?!"$h$jD94|4V$N%9%-%c%s?d0\$rI=$9%0%i%U$H$7$F!"(B2005$BG/(B10$B7n(B1$BF|$+$i(B
2006$BG/(B9$B7n(B30$BF|$^$G$N4|4V$K$*$1$k!"%"%/%;%9@h%]!<%H$K4X$9$kJ?6QCM$N>e0L(B1 
$B0L!A(B5$B0L!"(B6$B0L!A(B10$B0L$^$G$N?d0\$r0J2<$N%0%i%U$K<($7$^$9!#(B

  - $B%"%/%;%9@h%]!<%HJL%0%i%U(B top1-5 (2005$BG/(B10$B7n(B1$BF|(B-2006$BG/(B9$B7n(B30$BF|(B)
        http://www.jpcert.or.jp/isdas/2006/2006q3top1-5_port_year.png
  - $B%"%/%;%9@h%]!<%HJL%0%i%U(B top6-10 (2005$BG/(B10$B7n(B1$BF|(B-2006$BG/(B9$B7n(B30$BF|(B)
        http://www.jpcert.or.jp/isdas/2006/2006q3top6-10_port_year.png


II. $B$*$b$J%$%s%7%G%s%H$K$*$1$k4QB,>u67(B

  ISDAS $B%7%9%F%`$K$*$$$F2<5-$K5-:\$9$k$h$&$J%9%-%c%s;vNc$r4QB,$7$^$7$?!#(B
(1) TCP 5900$BHV%]!<%H$X$N%9%-%c%sA}2C$r4QB,(B

  2006$BG/(B7$B7n(B29$BF|$K(B TCP 5900$BHV%]!<%H$X$N%9%-%c%sA}2C$r4QB,$7$^$7$?!#K\4Q(B
$BB,$K$D$$$F$OF1%]!<%H$r;HMQ$7$?%5!<%S%9$G$"$k(BRealVNC $B$N@H<e@-$rA@$C$?%9(B
$B%-%c%s$N2DG=@-$,9M$($i$l$^$9!#$^$?!"(B2006$BG/(B9$B7n(B20$BF|:"$h$j:FEYA}2C$r4QB,(B
$B$7$F$*$j!"0z$-B3$-Cm0U$,I,MW$G$9!#(B

  - $B%"%/%;%9@h%]!<%HJL%0%i%U(B TCP 5900$BHV%]!<%H(B (2006/7/25-2006/9/30)
        http://www.jpcert.or.jp/isdas/2006/2006q2_5900_tcp_port.png
  - RealVNC $B%5!<%P$NG'>Z$,2sHr$5$l$k@H<e@-$K4X$9$kCm0U4-5/(B
        http://www.jpcert.or.jp/at/2006/at060005.txt

(2) TCP 139$BHV%]!<%H$X$N%9%-%c%sA}2C$r4QB,(B

  2006$BG/(B8$B7n(B20$BF|$K(B TCP 139$BHV%]!<%H$X$N%9%-%c%sA}2C$r4QB,$7$^$7$?!#K\4Q(B
$BB,$K$D$$$F$O(B MS06-040 $B$N@H<e@-$rA@$C$?%9%-%c%s$N2DG=@-$,9M$($i$l$^$9!#(B

  - $B%"%/%;%9@h%]!<%HJL%0%i%U(B TCP 139$BHV%]!<%H(B (2006/8/10-2006/9/30)
        http://www.jpcert.or.jp/isdas/2006/2006q3_139_tcp_port.png
  - TCP 139$BHV%]!<%H$X$N%9%-%c%sA}2C$K4X$9$kCm0U4-5/(B
        http://mmm.jpcert.or.jp/at/2006/at060012.txt


III. $B$=$NB>(B

(1) eCSIRT.net IDS $B%M%C%H%o!<%/$X$N6(NO(B

  JPCERT/CC $B$G$O!"%h!<%m%C%Q$N(B CSIRT $B%3%_%e%K%F%#(B TF-CSIRT $B$G9T$J$o$l(B
$B$F$$$k(B IDS $B%M%C%H%o!<%/$X$N5;=Q6(NO$r$7$F$$$^$9!#>\:Y$K$D$-$^$7$F$O0J(B
$B2<$N;29MJ88%(B [31] [32] $B$r$4;2>H$/$@$5$$!#(B

$B!x(B3. $B@H<e@->pJsN.DL(B

       http://www.jpcert.or.jp/vh/

  JPCERT/CC $B$G$O!"@H<e@-4XO">pJs$rE,@Z$JHO0O$K3+<($7!"BP:v$NB%?J$r?^$k(B
$B$?$a$N3hF0$r9T$J$C$F$$$^$9!#9qFb$G$O!"7P:Q;:6H>J9p<(!V%=%U%H%&%'%"Ey@H(B
$B<e@-4XO">pJs<h074p=`!W$K$*$$$F!"@=IJ3+H/<T$H$N%3!<%G%#%M!<%7%g%s$r9T$J(B
$B$&D4@05!4X$H$7$F;XDj$5$l$F$$$^$9!#$^$?!"JF9q(B CERT/CC $B$d1Q9q(B NISCC $B$H$N(B
$B6(NO4X78$r7k$S!"9qFb$N$_$J$i$:@$3&E*$J5,LO$G@H<e@-4XO">pJs$NN.DLBP:v6H(B
$BL3$r?J$a$F$$$^$9!#(B

