-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Thursday, August 09, 2001 7:43 AM To: daily@private Subject: NIPC Daily Report, 9 August Significant Changes and Assessment - No significant changes. Private Sector - Microsoft has released a new tool named Code Red Cleanup to undo the effects of an Internet worm that may have burrowed into hundreds of thousands of computers. The tool is available at http://www.microsoft.com/technet/itsolutions/security/tools/redfix.asp. The small utility is designed to "eliminate the obvious effects of the Code Red II worm" from infected Web servers, according to the company. In addition to eradicating malicious files installed by the worm, Code Red Cleanup reboots the system to eliminate memory-resident code. The tool also removes special settings known as "mappings" installed by the worm. Finally, the utility provides an option to permanently disable IIS on the server. The cleanup tool does not install the patch released by Microsoft in June to correct the buffer-overflow vulnerability in its Web IIS server software. (Source: Newsbytes, 9 August) Microsoft Corp. confirmed that some of its MSN Hotmail servers were infected with a Code Red virus on 8 August. The news follows Microsoft's extensive public education campaign aimed at getting users to download a simple patch that protects servers from the virus. It wasn't immediately clear whether the infections discovered this week were caused by the first Code Red virus or a second, more virulent virus dubbed Code Red II. Microsoft spokesman Jim Desler said servers had since been patched and that the company has been scanning its systems to make sure they were safe. (Source: Reuters, 8 August) Michael Normington, a disgruntled former employee who hacked into a Chicago company's Internet site and littered it with pornography and derogatory comments was sentenced in federal court on 8 August to six months in prison. Three weeks after he quit his job last year as a Web site developer at Hinda Incentives, Normington intruded into the company's computer system and damaged its Web site, said Assistant U.S. Attorney James Conway. Normington deleted files, redirected certain users to a pornographic Web site and wrote derogatory comments about customers and employees, authorities said. U.S. District Judge John Darrah also ordered Normington to pay restitution of $38,000 to Hinda Incentives. (Source: Chicago Tribune, 9 August) Several Verizon Communications Inc. internal servers and Internet customers were reportedly hit by the "Code Red II" virus this week, temporarily losing their Net access or experiencing slow connections, company officials said on 8 August. The worm, which affects computer servers that run on Microsoft software, first brought down Internet connections at several Verizon buildings on 6 August, said spokesman Bill Kula. Most buildings were fine and workers in affected ones were back online on 7 August using alternative servers. An unknown number of Verizon Online customers also lost their connections, because they hadn't installed a software patch made available by Microsoft, Mr. Kula said. "We provided information to our customers proactively about how to obtain the patches," he said. "We can't force all of our customers to take the appropriate steps to guard themselves." (Source: The Dallas Morning News, 9 August) Providing it a potential leg up in the emerging trend of subscription-based software, McAfee.com Corp. was issued a patent on 24 July by the U.S. Patent Office for its system of delivering security-related software and services over the Internet. While its rivals sell boxes of software and make customers do their own installations, McAfee delivers all of its virus-protection and PC-management software via the Internet. McAfee also does the technical work and continued maintenance for its customers' desktop computers remotely via its Web site - all on a subscription basis. The patent covers the technology behind McAfee's system, as well as its subscription-based business model. (Source: ComputerUser, 8 Aug) Internet Security Systems (ISS) X-Force has discovered multiple remote vulnerabilities in Macromedia ColdFusion. ColdFusion is an enterprise application used to develop, maintain, administer, and deliver Web sites on the Internet. The vulnerabilities may allow remote attackers to execute arbitrary commands as a privileged user on a vulnerable ColdFusion installation. ColdFusion ships with two vulnerable "Exampleapps." These applications may be queried via a normal Web browser. Both vulnerable scripts behave like CGI (Common Gateway Interface) applications. (Source: InfoSec News, 8 August) Internet Security Systems (ISS) X-Force in conjunction with ISS Emergency Response Services (ERS) has discovered and researched remote vulnerabilities in Raytheon's SilentRunner. SilentRunner is a passive network monitoring, discovery, and analysis tool. The SilentRunner collector