-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Tuesday, August 07, 2001 8:27 AM To: daily@private Subject: NIPC Daily Report, 7 August Significant Changes and Assessment - On 6 August, The National Infrastructure Protection Center (NIPC) issued Advisory 01-017, "Code Red II", detailing the NIPC's continuous work and close coordination with the public and private sector partners regarding Code Red II. The NIPC considers Code Red II to be a serious threat because it spreads rapidly and installs a backdoor that can be accessed by anyone familiar with the exploit. The NIPC strongly recommends that consumers check their systems and install the patches available. The NIPC Advisory can be viewed at www.nipc.gov/warnings/advisories/2001/01-017 and the patches can be found at the following URL's: For Windows NT 4 machines: http://www.microsoft.com/downloads/release.asp?releaseid=30833, For Windows 2000 machines: http:/www.microsoft.com/downloads/release.asp?released=30800, and for those already infected by the Code Red II, a suggested process for repairing your system can be found at www.cert.org/tech.tips/win-UNIX-system.compromise.html. Private Sector - A survey of American companies conducted by Rapid 7 Inc., a network security software development company, reveals that not only are companies' networks being attacked six or more times per year, but these attacks are becoming increasingly more criminal in nature, compromising private information, destroying valuable data and exposing businesses to significant liability. The survey also revealed that government networks were identified as being the most "at risk." The study involved 167 network security personnel from government and mid- to large-sized U.S. businesses in various industries, including financial services, healthcare and technology. The survey also revealed viruses as the leading type of network attacks; threats usually reported from within. (Source: InfoSec News, 6 August) Lycos Inc. reportedly has a bug in its search engine that could allow malicious web pages to crash users' computers, according to bug hunters. It emerged last week that the way Lycos renders HTML in its search results could allow JavaScript to be launched from the results page without the knowledge of Lycos or the end user. This could be used to merely launch spam pop-up windows or, using documented malicious JavaScript tricks, to crash the user's computer. According to a poster to the influential Bugtraq mailing list, when a web site uses the & ampersand sign to annotate an HTML tag, Lycos renders this as if it were HTML rather than interpreting it into text. This means something marked up as a textual example of how to spam a user with pop-ups would be interpreted by Lycos as an instruction to spam the user with pop-ups. (Source: ComputerWire, 6 August) International - The South Korean government's administration ministry reported, for the first time, the "Code Red" virus had attacked parts of the government's computer networks, forcing several computer systems at a government building to crash or slow down. Lee Se-Woo, a ministry official handling the Code Red Worm, said, "three or four" computers were confirmed to be infected at the government's office building in Taejon, 164 kilometers (102 miles) south of Seoul. He also added, Computer systems at five government agencies have been investigated for possible Code Red infections over the last two days. (Source: Agence France Presse, 7 August) Investigations have been launched into the alleged hacking of an Australian politician's computer, according to local media reports over the weekend. The controversy is exacerbated by the revelation that the computer used to access the files was allegedly located in a New South Wales government official's office. According to reports, police inquiries into the incident are under way and a PC in state Labor Member of Parliament (MP) Tony Kelly's office has been seized. The computer was allegedly used to hack into files belonging to an as-yet-unnamed opposition Liberal Party politician. The files are now missing. Kelly issued a statement denying any involvement in hacking into anyone's computer. (Source: NewsBytes, 6 August) Government - NTR Military - NTR U.S. SECTOR INFORMATION: Electrical Power - The drought-stricken Columbia River Basin remains so short of water to run hydroelectric dams that the Northwest may have to borrow power from California to keep the lights on this winter. But there's no guarantee that energy-strapped California will have power to share when the Northwest needs it. "We're in the red zone," said Ed Mosey, a spokesman for the Bonneville Power Administration. Relying on California for energy to heat homes and businesses "could happen this winter," Mosey said. (Source: The News Tribune, 6 August) Banking and Finance - NTR Telecommunications - NTR Water Supply - NTR Gas and Oil Storage Distribution -NTR Government Services - NTR Transportation - NTR Emergency Services - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:08 PDT