I. $B%3!<%G%#%M!<%7%g%s$r9T$$8x3+$7$?@H<e@->pJs$*$h$SBP1~>u67(B

  2006$BG/(B7$B7n(B1$BF|$+$i(B2006$BG/(B9$B7n(B30$BF|$^$G$N4V$K!"(BJPCERT/CC $B$,F|K\9qFb$N@=IJ(B
$B3+H/<T(B ($B%Y%s%@(B) $B$J$I$N4XO"AH?%$H$N%3!<%G%#%M!<%7%g%s$r9T$J$$!"8x3+$7$?(B
$B@H<e@->pJs$*$h$SBP1~>u67$O(B 49$B7o$G$9!#(B

  $B$3$N$&$A!"7P:Q;:6H>J9p<(!V%=%U%H%&%'%"Ey@H<e@-4XO">pJs<h074p=`!W$K=>$C(B
$B$F!"FHN)9T@/K!?M>pJs=hM}?d?J5!9=(B (IPA) $B$KJs9p$5$l!"8x3+$5$l$?@H<e@->p(B
$BJs$*$h$SBP1~>u67$O(B 28$B7o$G$9!#(B

JVN#98836916:	$BJ#?t$N(BWiki $B%/%m!<%s@=IJ$K$*$1$k%5!<%S%91?MQK832(B (DoS) $B$N@H<e@-(B
JVN#73705637:	ACollab $B$K$*$1$k(B SQL $B%$%s%8%'%/%7%g%s$N@H<e@-(B
JVN#44846612:	ATutor $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#83768862:	Ruby $B$K$*$$$F!"(Balias $B5!G=$NLdBj$G%;!<%U%l%Y%k(B 4 $B$,%5%s%I%\%C%/%9$H$7$F5!G=$7$J$$@H<e@-(B
JVN#13947696:	Ruby $B$K$*$$$F!"FCDj%a%=%C%I$NLdBj$G%;!<%U%l%Y%k(B 4 $B$,%5%s%I%\%C%/%9$H$7$F5!G=$7$J$$@H<e@-(B
JVN#76686161:	ServerView $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#73368472:	ServerView $B$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N@H<e@-(B
JVN#81108784:	Geeklog $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#92975133:	Loudblog $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#62307185:	QwikiWiki $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#27794427:	Dokeos $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#65677118:	Pixelpost $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#62171179:	$B6M$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N@H<e@-(B
JVN#02091617:	04WebServer $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#27428836:	04WebServer $B$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N@H<e@-(B
JVN#51301450:	NetCommons $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#39103264:	Owl $B$K$*$1$k(B SQL $B%$%s%8%'%/%7%g%s$N@H<e@-(B
JVN#01137722:	Owl $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#11048526:	mail f/w system $B$K$*$$$F%a!<%k$NIT@5Aw?.$,2DG=$J@H<e@-(B
JVN#31125599:	$B%5%$%\%&%:(B Office 6 $B$K$*$1$k>pJsO31L$N@H<e@-(B
JVN#90420168:	$BJ#?t$N%5%$%\%&%:@=IJ$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N@H<e@-(B
JVN#99776858:	Webmin $B$*$h$S(B Usermin $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$r4^$`J#?t$N@H<e@-(B
JVN#52201480:	Microsoft Windows $B$N%$%s%G%C%/%9%5!<%S%9$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#46630603:	MDPro $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#30144870:	SugarCRM $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#68295640:	Movable Type $B$N8!:w5!G=$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B

$B$J$*!"0J2<$N(B2$B7o$K4X$7$F$O!"@=IJ3+H/<T$K$h$j4{CN$N@H<e@-$HH=CG$5$l$?$,(B
$BBP:v>pJs$r<~CN$9$k$?$a8xI=$7$?$b$N$H$J$j$^$9!#(B

JVN#79484135:	Joomla! $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
JVN#82240092:	Drupal $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B

  $B$^$?!";D$j$N(B 21$B7o$O3$30(B CSIRT $B$H$N%Q!<%H%J!<%7%C%W$K4p$E$-!"(BJPCERT/CC 
$B$,F|K\9qFb$N%Y%s%@$N%3!<%G%#%M!<%7%g%s$r9T$$!"@H<e@->pJs$r8x3+$7$^$7$?!#(B

