FW: NIPC Watch Daily Report 6 July 2001

From: George Heuston (georgeh@private)
Date: Fri Jul 06 2001 - 09:38:07 PDT

  • Next message: George Heuston: "10 July Meeting @ 10:00 AM @ Airtouch - 2nd Call"

     
    
    -----Original Message-----
    From: NIPC Watch
    To: daily
    Sent: 7/6/01 8:30 AM
    Subject: NIPC Watch Daily Report 6 July 2001
    
    Significant Changes and Assessment  - No Significant Changes.
    
    Private Sector -
     Dmitry Gryaznov, from McAfee AVERT Labs, says malicious code writers
    are increasingly targeting Usenet's myriad discussion groups.  He says
    individual viruses, disguised as images or video files, are often posted
    more than 200 times a day. Gryaznov told PCWorld that contrary to common
    perceptions, Usenet continues to grow rapidly. He estimates the volume
    of newsgroup posts grew 20% in the first four months of this year.
    Virus writers tend to target the myriad of sex-themed discussion groups
    which attract thousands of visitors each day.  Gryaznov points out that
    while e-mail distributed viruses are deleted from users' computers,
    rogue news group postings can remain archived on the web indefinitely.
    (Source: Ananova, 5 July)
    
     On 5 July, Microsoft Corp. released Security Advisory MS01-037
    Authentication Error in SMTP Service Could Allow Mail Relaying.  The
    SMTP service installs by default as part of Windows 2000 server and can
    be intentionally installation on Windows 2000 Professional.  The SMTP
    service has a flaw in its authentication process that could allow an
    unauthorized user to successfully authenticate to the service using
    incorrect credentials.  An attacker who exploits the vulnerability could
    gain user-level privileges on the SMTP service, thereby enabling the him
    to use the service but not to administer it.  The most likely purpose in
    exploiting the vulnerability would be to perform mail relaying via the
    server.  Complete details can be found at:
    http://www.microsoft.com/technet/security/bulletin/MS01-037.asp.
    (Source: Microsoft, 5 July)
    
     On 5 July , Microsoft said that one-third of MSN Messenger customers
    were continuing to experience sporadic access problems due to a hardware
    failure that has affected the MSN Messenger service, including access to
    "buddy lists."  However, the service appeared to go down completely
    around 3 p.m. PDT, with no users able to log in.  The problem appears to
    be widespread, with MSN Messenger users in the U.S., Korea, Singapore,
    and Chile reporting failed connections or missing buddy lists.  Sarah
    Lefko, Microsoft's MSN product manager, said "the majority of MSN
    Messenger customers worldwide are unaffected."  Lefko emphasized that
    those lists have not been lost and "when the issue is resolved,
    customers' personal buddy lists will be restored."  (Source: ZDNet, 5
    July)
    
     MSNBC reported that dozens of URLs have been posted in Internet chat
    rooms linking to small Web sites that hadn't patched their flawed
    shopping cart programs. The flaw is  widespread that some of the URLs
    containing customer information are being picked up by search engines -
    meaning finding stolen cards is almost as easy as conducting a search on
    Yahoo or Google.  For example, on 2 July, armed with simple instructions
    provided on a Web site, MSNBC.com was able to find eight sites revealing
    information.  Finding the sites is easy - it involves using a particular
    search term on a search site like Google or Yahoo, followed by one
    additional cut-and paste operation. While most sites uncovered using
    this search method had installed the patch, about one in 15 had not.
    (Source: MSNBC, 5 July)
    
     A controversial piece of software called DIRT (Data Interception by
    Remote Transmission) offers government operatives a powerful tool to
    break into home computers through the Internet and read everything, said
    Spy News web site on 4 July.  DIRT costs anywhere from a few thousand
    dollars to over $200,000. The software is said to be powerful enough to
    penetrate many common security tools, including firewalls. So far, no
    anti-virus program on the market can detect it.  DIRT is currently sold
    only to police, military and intelligence agencies.  (Source: Jane's
    Intelligence, 5 July) (NIPC Comment:  Reporting on this surveillance
    tool by Jane's does not necessarily indicate that this is a new
    technology, but rather indicates that Spy News has elected to again draw
    attention to the marketing claims of DIRT's manufacturer's.   DIRT was
    first publicized in July, 1998, by its developer Codex Data Systems, a
    self-described corporate/private security, counter-surveillance, and
    investigative firm currently based in Ontario, Canada.  NIPC cannot
    vouch for the validity of this information nor confirm that this tool is
    currently being employed by either by law enforcement or criminal
    elements.)
    
