-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, September 05, 2001 8:55 AM To: daily@private Subject: NIPC Daily Report 05 September 01 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in this report nor does this constitute endorsement by the NIPC of the FBI The NIPC Daily Report Prepared by WWU 05 September 2001 Significant Changes and Assessment - No significant changes Private Sector - Central Command, a provider of PC anti?virus software and computer security services, and its partners today released its monthly listing of the top twelve viruses reported for August 2001. The report is based on the number of virus occurrences confirmed through Central Command's Emergency Virus Response Team tracking. The following represent the most prevalent viruses for August 2001: (1) I?Worm.Sircam.A 49.8%; (2) mailto:Win32.Magistr.A@mm 9.8%; (3) Win95.CIH 5.7%; (4) mailto:VBS.HappyTime.A@mm 5.1%; (5) Win32.Funlove.4099 3.7% (Source: Central Command, 4 September) Kaspersky Labs warns users about the detection of the new variant of the dangerous "Magistr" virus. "Magistr.b," utilizes a substantially reworked encoding algorithm of the virus code. "Because of this, none of the known anti?virus scanners are able to recognize this new virus variant even with the heuristic code analyzer switched on," commented Eugene Kaspersky, Head of Anti?Virus Research at Kaspersky Labs. This variant is characterized by exclusively dangerous side effects, and also noticeably reworked virus spreading procedures via the local network and e?mail. (Source: Infosec News, 4 September) Another virus called "CodeGreen" has reportedly been launched on the Internet, scanning systems for Code Red II infections and applying a patch as it spreads. "CodeGreen," said to have been written by a German author known as "Der HexXer," scans the Internet for Microsoft IIS servers infected by Code Red II and runs through a series of steps before downloading security patches. However, there is some concern over whether it is the right patch and about the installation method. Security officials say the worm cannot be trusted, and almost unanimously dismiss the idea of fighting a virus with a virus. They say the concept is interesting and may hold promise on a tightly-controlled computer network but is nothing but trouble "in the wild" on the Internet. (Source: News Factor, 4 September) A hole has been discovered in Network Associate's Gauntlet firewall software that makes it possible for intruders to turn the security system against the very networks it was designed to protect. On 4 September, the company's PGP Security division released patches for a buffer overflow vulnerability in the firewall's 'csmap' SMTP proxy, a feature of the firewall that is designed to act as a protective membrane between an organization's mail server application and the rest of the world. In normal operation, csmap accepts mail connections from the Internet, then forwards only valid traffic to the internal mail server. By adding reams of text at a particular point in the mail transaction, an attacker can overflow the memory dedicated to storing an email address. Properly crafted computer instructions appended to the text will then be executed by the machine, giving hackers a way in. The bug affects users of Gauntlet 5.0, 5.5; 6.0 on Solaris and HP-UX; and the company's Web Shield line of appliances. (Source: Security Focus, 4 September) International - On 4 September, Belgian Telecommunications Minister Rik Daems and his Singaporean counterpart Yeo Cheow Tong signed an agreement in principle for the two countries to warn each other when they find a new computer virus. Belgium already has its own e?security platform, which warns the Belgian population around the clock about a potentially dangerous virus within two hours of its discovery. The system has been developed in cooperation with the Belgian Institute for Postal Services and Communication. However, viruses do not stop at national borders. Therefore, Daems wants to extend the system to other countries. Singapore is one of the most advanced countries in the field of computer technology, a press release issued by Daems' cabinet stresses. The minister wants to go further than this agreement. This autumn, he will discuss the possible establishment of a European e?platform with his European counterparts. (Source: Groot?Bijgaarden De Standaard, Internet Version in Dutch, 5 September) Hanoi plans to spend $26.6 million on developing information technology (IT), making this a key industry in the first decade of the new century. The city's first step is to built an IT service center and put it into use by the end of this year. The next step aims to build an IT development center and the Nam Thang Long IT industrial zone in 2002. Hanoi strives to have 100% of its major industries using telecommunications networks and the Internet in their business management and production by 2005. The city also targets having 100% of high schools, 60% of hospitals, 70% of enterprises, 70% of precinct and 50% of commune administrative offices accessible to the Internet. (Source: Hanoi Vietnam News Agency, Internet Version in English, 4 September 2001) Government - NTR Military - NTR U.S. SECTOR INFORMATION: Banking and Finance - Citibank's nationwide system of 2,000 automated teller machines crashed on 4 September. The cause of the outage, which began at 5pm and lasted about four hours, was due to an internal software problem, Citibank spokesman Mark Rodgers said. About 2 million US households hold consumer banking accounts at Citibank. Citibank said it will waive any fees its customers incurred because of the outage, including convenience fees charged by competing banks whose ATMs are used by Citibank customers. Citibank, a unit of financial services giant Citigroup, is one of the largest consumer banks in the world. (Source: Associated Press, 4 September) Telecommunications - NTR Emergency Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Electrical Power - NTR Transportation - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:36 PDT