JVNVU#395412:	Apache httpd $B$N(B mod_rewrite $B%b%8%e!<%k$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
JVNVU#580124:	MIT Kerberos5 (krb5) $B$N(B krshd $B$*$h$S(B v4rcp $B$N8"8B>:3J$K4X$9$k@H<e@-(B
JVNVU#230208:	Intel Centrino $B%o%$%d%l%9%M%C%H%o!<%/%I%i%$%P$N%U%l!<%`=hM}$K@H<e@-(B
JVNVU#401660:	MIT Kerberos5 (krb5) $B$N(B ftpd $B$*$h$S(B ksu $B$N8"8B>:3J$K4X$9$k@H<e@-(B
JVNVU#574464:	Sony VAIO Media $B$N%a%G%#%"%5!<%P5!G=$K$*$1$k1s3V$+$i967b2DG=$J%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
JVNVU#553529:	Sony VAIO Media $B$N%a%G%#%"%5!<%P%3%s%]!<%M%s%H$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
JVNVU#687289:	Sony VAIO Media $B$N%a%G%#%"%5!<%P%3%s%]!<%M%s%H$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N@H<e@-(B
JVNVU#899968:	Sony VAIO Media $B$N%a%G%#%"%5!<%P5!G=$K$*$1$k%P%C%U%!%*!<%P%U%m!<$N@H<e@-(B
JVNVU#697761:	Sony SonicStage Mastering Studio $B$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
JVNVU#824500:	Intel 2100 PRO $B%o%$%d%l%9%M%C%H%o!<%/%I%i%$%P$K$*$1$k%a%b%jGKB;$N@H<e@-(B
JVNVU#697164:	BIND $B$K$*$$$FJ#?t$N:F5"Ld9g$;=hM};~$K(B INSIST $B%(%i!<$,H/@8$9$k@H<e@-(B
JVNVU#915404:	BIND $B$N=pL>%l%3!<%ILd9g$;$K$*$1$k%5!<%S%91?MQK832(B (DoS) $B$N@H<e@-(B
JVNVU#377369:	Microsoft DirectAnimation $B%Q%9(B ActiveX $B%3%s%H%m!<%k$K$*$1$kF~NOCML$%A%'%C%/$N@H<e@-(B
JVNVU#381508:	gzip $B$N(B make_table() $B$NG[Ns=hM}$K$*$1$k@H<e@-(B
JVNVU#773548:	gzip $B$N(B LZH $B$N<h07$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
JVNVU#596848:	gzip $B$N(B LZH $B$N<h07$$$K$*$$$FL58B%k!<%W$,0z$-5/$3$5$l$k@H<e@-(B
JVNVU#554780:	gzip $B$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
JVNVU#933712:	gzip $B$N(B huft_build() $B$K$*$1$k(B NULL $B%]%$%s%?;2>H$N@H<e@-(B
NISCC-729618:	X.509 $B>ZL@=q$N8!>Z$K$*$1$k%5!<%S%91?MQK832(B (DoS) $B$N@H<e@-(B
JVNVU#386964:	OpenSSL $B$N(B SSLv2 $B%/%i%$%"%s%H%3!<%I$K(B NULL $B%G!<%?$r%A%'%C%/$G$-$J$$@H<e@-(B
JVNVU#547300:	OpenSSL $B$N(B SSL_get_shared_ciphers() $B$K%P%C%U%!%*!<%P%U%m!<$N@H<e@-(B


II. $B3$30(B CSIRT $B$H$N@H<e@-4XO">pJsN.DL6(NOBN@)$N9=C[!"9q:]E*$J3hF0(B

  JPCERT/CC $B$G$O!"9q:]E*$JOHAH$_$K$*$1$k@H<e@-4XO">pJs$N1_3j$JN.DL$N$?(B
$B$a!"3$30$N(B CSIRT $B$H$N6(NO4X78$r9=C[!"6/2=$7$F$$$^$9!#6qBNE*$K$O!"Js9p(B
$B$5$l$?@H<e@-4XO">pJs$N6&M-!"%Y%s%@$X$NDLCN$N6&F1%*%Z%l!<%7%g%s!"8x3+F|(B
$B$ND4@0!"3F9q%Y%s%@>pJsEy8x3+>pJs$N6&M-$r9T$C$F$$$^$9!#$^$?!">pJsN.DL$r(B
$B8zN(2=$9$k$?$a$N6&DL%,%$%I%i%$%s$d%7%9%F%`9=C[!"%G!<%?8r49%U%)!<%^%C%H!"(B
$B%"%I%P%$%6%j$NI8=`%U%)!<%^%C%H$N:vDjEy$r6&F1$G?J$a$F$$$^$9!#(B

  $B<g$J4X785!4X$OJF9q(B CERT/CC$B!"1Q9q(B NISCC (UNIRAS) $B$G$9!#3F5!4X$N>\:Y$K(B
$B$D$$$F$O;29MJ88%(B [33] [34] $B$r$4;2>H$/$@$5$$!#$^$?0J2<$N(B URL $B$b$4;2>H$/(B
$B$@$5$$!#(B

        $B@H<e@-4XO">pJs%3!<%G%#%M!<%7%g%s35MW(B
        http://www.jpcert.or.jp/vh/


III. $BF|K\9qFb$N@H<e@->pJsN.DLBN@)$N@0Hw(B

  JPCERT/CC $B$G$O!"7P:Q;:6H>J9p<(!V%=%U%H%&%'%"Ey@H<e@-4XO">pJs<h074p=`!W(B
($B0J2<!"K\4p=`(B) $B$K=>$C$F!"F|K\9qFb$N@H<e@->pJsN.DLBN@)$r@0Hw$7$F$$$^$9!#(B
$BK\4p=`$K$D$$$F$O;29MJ88%(B [35] $B$r$4;2>H$/$@$5$$!#$^$?0J2<$N(B URL $B$b$4;2(B
$B>H$/$@$5$$!#$J$*!">pJs%;%-%e%j%F%#Aa4|7Y2|%Q!<%H%J!<%7%C%W%,%$%I%i%$%s(B
$B$K4X$7$F$O!"(B2006$BG/(B9$B7n(B1$BF|$K2~D{$7$F$$$^$9!#(B

        $B@H<e@-4XO">pJs%3!<%G%#%M!<%7%g%s35MW(B
        http://www.jpcert.or.jp/vh/

        $B!V>pJs%;%-%e%j%F%#Aa4|7Y2|%Q!<%H%J!<%7%C%W!W$N1?MQ$r3+;O(B
        http://www.jpcert.or.jp/press/2004/0708.txt