     A study performed by market researchers Frost & Sullivan was released 3
    July said that, as the amount of classified information transmitted via
    Web networks rapidly increases, hackers and e-terrorists will help
    create a burgeoning encryption market.  The study found that the
    data-protection industry generated revenues of $176 million in 2000 but
    projected a steady increase to $457.6 million by 2007.  It also found
    that international agencies such as the NSA and NATO are increasing
    network defense spending and modernizing their equipment to safeguard
    the privacy of transmitted information.  Frost & Sullivan senior analyst
    Brooks Lieske said in a press release that hackers are no longer mainly
    focused on disrupting service and implanting viruses.  "They are also
    doing less noticeable, but potentially more damaging activities such as
    reading e-mail and gathering restricted information from Internet sites
    and computers," Lieske said. (Source: NewsBytes, 3 July)
    
    International -  Security experts fear that a new hacker tool is in the
    works - a Trojan horse that causes the infected machine to generate spam
    without the owner's knowledge.  Several small Internet service providers
    have been shocked to see some of their most unlikely users turn into
    spammers.  But it turns out the users are unwitting tools of a new virus
    that experts say is the first case they've seen of hackers finding a way
    to commercially exploit their skills.  The scheme, seemingly spread
    across desktops in the form of a virus, was tested by hackers throughout
    June, apparently to explore the possibility of infecting home machines
    with software that would generate unsolicited bulk e-mail without the
    knowledge of the machines' owners.  The virus was designed with a simple
    succession of points and clicks, using a widely available worm-writing
    tool such as The Visual Basic Worm Generator, experts believe.  The
    virus carries a trojan - nicknamed the spamming trojan for its function
    - then generates spam e-mails from users' accounts, using their names
    and targeting the people to whom they send e-mail. (Source: ZDNet UK, 4
    July)
    
     Australia's IT security industry has been scathing in its attacks this
    week on the Cybercrime Bill 2001, labeling it "draconian and dangerous."
    Under the bill, which proposes seven new computer offenses carrying jail
    terms of up to 10 years, it is illegal to possess hacker tool kits,
    scanners, and virus code. These 'tools of the trade' for security
    vendors to test systems are placing a burden on lawyers drafting ethical
    hacking agreements with corporations. The proposed bill does allow the
    Defense Signals Directorate (DSD) and Australian Security Intelligence
    Organization (ASIS) to hack legally.  It also forces companies by law to
    reveal passwords, keys, codes, cryptographic, and steganographic methods
    used to protect information. ( Source: IDG News Service, 5 July)
    
    Defacements: According to the Web defacement mirror site,
    Alladas.de,.the following U.S.  Federal and state government sites were
    defaced on 5 July by the hacker indicated:
    
    
     Goddard Amateur Radio Club located at the NASA Goddard Space Flight
    Center web site, (www.garc.gsfc.nasa.gov) was defaced by Prime Suspectz.
    
     Washington State Courts web site (www.courts.wa.gov) was defaced by
    PoisonBOx.
    
    U.S. SECTOR INFORMATION:
    
    Transportation - NTR
    Telecommunications - NTR
    Electrical Power - NTR
    Emergency Services - NTR
    Banking and Finance - NTR
    Government Services - NTR
    Water Supply - NTR
    Gas and Oil Storage Distribution - NTR
    
    NOTE: Please understand that this is for informational purposes only and
    does not constitute any verification of the information contained in the
    report nor does this constitute endorsement by the NIPC of the FBI.
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:50 PDT