-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, August 08, 2001 8:03 AM To: daily@private Subject: NIPC Daily Report, 8 August Significant Changes and Assessment - No significant changes. Private Sector - Qwest Communications blames the Code Red computer worm for knocking off some of its high speed Internet access customers in Minnesota. The worm is programmed to use infected computer servers to send junk data to the White House Web site on 19 August. As a side effect, it mistakes Qwest digital subscriber line (DSL) modems for Web servers and disables them. The company is not saying yet how many of the state's 50,000 DSL customers have been affected or when their service will be restored. (Source: Reuters, 7 August) Adobe's popular PDF file format has generally been considered immune to viruses. But a new virus carried by programs embedded in PDF files raises concerns that the format itself could become susceptible. On the morning of 7 August, Network Associates' McAfee anti-virus division became aware of the first virus, known as "Peachy," that uses PDF to spread, said Vincent Gullotto, senior director of McAfee's Avert group. Fortunately, those who are simply viewing a PDF, or Portable Document Format, file aren't vulnerable. The virus spreads only by way of Adobe's Acrobat software, the program used to create PDF documents, not through Acrobat Reader, the free program that is used to view the files. (Source: CNET News, 7 August) According to the Internet Engineering Task Force (IETF), the protocol widely used to set up VPN tunnels is potentially insecure, and work on extending its use should be halted. Administrative groups within the IETF have put a temporary moratorium on extensions to Internet Key Exchange (IKE) without saying how long that moratorium should last. The decision rests in part on IKE security flaws identified in a 1999 paper by William Simpson, a consultant with Computer Systems Consulting Services. These include the possibility of swamping a server with a flood of requests to initiate security sessions and sending apparently valid packets that propose security associations with the intent of chewing up processing power by having the server calculate unnecessary security keys. (InfoSec News, 7 August) International - Computer hackers in the Netherlands have claimed authorship of the Code Red II worm, Germany's Federal Office for Information Technology Security said on 7 August. Hackers of the Dutch group 29a claim in news group discussions to have put this version of the so-called worm-type virus into circulation, but there was no proof that they were the originators, the German body's expert, Frank Felzmann, said. "This kind of claim can also serve to cover up the tracks," he said. Felzmann added that "the snowball-like propagation of the virus on the Internet makes it all the more difficult to trace back a path to it originators." (Times of India, 8 August) According to a report by China's Anti-Virus Computer Products Inspection Center of the public security system, the "Code Red II" virus has recently been discovered in China. The normal work and computer systems of some units and departments have been infected by the virus. Because the "Code Red II" virus constitutes a serious threat to computer information system networks, the Ministry of Public Security has issued a circular about the virus to the public information network security monitoring divisions of the public security departments of various provinces, regions and municipalities across the country. (Source: New China News Agency, 7 August) Several thousand servers in Japan have been infected by the "Code Red" computer worm, the Information Technology Promotion Agency said on 6 August. A new mutation of the worm, which makes it easier for hackers to penetrate servers, has also been discovered by the agency. In contrast to epidemic infections reported worldwide, only three cases had been reported in Japan as of 6 August. The agency, however, estimates at least several thousand servers have been infected. (Source: Tokyo Nikkei Telecom, 7 August) Government - As federal agencies worked to stay ahead of the Code Red computer worm crawling through the Internet last week, officials were planning an automated method of fixing vulnerabilities in government systems. Under the plan, agencies would provide profiles of the applications and operating systems on their networks to the Federal Computer Incident Response Center (FedCIRC), which would then send agencies only the patches they needed. FedCIRC, the lead organization for civilian agency computer-attack warnings and response, is set to release a request for proposals for the system. (Source: InfoSec News, 7 August) Military - NTR U.S. SECTOR INFORMATION: Telecommunications - Two prominent Internet researchers from AT&T Labs are among a growing number of experts raising red flags about Multi-protocol Label Switching (MPLS), a next-generation traffic engineering technology backed by network industry leaders such as Cisco, Juniper Networks and AT&T itself. The researchers say MPLS create serious network management challenges for Internet backbone providers. Even more dire are their warnings about potential security and privacy problems for companies that deploy MPLS-based VPNs. (Source: InfoSec News, 7 August) Electrical Power - On the hottest day of the year, New York urged residents to conserve electricity amid warnings that soaring demand and problems at a few local power plants had cut deeply into the grid's available power supplies. Millions of New York City workers were told over their office public address systems that the New York Independent System Operator (NYISO), which manages the New York power system, had declared an energy emergency and Consolidated Edison Inc., the city's main electric utility, called for power load reductions until 7 p.m. Eastern Time. Although it is not the city's first energy emergency, it is the first time the NYISO has activated a new emergency demand reduction program in New York City that calls on major businesses and building managers to voluntarily throttle back their power usage. (Source: Reuters, 7 August) Banking and Finance - NTR Water Supply - NTR Gas and Oil Storage Distribution -NTR Government Services - NTR Transportation - NTR Emergency Services - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI..
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:11 PDT