        $B>pJs%;%-%e%j%F%#Aa4|7Y2|%Q!<%H%J!<%7%C%W%,%$%I%i%$%s(B
        http://www.jpcert.or.jp/vh/partnership_guide.pdf

        $B>pJs%;%-%e%j%F%#Aa4|7Y2|%Q!<%H%J!<%7%C%W%,%$%I%i%$%s!J2~D{HG!K(B
        http://www.jpcert.or.jp/vh/partnership_guide2006.pdf

        JPCERT/CC $B@H<e@-4XO">pJs<h$j07$$%,%$%I%i%$%s(B
        http://www.jpcert.or.jp/vh/guideline.pdf

$B<g$J3hF0$O0J2<$NDL$j$G$9!#(B

(1) $B<uIU5!4X$G$"$kFHN)9T@/K!?M>pJs=hM}?d?J5!9=(B (IPA) $B$H$NO"7H(B

  $BK\4p=`$G$O!"<uIU5!4X$K(B IPA$B!"D4@05!4X$K(B JPCERT/CC $B$,;XDj$5$l$F$$$^$9!#(B
$B$3$N$3$H$+$i!"(BJPCERT/CC $B$O(B IPA $B$H6[L)$K>pJs8r49$r9T$C$F$$$^$9!#$^$?!"(B
$B@H<e@-8!>Z%D!<%k$K4X$7$F$b(B IPA $B$H$NO"7H$N$b$HJ,@O$r9T$C$F$$$^$9!#(BIPA 
$B$N>\:Y$K$D$$$F$O;29MJ88%(B [36] $B$r$4;2>H$/$@$5$$!#(B

  $BK\4p=`$K$*$1$k(B IPA $B$N3hF0$*$h$S;MH>4|Kh$NFO=P>u67$K$D$$$F$O!";29MJ8(B
$B8%(B [37] $B$r$4;2>H$/$@$5$$!#(B


(2) $BF|K\9qFb%Y%s%@$H$NO"7H(B

  $BK\4p=`$G$O!"(BJPCERT/CC $B$,@H<e@->pJs$rDs6!$9$k@h$H$7$F!"F|K\9qFb$N%Y%s(B
$B%@%j%9%H(B($B@=IJ3+H/<T%j%9%H(B)$B$r:n@.$7!"3F%Y%s%@$NO"Mm@h>pJs$r@0Hw$9$k$3$H(B
$B$,<($5$l$F$$$^$9!#(BJPCERT/CC $B$G$O!"O"Mm@h>pJs$N@0Hw$K:]$7!"%Y%s%@$N3'MM(B
$B$K@=IJ3+H/<T$H$7$F$NEPO?$r$*4j$$$7$F$$$^$9!#EPO?$N>\:Y$K$D$$$F$O!"0J2<(B
$B$N(B URL $B$r$4;2>H$/$@$5$$!#$J$*!"(B2006$BG/(B9$B7n(B30$BF|$N;~E@$G(B 140$B<R$N%Y%s%@$N3'(B
$BMM$K!"$4EPO?$r$$$?$@$$$F$$$^$9!#(B

        JPCERT $B%3!<%G%#%M!<%7%g%s%;%s%?!<@=IJ3+H/<T%j%9%HEPO?5,Ls(B
        http://www.jpcert.or.jp/vh/agreement.pdf


(3) JP Vendor Status Notes (JVN) $B$N1?MQ(B

  JPCERT/CC $B$O(B IPA $B$H6&F1$G!"(BJVN $B$r1?MQ$7$F$$$^$9!#(BJVN $B$O!"(BJPCERT/CC 
$B$,<h$j07$C$?@H<e@->pJs$K4X$7$FF|K\9qFb$N@=IJ3+H/<T$N@H<e@-$X$NBP1~>u67(B
$B$r8x3+$9$k%5%$%H$G$9!#$3$l$i$N@H<e@->pJs$K$O!"K\OHAH$_$K;22C$7$F$$$kF|(B
$BK\9qFb$N@=IJ3+H/<T$NBP1~>u67$b4^$^$l$F$$$^$9!#(BJVN $B$K$D$$$F$O0J2<$N(B URL 
$B$r$4;2>H$/$@$5$$!#(B

        JP Vendor Status Notes (JVN)
        http://jvn.jp/

  JVN $B$G$O>e5-!V(BI. $B%3!<%G%#%M!<%7%g%s$r9T$$8x3+$7$?@H<e@->pJs$*$h$SBP(B
$B:v>u67!W0J30$KEv3:4|4VCf$K(B 15$B7o$N@H<e@->pJs$r8x3+$7$^$7$?!#(B

