FW: NIPC Daily Report

From: George Heuston (georgeh@private)
Date: Mon Jun 25 2001 - 09:10:34 PDT

  • Next message: Jeffrey_Korte/HR/FCNB/Spgla@private: "ALERT - Fraud Nigerian E-mail Scam"

     
    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Monday, June 25, 2001 8:21 AM
    To: daily
    Subject: NIPC Daily Report
    Importance: High
    
    
    
    Significant Changes and Assessment  - The NIPC and FedCIRC jointly issued
    Advisory 01-014, "New Scanning Activity (with W32-Leaves.worm) Exploiting
    SubSeven Victims."  New information has been received on attempts to locate,
    obtain control of and plant new malicious code known as "W32-Leaves.worm" on
    computers previously infected with the SubSeven Trojan.  This new activity,
    currently under investigation, further increases the importance that all
    users of Microsoft operating systems take precautions against infection by
    SubSeven Trojan variants, and, if infected, promptly implement the known
    procedures to remove the SubSeven infection.  The NIPC Advisory can be
    viewed at www.nipc.gov/warnings/advisories/2001/01-014.htm.  Additional
    information about SubSeven can be found in NIPC Advisory 00-056 at
    www.nipc.gov/warnings/advisories/2000/00-056.htm. 
      
    Private Sector - eBay's Web site was inaccessible for many customers on 22
    June, with some unable to bid on or list items, or even to view its home
    page.  The problem started around 4:30 a.m. (PDT), after eBay's regular
    weekly site maintenance, said company spokesman Chris Donlay.  The "Internet
    router problem," which the site corrected by around 8:30 a.m., affected only
    a small percentage of eBay users.  "It was intermittent, so many people
    experienced nothing," Donlay said.  He also said he did not know the cause
    of the router problem, but it was within eBay's system.  (Source:  ZDNet, 22
    June) 
    
    
    A security loophole has been discovered in Norton Anti-Virus (NAV) which
    could allow the creation of a virus to shut down the software on a user's
    machine.  By editing a certain registry key, users can disable the on-demand
    scanner included in Symantec Corp.'s NAV 2001 product.  By using either a
    virus or a remote administrator tool, a cracker could take out a Symantec
    user's anti virus protection, which could be restored only by reinstalling
    the software or editing the registry entry.  Symantec said the issue has
    been handled out of its U.S. office.   Symantec has also announced that it
    will change the way Norton AntiVirus uses a PC system's registry starting
    with NAV 2002.  (Source: The Register, 25 June) 
      
    International - On 22 June, the blueprint for a global code on cybercrime
    was agreed on in France, paving the way for international rules governing
    online copyright infringement, fraud, child pornography and hacking.  The 41
    members of the Council of Europe (CoE), the U.S., Canada and Japan, signed
    on to a draft convention on cybercrime that is set to be rubber-stamped at
    ministerial level in September.  "Once adopted, the Convention will be the
    first international treaty on criminal offenses committed through the use of
    Internet and other computer networks," the CoE said in a statement.  Its
    main objective is to pursue "a common criminal policy aimed at the
    protection of society against cybercrime, by adopting appropriate
    legislation and fostering international cooperation."  (Source:
    International Data Group Inc, 23 June) 
    
    
    In Russia, the administration to combat crimes in the Hi-Tech Sphere ("R"
    Administration), which was feared by all hackers, computer pirates, and
    owners of illegal telephone call booths, was closed down this week on order
    from Minister Boris Gryzlov.  The order changing the ministry's structure
    was in compliance with the Russian president's edict.  In addition to the
    Russian Federation MVD Committee for Federal Criminal Police, of which the
    "R" Administration is part, six other administrations were also closed down.
    An Administration for Special Technical Measures will be created in place of
    the late "R" Administration.  This structure was engaged in tapping and
    other categories of support for the work of operational subdivisions.  It
    has never had any experience of work in the sphere of computer crime.
    (Source:  Moscow Moskovskiy Komsomolets, 24 June) 
    
    
    Defacements - According to the Web defacement mirror site attrition.org, the
    following thirteen U.S. sites (.us) were defaced by a variety of groups and
    individuals between 18-22 June: 
    
    
    * abRhode Island, Department of Administration, Division of Purchases Web
    site (www.purchasing.state.ri.us/), defaced by "Data Cha0s" 
    * abCity of Clayton, State of Missouri (www.ci.clayton.mo.us/), defaced by
    "Crime Lordz" 
    * abMt Desert Elementary School, Northeast Harbor, Maine
    (www.mdes.u98.k12.me.us/), defaced by "Data Cha0s" 
    * abMarkesan High School's Hornet Network, State of Wisconsin
    (www.markesan.k12.wi.us/), defaced by "tty0" 
    * abGillett School District, State of Wisconsin (www.gillett.k12.wi.us/),
    defaced by "tty0" 
    * abWisconsin Department of Commerce (www.commerce.state.wi.us/), defaced by
    "WoH" 
    * abState of Utah Web site (www.livepublish.le.state.ut.us), defaced by
    "Hi-Tech Hate" 
    * abSan Joaquin County, Office of Education, Stockton CA
    (www.sjcoe.k12.ca.us/), defaced by "C0BR4S" 
    * abTri-County Board of Recovery & Mental Health Services, State of Ohio
    (www.mdsadamhs.mh.state.oh.us/), defaced by "Hi-Tech Hate" 
    * abOklahoma Department of Veterans Affairs (www.odva.state.ok.us/), defaced
    by "Hi-Tech Hate" 
    * abState of Oregon Web site (www.enterprise.k12.or.us/), defaced by "WoH" 
    * abState of Ohio Web site (nt.soita.esu.k12.oh.us/), defaced by "Hi-Tech
    Hate" 
    * abState of Ohio Web site (swissohio.k12.oh.us/), defaced by "Hi-Tech Hate"
    
    
    
    Government - NTR 
    Military - NTR 
      
    U.S. SECTOR INFORMATION: 
    
    
    Banking and Finance - NTR 
    Emergency Services - NTR 
    Government Services - NTR 
    Water Supply - NTR 
    Gas and Oil Storage Distribution - NTR 
    Electrical Power - NTR 
    Transportation - NTR 
    Telecommunications - NTR   
    
    NOTE:  Please understand that this is for informational purposes only and
    does not constitute any verification of the information contained in the
    report nor does this constitute endorsement by the NIPC or the FBI.  
      
      
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:45 PDT