No, not the kind of monitoring you are already used to, but monitoring of security lists and sites for known exploits of software you already own. For example, if your security maintenance includes installing patches on the 2nd Tuesday of each month, you’ve now missed at least two critical patches for your infrastructure. The last of which is currently being exploited on Windows 2000 by the in-the-wild Zatob.a worm:
Several AV vendors have begun reporting a new worm which targets the Windows Plug and Play vulnerability addressed by Microsoft Security Bulletin MS05-039. The worm, labeled Zotob.A (F-Secure) and W32.Zotob.A (Symantec), scans for systems listening on TCP port 445 and then attempts to exploit the Windows Plug and Play vulnerability. According to an F-Secure Weblog posting, once the victim is found, the exploit code downloads the main virus file via ftp from the scanning machine, sets up ftp server on the infected machine and starts scanning for more targets. The worm also attempts to connect IRC channel at predefined address. Those of our customers who have not finished applying the latest Microsoft patches are strongly encouraged to do so immediately.
It’s not just the Microsoft bag either. Symantec Veritas BackupExec is also vulnerable, so upgrade that as well. While you’re there, sign up for a newsletter or better yet, RSS feed of security patches and look at it daily. The security situation is grim, I understand. Can you afford to sit on your hands though? Definately not. Get very intimate with your firewall and learn how to proactively lock-out even critical network services in case of a 0-day-exploit. Subscribe to vendors security alerts list.
For the less coherent, more grammatically correct realtime insight, follow me on Twitter at