JVNTA06-192A: Microsoft Windows, Office, IIS$B$KJ#?t$N@H<e@-(B
JVNVU#294036: Juniper JUNOS $B$K$*$$$F(B IPv6 $B%Q%1%C%H=hM}$K%a%b%j%j!<%/$N@H<e@-(B
JVNVU#936945: Microsoft PowerPoint $B$K1s3V$+$iG$0U$N%3!<%I$,<B9T2DG=$J@H<e@-(B
JVNTA06-200A: Oracle $B@=IJ$KJ#?t$N@H<e@-(B
JVNTA06-208A: Mozilla $B@=IJ$KJ#?t$N@H<e@-(B
JVNTA06-214A: Apple $B<R$N(B Mac $B8~$1%=%U%H%&%(%"$KJ#?t$N@H<e@-(B
JVNTA06-220A: Microsoft Windows, Office, Internet Explorer $B$K4X$9$k@H<e@-(B
JVNVU#650769: Microsoft Windows $B$N(B Server $B%5!<%S%9$K%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
NISCC-412866: HP OpenView Storage Data Protector $B$N@H<e@-(B
NISCC-172003: BIND 9 $B%=%U%H%&%(%"$KJ#?t$N%5!<%S%91?MQK832(B (DoS) $B$N@H<e@-(B
JVNTA06-255A: Microsoft Windows, Publisher $B$K4X$9$k@H<e@-(B
JVNVU#845620: $BJ#?t$N(B RSA $B<BAu$K$*$$$F=pL>$,@5$7$/8!>Z$5$l$J$$@H<e@-(B
JVNTA06-256A: Apple QuickTime $B$KJ#?t$N@H<e@-(B
JVNTA06-262A: Microsoft Internet Explorer $B$N(B VML $B=hM}$K%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
JVNTA06-270A: Microsoft Internet Explorer $B$N(B ActiveX $B%3%s%H%m!<%k(B WebViewFolderIcon $B$K@H<e@-(B

(4) $B@H<e@-4XO">pJs%O%s%I%j%s%0%o!<%/%7%g%C%W$N3+:E(B

  JPCERT/CC $B@=IJ3+H/<T%j%9%H$KEPO?$$$?$@$$$F$$$k9qFb%Y%s%@$NO"MmC4Ev<T(B
$B$K$*=8$^$j$$$?$@$-!"(B7$B7n(B24$BF|$K@H<e@-4XO">pJs%O%s%I%j%s%0%o!<%/%7%g%C%W(B
$B$r3+:E$7$^$7$?!#$3$3$G$O@H<e@-4XO">pJs%O%s%I%j%s%06HL3$d4XO"3hF0$N:G?7(B
$B>u67$r>R2p$9$k$H$H$b$K!"@=IJ3+H/<T$H$N0U8+8r49$r9T$J$$$^$7$?!#(B

(5) $B%=%U%H%&%'%"!&%7%s%]%8%&%`(B2006 $B$X$N;22C(B

$B!!%*!<%W%s%=!<%9%3%_%e%K%F%#$KBP$7$F!"F|K\9qFb$N@H<e@->pJsN.DLBN@)$KBP(B
$B$9$kM}2r$r?<$a$F$$$?$@$/$?$a$K!"(B7$B7n(B19$BF|!A(B22$BF|$K3+:E$5$l$?%=%U%H%&%'%"!&(B
$B%7%s%]%8%&%`(B2006$B$K;22C$7!"@H<e@-4XO">pJs%O%s%I%j%s%06HL3$d4XO"3hF0$N:G(B
$B?7>u67$N>R2p!"5Z$S%*!<%W%s%=!<%9%=%U%H%&%'%"$N@H<e@->pJs%O%s%I%j%s%0$K(B
$B$*$1$k2]Bj$K4X$9$k0U8+8r49$r9T$$$^$7$?!#(B


$B!x(B4. $B8x3+J8=q(B

  2006$BG/(B7$B7n(B1$BF|$+$i(B2006$BG/(B9$B7n(B30$BF|$^$G$N4V$K(B JPCERT/CC $B$,8x3+$7$?J8=q$O!"(B
$BCm0U4-5/(B 7$B7o!"(BJPCERT/CC $B%l%]!<%H(B 13$B7o!"5Z$SBh(B1$B;MH>4|$N3hF035MW$G$9!#>\(B
$B:Y$O0J2<$NDL$j$G$9!#(B

I. $BCm0U4-5/(B 7$B7o(B

  http://www.jpcert.or.jp/at/

2006-07-12  Microsoft $B@=IJ$K4^$^$l$k@H<e@-$K4X$9$kCm0U4-5/(B ($B8x3+(B)
2006-08-09  Microsoft $B@=IJ$K4^$^$l$k@H<e@-$K4X$9$kCm0U4-5/(B ($B8x3+(B)
2006-08-24  TCP 139$BHV%]!<%H$X$N%9%-%c%sA}2C$K4X$9$kCm0U4-5/(B ($B8x3+(B)
2006-08-24  $B2F4|5Y2KL@$1$NBP1~$K$D$$$F(B ($B8x3+(B)
2006-09-13  Microsoft $B@=IJ$K4^$^$l$k@H<e@-$K4X$9$kCm0U4-5/(B ($B8x3+(B)
2006-09-20  Microsoft Windows VML $B$N=hM}$KL$=$@5$N@H<e@-(B ($B8x3+(B)
2006-09-28  Microsoft PowerPoint $BL$=$@5$N@H<e@-$K4X$9$kCm0U4-5/(B ($B8x3+(B)


II. JPCERT/CC $B%l%]!<%H(B 13$B7o(B

  http://www.jpcert.or.jp/wr/

  JPCERT/CC $B%l%]!<%HFb$G07$C$?%;%-%e%j%F%#4XO">pJs$N9`L\?t$O9g7W$7$F(B 
90$B7o$G$9!#$=$N$&$A(B 13$B7o$O!V:#=5$N0l8}%a%b!W$N%3!<%J!<$G>R2p$7$?>pJs$G(B
$B$9!#(B


III.$B3hF035MW(B 1$B7o(B

2006-07-19  JPCERT/CC $B3hF035MW(B [ 2006$BG/(B4$B7n(B1$BF|(B $B!A(B 2006$BG/(B6$B7n(B30$BF|(B ]


