-----Original Message----- From: NIPC Watch To: daily Sent: 7/6/01 8:30 AM Subject: NIPC Watch Daily Report 6 July 2001 Significant Changes and Assessment - No Significant Changes. Private Sector - Dmitry Gryaznov, from McAfee AVERT Labs, says malicious code writers are increasingly targeting Usenet's myriad discussion groups. He says individual viruses, disguised as images or video files, are often posted more than 200 times a day. Gryaznov told PCWorld that contrary to common perceptions, Usenet continues to grow rapidly. He estimates the volume of newsgroup posts grew 20% in the first four months of this year. Virus writers tend to target the myriad of sex-themed discussion groups which attract thousands of visitors each day. Gryaznov points out that while e-mail distributed viruses are deleted from users' computers, rogue news group postings can remain archived on the web indefinitely. (Source: Ananova, 5 July) On 5 July, Microsoft Corp. released Security Advisory MS01-037 Authentication Error in SMTP Service Could Allow Mail Relaying. The SMTP service installs by default as part of Windows 2000 server and can be intentionally installation on Windows 2000 Professional. The SMTP service has a flaw in its authentication process that could allow an unauthorized user to successfully authenticate to the service using incorrect credentials. An attacker who exploits the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the him to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server. Complete details can be found at: http://www.microsoft.com/technet/security/bulletin/MS01-037.asp. (Source: Microsoft, 5 July) On 5 July , Microsoft said that one-third of MSN Messenger customers were continuing to experience sporadic access problems due to a hardware failure that has affected the MSN Messenger service, including access to "buddy lists." However, the service appeared to go down completely around 3 p.m. PDT, with no users able to log in. The problem appears to be widespread, with MSN Messenger users in the U.S., Korea, Singapore, and Chile reporting failed connections or missing buddy lists. Sarah Lefko, Microsoft's MSN product manager, said "the majority of MSN Messenger customers worldwide are unaffected." Lefko emphasized that those lists have not been lost and "when the issue is resolved, customers' personal buddy lists will be restored." (Source: ZDNet, 5 July) MSNBC reported that dozens of URLs have been posted in Internet chat rooms linking to small Web sites that hadn't patched their flawed shopping cart programs. The flaw is widespread that some of the URLs containing customer information are being picked up by search engines - meaning finding stolen cards is almost as easy as conducting a search on Yahoo or Google. For example, on 2 July, armed with simple instructions provided on a Web site, MSNBC.com was able to find eight sites revealing information. Finding the sites is easy - it involves using a particular search term on a search site like Google or Yahoo, followed by one additional cut-and paste operation. While most sites uncovered using this search method had installed the patch, about one in 15 had not. (Source: MSNBC, 5 July) A controversial piece of software called DIRT (Data Interception by Remote Transmission) offers government operatives a powerful tool to break into home computers through the Internet and read everything, said Spy News web site on 4 July. DIRT costs anywhere from a few thousand dollars to over $200,000. The software is said to be powerful enough to penetrate many common security tools, including firewalls. So far, no anti-virus program on the market can detect it. DIRT is currently sold only to police, military and intelligence agencies. (Source: Jane's Intelligence, 5 July) (NIPC Comment: Reporting on this surveillance tool by Jane's does not necessarily indicate that this is a new technology, but rather indicates that Spy News has elected to again draw attention to the marketing claims of DIRT's manufacturer's. DIRT was first publicized in July, 1998, by its developer Codex Data Systems, a self-described corporate/private security, counter-surveillance, and investigative firm currently based in Ontario, Canada. NIPC cannot vouch for the validity of this information nor confirm that this tool is currently being employed by either by law enforcement or criminal elements.) A study performed by market researchers Frost & Sullivan was released 3 July said that, as the amount of classified information transmitted via Web networks rapidly increases, hackers and e-terrorists will help create a burgeoning encryption market. The study found that the data-protection industry generated revenues of $176 million in 2000 but projected a steady increase to $457.6 million by 2007. It also found that international agencies such as the NSA and NATO are increasing network defense spending and modernizing their equipment to safeguard the privacy of transmitted information. Frost & Sullivan senior analyst Brooks Lieske said in a press release that hackers are no longer mainly focused on disrupting service and implanting viruses. "They are also doing less noticeable, but potentially more damaging activities such as reading e-mail and gathering restricted information from Internet sites and computers," Lieske said. (Source: NewsBytes, 3 July) International - Security experts fear that a new hacker tool is in the works - a Trojan horse that causes the infected machine to generate spam without the owner's knowledge. Several small Internet service providers have been shocked to see some of their most unlikely users turn into spammers. But it turns out the users are unwitting tools of a new virus that experts say is the first case they've seen of hackers finding a way to commercially exploit their skills. The scheme, seemingly spread across desktops in the form of a virus, was tested by hackers throughout June, apparently to explore the possibility of infecting home machines with software that would generate unsolicited bulk e-mail without the knowledge of the machines' owners. The virus was designed with a simple succession of points and clicks, using a widely available worm-writing tool such as The Visual Basic Worm Generator, experts believe. The virus carries a trojan - nicknamed the spamming trojan for its function - then generates spam e-mails from users' accounts, using their names and targeting the people to whom they send e-mail. (Source: ZDNet UK, 4 July) Australia's IT security industry has been scathing in its attacks this week on the Cybercrime Bill 2001, labeling it "draconian and dangerous." Under the bill, which proposes seven new computer offenses carrying jail terms of up to 10 years, it is illegal to possess hacker tool kits, scanners, and virus code. These 'tools of the trade' for security vendors to test systems are placing a burden on lawyers drafting ethical hacking agreements with corporations. The proposed bill does allow the Defense Signals Directorate (DSD) and Australian Security Intelligence Organization (ASIS) to hack legally. It also forces companies by law to reveal passwords, keys, codes, cryptographic, and steganographic methods used to protect information. ( Source: IDG News Service, 5 July) Defacements: According to the Web defacement mirror site, Alladas.de,.the following U.S. Federal and state government sites were defaced on 5 July by the hacker indicated: Goddard Amateur Radio Club located at the NASA Goddard Space Flight Center web site, (www.garc.gsfc.nasa.gov) was defaced by Prime Suspectz. Washington State Courts web site (www.courts.wa.gov) was defaced by PoisonBOx. U.S. SECTOR INFORMATION: Transportation - NTR Telecommunications - NTR Electrical Power - NTR Emergency Services - NTR Banking and Finance - NTR Government Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC of the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:50 PDT