-----Original Message-----
From: NIPC Watch [mailto:nipc.watch@private]
Sent: Monday, June 25, 2001 8:21 AM
To: daily
Subject: NIPC Daily Report
Importance: High
Significant Changes and Assessment - The NIPC and FedCIRC jointly issued
Advisory 01-014, "New Scanning Activity (with W32-Leaves.worm) Exploiting
SubSeven Victims." New information has been received on attempts to locate,
obtain control of and plant new malicious code known as "W32-Leaves.worm" on
computers previously infected with the SubSeven Trojan. This new activity,
currently under investigation, further increases the importance that all
users of Microsoft operating systems take precautions against infection by
SubSeven Trojan variants, and, if infected, promptly implement the known
procedures to remove the SubSeven infection. The NIPC Advisory can be
viewed at www.nipc.gov/warnings/advisories/2001/01-014.htm. Additional
information about SubSeven can be found in NIPC Advisory 00-056 at
www.nipc.gov/warnings/advisories/2000/00-056.htm.
Private Sector - eBay's Web site was inaccessible for many customers on 22
June, with some unable to bid on or list items, or even to view its home
page. The problem started around 4:30 a.m. (PDT), after eBay's regular
weekly site maintenance, said company spokesman Chris Donlay. The "Internet
router problem," which the site corrected by around 8:30 a.m., affected only
a small percentage of eBay users. "It was intermittent, so many people
experienced nothing," Donlay said. He also said he did not know the cause
of the router problem, but it was within eBay's system. (Source: ZDNet, 22
June)
A security loophole has been discovered in Norton Anti-Virus (NAV) which
could allow the creation of a virus to shut down the software on a user's
machine. By editing a certain registry key, users can disable the on-demand
scanner included in Symantec Corp.'s NAV 2001 product. By using either a
virus or a remote administrator tool, a cracker could take out a Symantec
user's anti virus protection, which could be restored only by reinstalling
the software or editing the registry entry. Symantec said the issue has
been handled out of its U.S. office. Symantec has also announced that it
will change the way Norton AntiVirus uses a PC system's registry starting
with NAV 2002. (Source: The Register, 25 June)
International - On 22 June, the blueprint for a global code on cybercrime
was agreed on in France, paving the way for international rules governing
online copyright infringement, fraud, child pornography and hacking. The 41
members of the Council of Europe (CoE), the U.S., Canada and Japan, signed
on to a draft convention on cybercrime that is set to be rubber-stamped at
ministerial level in September. "Once adopted, the Convention will be the
first international treaty on criminal offenses committed through the use of
Internet and other computer networks," the CoE said in a statement. Its
main objective is to pursue "a common criminal policy aimed at the
protection of society against cybercrime, by adopting appropriate
legislation and fostering international cooperation." (Source:
International Data Group Inc, 23 June)
In Russia, the administration to combat crimes in the Hi-Tech Sphere ("R"
Administration), which was feared by all hackers, computer pirates, and
owners of illegal telephone call booths, was closed down this week on order
from Minister Boris Gryzlov. The order changing the ministry's structure
was in compliance with the Russian president's edict. In addition to the
Russian Federation MVD Committee for Federal Criminal Police, of which the
"R" Administration is part, six other administrations were also closed down.
An Administration for Special Technical Measures will be created in place of
the late "R" Administration. This structure was engaged in tapping and
other categories of support for the work of operational subdivisions. It
has never had any experience of work in the sphere of computer crime.
(Source: Moscow Moskovskiy Komsomolets, 24 June)
Defacements - According to the Web defacement mirror site attrition.org, the
following thirteen U.S. sites (.us) were defaced by a variety of groups and
individuals between 18-22 June:
* abRhode Island, Department of Administration, Division of Purchases Web
site (www.purchasing.state.ri.us/), defaced by "Data Cha0s"
* abCity of Clayton, State of Missouri (www.ci.clayton.mo.us/), defaced by
"Crime Lordz"
* abMt Desert Elementary School, Northeast Harbor, Maine
(www.mdes.u98.k12.me.us/), defaced by "Data Cha0s"
* abMarkesan High School's Hornet Network, State of Wisconsin
(www.markesan.k12.wi.us/), defaced by "tty0"
* abGillett School District, State of Wisconsin (www.gillett.k12.wi.us/),
defaced by "tty0"
* abWisconsin Department of Commerce (www.commerce.state.wi.us/), defaced by
"WoH"
* abState of Utah Web site (www.livepublish.le.state.ut.us), defaced by
"Hi-Tech Hate"
* abSan Joaquin County, Office of Education, Stockton CA
(www.sjcoe.k12.ca.us/), defaced by "C0BR4S"
* abTri-County Board of Recovery & Mental Health Services, State of Ohio
(www.mdsadamhs.mh.state.oh.us/), defaced by "Hi-Tech Hate"
* abOklahoma Department of Veterans Affairs (www.odva.state.ok.us/), defaced
by "Hi-Tech Hate"
* abState of Oregon Web site (www.enterprise.k12.or.us/), defaced by "WoH"
* abState of Ohio Web site (nt.soita.esu.k12.oh.us/), defaced by "Hi-Tech
Hate"
* abState of Ohio Web site (swissohio.k12.oh.us/), defaced by "Hi-Tech Hate"
Government - NTR
Military - NTR
U.S. SECTOR INFORMATION:
Banking and Finance - NTR
Emergency Services - NTR
Government Services - NTR
Water Supply - NTR
Gas and Oil Storage Distribution - NTR
Electrical Power - NTR
Transportation - NTR
Telecommunications - NTR
NOTE: Please understand that this is for informational purposes only and
does not constitute any verification of the information contained in the
report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:45 PDT