$B!x(B5. $B$=$NB>$N3hF0(B

  2006$BG/(B7$B7n(B1$BF|$+$i(B2006$BG/(B9$B7n(B30$BF|$^$G$N4V$K(B JPCERT/CC $B$,<B;\$7$?!">e5-(B
$B!x(B1.$B!A(B4. $B0J30$N3hF0$O0J2<$NDL$j$G$9!#(B


I. APCERT $B;vL36I1?1D(B

  http://www.jpcert.or.jp/english/secretariat.html

  $B%"%8%"B@J?MNCO0h$N(B CSIRT $B$N=8$^$j$G$"$k!"(BAPCERT (Asia Pacific
Computer Emergency Response Team) $B$N;vL36I$rC4Ev$7$F$$$^$9!#>\:Y$O;29M(B
$BJ88%(B [38] $B$r$4;2>H$/$@$5$$!#(B

II. FIRST $B%l%W%j%+%5!<%P$N1?MQ(B

  FIRST (Forum of Incident Response and Security Teams) $B$N(B Web $B%5!<%P(B
www.first.org $B$N%l%W%j%+%5!<%P(B ($B%_%i!<%5!<%P(B) $B$r1?MQ$7!"(BFIRST $B$N3hF0$K(B
$B9W8%$7$F$$$^$9!#(BFIRST $B$N>\:Y$K$D$$$F$O;29MJ88%(B [39] $B$r$4;2>H$/$@$5$$!#(B


III. FIRST Steering Committee $B$X$N;22h(B

  FIRST Steering Committee $B$N%a%s%P!<$H$7$F!"(BJPCERT/CC $B$N?&0w$,A*=P$5(B
$B$l!"(BFIRST $B$N1?1D$K6(NO$7$F$$$^$9!#(BFIRST Steering Committee $B$K$D$$$F$O(B
$B;29MJ88%(B [40] $B$r$4;2>H$/$@$5$$!#(B


IV. $B$=$NB>9V1i$J$I(B

(1)Collaboration Meeting for CSIRTs with National Responsibility(2006$BG/(B7$B7n(B3$BF|(B)

   $B>\:Y$K$D$$$F$O;29MJ88%(B [41]$B$r$4;2>H$/$@$5$$!#(B

(2)$B%U%#%C%7%s%0BP:v?d?JO"Mm2q(B(2006$BG/(B7$B7n(B14$BF|(B)

   $B>\:Y$K$D$$$F$O;29MJ88%(B [42]$B$r$4;2>H$/$@$5$$!#(B

(3)$B@H<e@->pJs%O%s%I%j%s%0%o!<%/%7%g%C%W(B 2006 Summer(2006$BG/(B7$B7n(B24$BF|(B)

(4)$BCf1{Bg3X>pJs%;%-%e%j%F%#?M:`0i@.8x3+9V:B(B
$B!!(B $B>pJs%7%9%F%`$N%3%s%]!<%M%s%H$G8+$kAm9g%;%-%e%j%F%#(B(2006$BG/(B8$B7n(B21$BF|(B)

   $B>\:Y$K$D$$$F$O;29MJ88%(B [43]$B$r$4;2>H$/$@$5$$!#(B

(5)$BBh(B3$B2s(BNTT-CERT Security Workshop(2006$BG/(B9$B7n(B6$BF|(B)

   $B>\:Y$K$D$$$F$O;29MJ88%(B [44]$B$r$4;2>H$/$@$5$$!#(B

(6)September 2006 FIRST Technical Colloquium(2006$BG/(B9$B7n(B26$BF|(B)

   $B>\:Y$K$D$$$F$O;29MJ88%(B [45]$B$r$4;2>H$/$@$5$$!#(B

(7)$B<RCDK!?MF|K\%$%s%?!<%M%C%H%W%m%P%$%@!<6(2q%U%#%C%7%s%0JY6/2q(B(2006$BG/(B9$B7n(B28$BF|(B)

   $B>\:Y$K$D$$$F$O;29MJ88%(B [46]$B$r$4;2>H$/$@$5$$!#(B

(8)$BIY;NDLAm8&(B $BFCJL4k2h%3%s%U%!%l%s%9!VFbItE}@)$H#I#T!W(B(2006$BG/(B9$B7n(B28$BF|(B)

   $B>\:Y$K$D$$$F$O;29MJ88%(B [47]$B$r$4;2>H$/$@$5$$!#(B


=============================================================================


Appendix. $B;29MJ88%(B

[1] IN-98.02: New Tools Used For Widespread Scans

    http://www.cert.org/incident_notes/IN-98.02.html

[2] IN-98.04: Advanced Scanning

    http://www.cert.org/incident_notes/IN-98.04.html

[3] IN-98.05: Probes with Spoofed IP Addresses

    http://www.cert.org/incident_notes/IN-98-05.html

[4] IN-98.06: Automated Scanning and Exploitation

    http://www.cert.org/incident_notes/IN-98-06.html

[5] IN-99-01: "sscan" Scanning Tool

    http://www.cert.org/incident_notes/IN-99-01.html

[6] Packet Filtering for Firewall Systems

    http://www.cert.org/tech_tips/packet_filtering.html

[7] CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow in IIS Indexing Service DLL