module is the passive network monitoring component of the program. According to X-Force, the collector contains multiple buffer overflow vulnerabilities that may be exploited by an attacker on networks monitored by SilentRunner. Successful exploitation can result in a Denial of Service attack against the collector, or execution of arbitrary code on the SilentRunner server. (Source: InfoSec News, 8 August) International - The Code Red II Internet worm has spread to at least 180 servers in China, but the number could be much higher, a security expert said on 8 August. Beijing Rising Technology Corp, a virus protection company, said it learned of 180 confirmed cases of Code Red infections between the morning of 6 August and the afternoon of 8 August. Eighty percent of those cases, reported by telephone or e-mail, were in Beijing, she said. The others were in the cities of Shanghai, Dalian, Tianjin and Xiamen, and in Henan province. Between 70 percent and 80 percent of the confirmed infections had struck businesses, mostly in the computer or IT industry. (Source: Reuters, 8 August) In Taiwan, the Code Red computer worm slowed the Taipei County Government's Internet traffic on 4 August, after disrupting services of its district offices and causing the shutdown of the land administration's Web site. Many people failed to log onto the county government's Web site due to its sluggishness as a result of the Code Red computer worm. Eleven of 16 Taipei County Government's computer servers have been affected by the worm. The Taipei County Government has fixed most of the services on 6 August. Currently, people can use the county Web site but may not be able to connect to some 30 affiliated Web sites, such as the county's district offices. (Source: Taipei Taiwan News, 8 August) The Japanese government is acting both domestically and internationally to prevent the Internet from being used for crime. The National Police Agency is now enhancing its e-mail interception system. In November, the Japanese government is expected to ratify a treaty to prevent cyber-crime. The agency plans to introduce "temporary e-mail boxes" based on legislation enacted in August 2000 allowing the interception of communications. The cyber crime prevention treaty, which the U.S. and European countries are also expected to sign, will allow authorities to require ISPs to keep log information on crime suspects, such as their e-mail correspondents, communication routes and time spent online, for up to 90 days from the order. This is designed to allow immediate action on requests from foreign governments for cooperation in criminal investigations. (Source: Tokyo Nikkei Telecom, 8 August) The Far Eastern Economic Review reports in its 16 August issue that Asia is becoming a proving ground for cyberwarriors. China is rapidly developing its cyberwarfare capabilities and has emerged as the region's leading threat, the Review says. Taiwan, North and South Korea are also increasing their capabilities. "Cyberwarfare is very buoyant in Asia right now, much more than other parts of the world, perhaps because of the generally high levels of defense activity," says Desmond Ball, a specialist in electronic warfare and intelligence and head of the Strategic and Defense Studies Center, at the Australian National University in Canberra. "Cyber attacks will provide both state and non-state adversaries with new options against countries beyond mere words but short of actual physical attack," said Adm. Chris Barrie, Australia's chief of defense forces. (Source: InfoSec News, 8 August) An international group of information security experts which includes members of the International Information Systems Security Certification Consortium (ISC2) is creating a series of "best practice" papers available free to professionals in all industries, as well as the general public. The project is called Commonly Accepted Security Practices and Recommendations (CASPR). "There is an enormous need for uniform best practices to be developed for information security in vertical industries," says James E. Duffy, managing director of (ISC2). Launched in April, CASPR now has working groups covering a multitude of subjects, including Unix, physical security, incident handling, VPNs, firewalls, cybercrime and certification-just to name a few. Final papers will be subject to ongoing review, with revisions every six months as needed. The first set of papers is expected to be available on the Internet by the end of this year. Further information about the CASPR project is available at http://www.caspr.org. (Source: Information Security Magazine, 7 Aug) Military - NTR Government - NTR U.S. SECTOR INFORMATION: Telecommunications - NTR Electrical Power - NTR Banking and Finance - NTR Water Supply - NTR Gas and Oil Storage Distribution -NTR Government Services - NTR Transportation - NTR Emergency Services - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:13 PDT