FW: NIPC Watch Daily Report 27 August 2001

From: George Heuston (georgeh@private)
Date: Mon Aug 27 2001 - 18:15:48 PDT

  • Next message: George Heuston: "FW: NIPC Daily Report 28 August 01"

     
    -----Original Message-----
    From: NIPC Watch
    To: daily@private
    Sent: 8/27/01 8:12 AM
    Subject: NIPC Watch Daily Report 27 August 2001
    
    Significant Changes and Assessment  - No significant changes
    
    
    Private Sector -   Symantec's Anti-virus Research Center has identified
    a potentially serious Active-based Trojan named "Offensive" that cracks
    the Windows registry on an infected PC and kills off the operating
    system.  The Trojan is transferred via e-mail as an apparently innocuous
    .html web link.  If it is executed, the target web page displays a
    button saying "Start" that, if pressed, destroys the system registry.
    On an infected machine it is impossible to run any programs and the OS
    will lock, preventing a system shut-own. Additionally, it prevents
    subsequent access to the operating system, even in Safe Mode.  Symantec
    advised home computer users who have become infected with Offensive to
    seek professional advice, as the only way to repair the damage is using
    regedit from a DOS command line to fix the damaged registry strings.
    The anti-virus firm said that it was vital to apply the latest patch for
    Internet Explorer 5.5 to counter the Trojan. (Source: VnuNet, 24 August)
    
     A hacker broke into a paintball company's Web site and sent out phony
    financial statements on 23 August, forcing the Nasdaq stock market to
    halt trading in the company's shares for more than two hours.  After
    discovering its computer security had been breached overnight, Brass
    Eagle notified law enforcement officials, including the FBI.  The hacker
    sent out misinformation about the company's finances in "hundreds, if
    not thousands" of e-mails, said Chief Financial Officer J.R. Brian
    Hanna.  The attack prompted Brass Eagle to reaffirm its earnings
    guidance for fiscal 2001.  The hacker had apparently entered their Web
    site and sent e-mails ostensibly from the company, to addresses of
    people registered to receive company mailings.  Hanna said computer
    security was being tightened at the company.  (Source:  Reuters, 23
    August)
    
     A Russian software programmer arrested on charges of violating a
    controversial US copyright law saw his arraignment postponed for one
    week as lawyers attempt to work out a settlement in a case which has
    prompted international protests. Dmitry Sklyarov had been scheduled to
    face charges on Thursday morning in San Jose federal district court, but
    a judge postponed it until Aug.30 to allow the defense and prosecution
    more time to negotiate a possible deal, lawyers on both sides said.
    Sklyarov wrote a program for his Moscow-based employer, ElcomSoft Co.
    Ltd, that allows people using Adobe Systems Inc..eBook software to get
    around copyright protection controls, allowing them to copy digital
    books and transfer them to other computers.  He was arrested on 16 July
    in Las Vegas after giving a talk on his program at the DefCon hacker
    convention  (Source: Reuters, 24 August)
    
    International -  While research and development companies in New Zealand
    are being targeted by offshore interests on stealing their work, one New
    Zealand security expert warns the dangers to small to medium-sized
    enterprise are even greater. KPMG New Zealand said that R&D institutes
    have managed to fend off the intruders.  However, businesses in New
    Zealand are generally at risk of attack. The government's decision to
    create an agency, the Center for Critical Infrastructure Protections,
    will provide research and support for companies under attack. ( Source;
    IDG News Service, 24 August)
    
     Afghanistan's Taliban ruler has banned international aid organizations
    from using the Internet in a country that has no proper postal service
    and few working telephones.  Mullah Mohammed Omar also barred government
    departments and domestic aid organizations from using the Internet,
    including to send e-mail.  Mullah Omar's edict said the only Internet
    connection in Afghanistan would be in the in the southern city of
    Kandahar, where most of the senior Taliban leaders are based.  Aid
    groups working in Afghanistan depend heavily on the Internet to
    communicate with each other and with their headquarters.  (Source:
    Associated Press, 26 August)
    
    Government -  NASA Administrator Daniel Goldin has named David Saleeba,
    a 26-year veteran of the US Secret Service, to head up the agency's
    Office of Security Management and Safeguards, created in November 2000
    to oversee NASA's physical security and portions of its information
    technology security. NASA created the Office of Security Management and
    Safeguards to serve as the single point of focus for security matters at
    the agency, including protection the agency's classified networks and
    data.  NASA's chief information officer's office will continue to handle
    all non-classified systems. (Source: Federal Computer Week, 24 August)
    
    Military -  The Defense Intelligence Agency (DIA) is seeking assistance
    in tracking computer  network attacks on DoD systems that originate from
    an unspecified foreign country.  DIA announced on 23 August that it
    intends to award a sole source contract to Veridian..  Veridian will
    help the agency analyze incidents of network intrusions or cyberattacks
    on DoD networks from "computers located in a particular foreign country
    and other computers that show evidence of being under the control of
    people in that country," according to the announcement. The contractor
    will be required to collect intrusion data from DoD, service-specific
    CERTs and information warfare centers, analyze the data and provide a
    list of foreign IP addresses requiring further investigation. The
    contractor also will need to learn who the initiating host is and
    determine the level of threat. (Source: Federal Computer Week, 27
    August)
    
    U.S. SECTOR INFORMATION:
    Water Supply - NTR
    Gas and Oil Storage Distribution - NTR
    Government Services - NTR
    Emergency Services - NTR
    Electrical Power - NTR
    Telecommunications  - NTR
    Banking and Finance - NTR
    Transportation - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:22 PDT