http://www.washingtonpost.com/wp-dyn/articles/A58255-2004Jan28.html By Jonathan Krim and Mike Musgrove Washington Post Staff Writers January 29, 2004 The federal government yesterday announced a new, centralized system to alert the country to threats to computer systems, as a virulent worm continued to play havoc with e-mail around the world. The alert system, announced by the cybersecurity division of the Department of Homeland Security, will be a clearinghouse of information on hacking, viruses, worms and cyberterrorism. It will also be a place for consumers to learn about their systems' vulnerabilities and how to fight computer crime. "We are focused on making the threats and recommended actions easier for all computer users to understand, prioritize and act upon," said Amit Yoran, the director of the cybersecurity division. The system was planned well before the latest computer worm began infecting machines on Monday. Computer security firm Network Associates Inc. said that while the number of new occurrences of the worm, known as MyDoom, has leveled off, there is still a tide of MyDoom-bearing e-mails circulating around the Internet. The worm disguises itself as e-mail that was not delivered properly, enticing recipients to open attachments that launch the malicious code. One of Network Associates' major corporate clients was blocking infected e-mails at a rate of 160,000 an hour yesterday, said Craig Schmugar, a virus research manager at the company. In addition to bogging down e-mail networks, the worm is scheduled to use infected computers to launch Web-based attacks on SCO Group Inc., a Utah company that claims to own the rights to some of the software code used in versions of the freely available operating system Linux. Those attacks are scheduled to begin Sunday. A variant of the worm that appeared yesterday is scheduled to launch similar attacks against Microsoft Corp.'s Web site. Microsoft and SCO have licensed some of each other's technologies. The variant also prevents infected computers from viewing the Web sites of many major anti-virus companies. Like the original, yesterday's variant is programmed to avoid targeting e-mail addresses used by the government, military, the search site Google and some Web domain names associated with open-source software community. "When the bomb goes off on [Sunday], that's when we're expecting to see some major issues," said Lloyd Taylor, vice president of technology and operations at Keynote Systems Inc., a Web performance monitoring firm. The new federal alert system is intended to make the government the trusted source of computer-security information, which currently is disseminated by various corporate, research, government and quasi-public organizations. Cyber-threats to national infrastructure, for example, were the responsibility of the old National Infrastructure Protection Center, which was under the FBI until the Homeland Security Department was formed. Several companies and research institutions have Web sites with information on virus, worm and other threats, with many of them selling programming solutions to network operators to fend off particular attacks. Many firms sell consumers various products to protect their home systems while providing security information. Some security experts questioned whether the alerts are the best first use of the newly formed cybersecurity division. "Is the lack of information sharing the biggest problem?" said Mark D. Rasch, vice president Solutionary Inc., a cybersecurity firm. "No." But Yoran said it is important that such information come from a neutral source. "The vendor community is focused on sales as well as on protecting their clients," said Yoran, who recently took over the division after working at Symantec Corp., which sells Norton anti-virus and other security products. "Coming from the U.S. government, the focus is solely on the public interest." John Pescatore, a computer-security analyst for the research and consulting firm Gartner Inc., said it is especially important for consumers to have a place to go whose intent is not to sell products. Unlike the wealth of information that is available for companies, "there's not a lot that is unfiltered for consumers," he said. Computer users will be able to go to the division's Web site (www.us-cert.gov) for information and to sign up for regular newsletters and bulletins. Alan Paller, head of the SANS Institute in Bethesda, a computer-security research facility, said he sees value in the government being the authority on identifying and tracking cyber-threats. The model should be the National Weather Service, which collects primary weather data, Paller said. "Everyone else is an interpreter." With cybersecurity information, Paller said, "everyone is a collector. That model is wrong." Because the government also has resources at the Defense Department and coordinates with industry groups that share data, Paller said, "they have access to data a little earlier. If they will tell people earlier, that will make a difference." But Sen. Charles E. Schumer (D-N.Y.) said the effort was insufficient and potentially flawed. "What DHS did . . . was essentially challenge computer hackers all over the world to put a virus into an e-mail that mimics the DHS e-mail warnings," Schumer said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 29 2004 - 05:08:47 PST