    http://www.cert.org/advisories/CA-2001-19.html

[8] CA-2001-26 Nimda Worm

    http://www.cert.org/advisories/CA-2001-26.html

[9] IN-2002-04: Exploitation of Vulnerabilities in Microsoft SQL Server

    http://www.cert.org/incident_notes/IN-2002-04.html

[10] CA-2002-27 Apache/mod_ssl Worm

     http://www.cert.org/advisories/CA-2002-27.html

[11] AL-2002.12 W32/BUGBEAR@MM Virus

     http://www.auscert.org.au/render.html?it=2447

[12] AU-2002.008 Updated Information Regarding BugBear Virus

     http://www.auscert.org.au/render.html?it=2452

[13] IN-2002-06: W32/Lioten Malicious Code

     http://www.cert.org/incident_notes/IN-2002-06.html

[14] IN-2003-01: Malicious Code Propagation and Antivirus Software Updates

     http://www.cert.org/incident_notes/IN-2003-01.html

[15] CA-2003-04 MS-SQL Server Worm

     http://www.cert.org/advisories/CA-2003-04.html

[16] CA-2003-08 Increased Activity Targeting Windows Shares

     http://www.cert.org/advisories/CA-2003-08.html

[17] CA-2003-09 Buffer Overflow in Core Microsoft Windows DLL

     http://www.cert.org/advisories/CA-2003-09.html

[18] CA-2003-28 Buffer Overflow in Windows Workstation Service

     http://www.cert.org/advisories/CA-2003-28.html

[19] CERT/CC Current Activity W32/Welchia Worm

     http://www.cert.org/current/archive/2003/08/18/archive.html#welchia

[20] IN-2004-01: W32/Novarg.A Virus

     http://www.cert.org/incident_notes/IN-2004-01.html

[21] TA04-041A: Multiple Vulnerabilities in Microsoft ASN.1 Library

     http://www.us-cert.gov/cas/techalerts/TA04-041A.html

[22] TA04-028A: W32/MyDoom.B Virus

     http://www.us-cert.gov/cas/techalerts/TA04-028A.html

[23] Sasser $B%o!<%`$K$D$$$F$N$*CN$i$;(B

     http://www.microsoft.com/japan/security/incident/sasser.mspx

[24] Microsoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B (835732) (MS04-011)

     http://www.microsoft.com/japan/technet/security/bulletin/MS04-011.mspx

[25] US-CERT Current Activity: W32/Sasser

     http://www.us-cert.gov/current/archive/2004/06/24/archive.html#sasser

[26] US-CERT Vulnerability Note VU#909678

     http://www.kb.cert.org/vuls/id/909678

[27] US-CERT Current Activity: Santy Worm

     http://www.us-cert.gov/current/archive/2004/12/21/archive.html#Santy

[28] US-CERT Vulnerability Note VU#497400

    http://www.kb.cert.org/vuls/id/497400

[29] Email Bombing and Spamming

     http://www.cert.org/tech_tips/email_bombing_spamming.html

[30] Frequently Asked Questions About Malicious Web Scripts Redirected by Web Sites

     http://www.cert.org/tech_tips/malicious_code_FAQ.html

[31] TERENA - TF-CSIRT - Collaboration of Security Incident Response Teams

     http://www.terena.nl/tech/task-forces/tf-csirt/

[32] The European CSIRT Network

     http://www.ecsirt.net/

[33] CERT Coordination Center (CERT/CC)

     http://www.cert.org/

[34] National Infrastructure Security Co-ordination Centre (NISCC)

     http://www.niscc.gov.uk/

[35] $B@H<e@-4XO">pJs<h07BN@)$K$D$$$F(B

     http://www.meti.go.jp/policy/netsecurity/vulhandlingG.html

[36] $BFHN)9T@/K!?M>pJs=hM}?d?J5!9=(B

     http://www.ipa.go.jp/

[37] $B>pJs=hM}?d?J5!9=%;%-%e%j%F%#%;%s%?!<(B $B@H<e@-4XO">pJs$N<h07$$(B

     http://www.ipa.go.jp/security/vuln/

[38] Asia Pacific Computer Emergency Response Team (APCERT)
    
     http://www.apcert.org/

[39] Forum of Incident Response and Security Teams (FIRST)

     https://www.first.org/

[40] FIRST Steering Committee

     https://www.first.org/about/organization/sc.html

[41] Collaboration Meeting for CSIRTs with National Responsibility

     http://www.cert.org/csirts/national/conference2006.html

[42] $B%U%#%C%7%s%0BP:v?d?JO"Mm2q(B

     http://www.soumu.go.jp/s-news/2005/050119_4.html

[43] $BCf1{Bg3X>pJs%;%-%e%j%F%#?M:`0i@.8x3+9V:B(B
$B!!(B   $B>pJs%7%9%F%`$N%3%s%]!<%M%s%H$G8+$kAm9g%;%-%e%j%F%#(B

     http://www2.tamacc.chuo-u.ac.jp/kikoh/sec_ikusei/sec2006/sec2006.html

[44] NTT-CERT

     http://www.ntt-cert.org/

[45] September 2006 FIRST Technical Colloquium

     http://www.first.org/events/colloquia/sep2006/

[46] $B<RCDK!?MF|K\%$%s%?!<%M%C%H%W%m%P%$%@!<6(2q(B

     http://www.jaipa.or.jp/

[47] $BIY;NDLAm8&(B $BFCJL4k2h%3%s%U%!%l%s%9!VFbItE}@)$H#I#T!W(B

     http://jp.fujitsu.com/group/fri/events/conference/conference-12.html



=============================================================================


$B!c(BJPCERT/CC $B$+$i$N$*CN$i$;$H$*4j$$!d(B

  $BK\J8=q$G2r@b$7$?%3%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H$b4^$a!"%$%s%?!<(B
$B%M%C%H>e$G0z$-5/$3$5$l$k$5$^$6$^$J%3%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H(B
$B$K4X$9$k>pJs$,$"$j$^$7$?$i!"(Binfo@jpcert.or.jp $B$^$G$4Ds6!$/$@$5$$$^$9$h(B
$B$&$*4j$$$7$^$9!#Js9pMM<0$K4X$7$F$O0J2<$N(B URL $B$r$4Mw$/$@$5$$(B

    http://www.jpcert.or.jp/form/

$BJs9pMM<0$K$45-:\$N$&$(!"(B

    info@jpcert.or.jp

$B$^$G$*Aw$j$/$@$5$$!#(B

  JPCERT/CC $B$KD:$$$?Js9p$O!"Js9p<T$NN;2r$J$7$K!"$=$N$^$^B>AH?%Ey$K3+<((B
$B$9$k$3$H$O$"$j$^$;$s!#(BJPCERT/CC $B$NAH?%35MW$K$D$-$^$7$F$O!"(B

    http://www.jpcert.or.jp/

$B$r$4;2>H$/$@$5$$!#(B

  JPCERT/CC $B$G$O!"%3%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H$K4X$9$k>pJs$r?W(B
$BB.$K$4Ds6!$9$k$?$a$K!"%a!<%j%s%0%j%9%H$r3+@_$7$F$$$^$9!#EPO?$NJ}K!Ey!"(B
$B>\$7$/$O!"(B

    http://www.jpcert.or.jp/announce.html

$B$r$4;2>H$/$@$5$$!#(B

__________

$BCm(B: JPCERT/CC $B$N3hF0$O!"FCDj$N8D?M$dAH?%$NMx1W$rJ]>c$9$k$3$H$rL\E*$H$7(B
$B$?$b$N$G$O$"$j$^$;$s!#8DJL$NLdBj$K4X$9$k$*Ld$$9g$o$;Ey$KBP$7$FI,$:$*Ez(B
$B$($G$-$k$H$O8B$i$J$$$3$H$r$"$i$+$8$a$4N;>5$/$@$5$$!#$^$?!"K\7o$K4X$9$k(B
$B$b$N$b4^$a!"(BJPCERT/CC $B$X$N$*Ld$$9g$o$;Ey$,A}2C$9$k$3$H$,M=A[$5$l$k$?$a!"(B
$B$*Ez$($G$-$k>l9g$G$b$42sEz$,CY$l$k2DG=@-$,$"$k$3$H$r2?B4$4>5CN$*$-$/$@(B
$B$5$$!#(B

$BCm(B: $B$3$NJ8=q$O!"%3%s%T%e!<%?%;%-%e%j%F%#%$%s%7%G%s%H$K4X$9$k0lHLE*$J>p(B
$BJsDs6!$rL\E*$H$9$k$b$N$G$"$j!"FCDj$N8D?M$dAH?%$KBP$9$k!"8DJL$N%3%s%5%k(B
$B%F%#%s%0$rL\E*$H$7$?$b$N$G$O$"$j$^$;$s!#$^$?(B JPCERT/CC $B$O!"$3$NJ8=q$K(B
$B5-:\$5$l$?>pJs$NFbMF$,@53N$G$"$k$3$H$KEX$a$F$*$j$^$9$,!"@53N@-$r4^$a0l(B
$B@Z$NIJ<A$K$D$$$F$3$l$rJ]>Z$9$k$b$N$G$O$"$j$^$;$s!#$3$NJ8=q$K5-:\$5$l$?(B
$B>pJs$K4p$E$$$F!"5.J}$"$k$$$O5.AH?%$,$H$i$l$k9TF0(B / $B$"$k$$$O$H$i$l$J$+$C(B
$B$?9TF0$K$h$C$F0z$-5/$3$5$l$k7k2L$KBP$7$F!"(BJPCERT/CC $B$O2?$iJ]>c$rM?$($k(B
$B$b$N$G$O$"$j$^$;$s!#(B
__________

2006 (C) JPCERT/CC

  $B$3$NJ8=q$rE>:\$9$k:]$K$O!"A4J8$rE>:\$7$F$/$@$5$$!#$^$?!":G?7>pJs$K$D(B
$B$$$F$O(B JPCERT/CC $B$N(B Web $B%5%$%H(B

        http://www.jpcert.or.jp/

$B$r;2>H$7$F$/$@$5$$!#(B

  JPCERT/CC $B$N(B PGP $B8x3+80$O0J2<$N(B URL $B$+$iF~<j$G$-$^$9!#(B

        http://www.jpcert.or.jp/jpcert.asc
__________

$B2~D{MzNr(B

2006-10-17  $B=iHG(B (JPCERT-PR-2006-0005)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBRTRca4x1ay4slNTtAQHf2gP/btStQNseMo6e2BF/v0Ran+ZlcAakdvDY
3BZ+0UKpxVy4m9Jzl6lB13zAcSr4so4/i+UnqLbIJ5xguMVSD9WhOtMsVxXj/ksA
mPtDgPSyU3tJWP+XGjtnlazs0Dis8DPW9tJKh+UxZcgEhTZdCNq1oZKqq0CE/MCy
tD0VKQcdH7E=
=7Pi9
-----END PGP SIGNATURE-----