FW: NIPC Daily Report 05 September 01

From: George Heuston (georgeh@private)
Date: Wed Sep 05 2001 - 10:11:31 PDT

  • Next message: George Heuston: "CRIME Meeting, Next Tuesday @ 10am"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Wednesday, September 05, 2001 8:55 AM
    To: daily@private
    Subject: NIPC Daily Report 05 September 01
    
    
    NOTE: Please understand that this is for informational purposes only and
    
    does not constitute any verification of the information contained in
    this report nor does this constitute endorsement by the NIPC of the FBI
    
    The NIPC Daily Report
    Prepared by WWU
    05 September 2001
    
    Significant Changes and Assessment  - No significant changes
    
    Private Sector - Central Command, a provider of PC anti?virus software
    and computer security services, and its partners today released its
    monthly listing of the top twelve viruses reported for August 2001. The
    report is based on the number of virus occurrences confirmed through
    Central Command's Emergency Virus Response Team tracking.  The following
    represent the most prevalent viruses for August 2001: (1)
    I?Worm.Sircam.A 49.8%; (2) mailto:Win32.Magistr.A@mm 9.8%; (3) Win95.CIH
    5.7%; (4) mailto:VBS.HappyTime.A@mm 5.1%;  (5) Win32.Funlove.4099 3.7%
    (Source: Central Command, 4 September)
    
     Kaspersky Labs warns users about the detection of the new variant of
    the dangerous "Magistr" virus. "Magistr.b," utilizes a substantially
    reworked encoding algorithm of the virus code. "Because of this, none of
    the known anti?virus scanners are able to recognize this new virus
    variant even with the heuristic code analyzer switched on," commented
    Eugene Kaspersky, Head of  Anti?Virus Research at Kaspersky Labs. This
    variant is characterized by exclusively dangerous side effects, and also
    noticeably reworked virus spreading procedures via the local network and
    e?mail.  (Source: Infosec News, 4 September)
    
    Another virus called "CodeGreen" has reportedly been launched on the
    Internet, scanning systems for Code Red II infections and applying a
    patch as it spreads. "CodeGreen," said to have been written by a German
    author known as "Der HexXer," scans the Internet for Microsoft IIS
    servers infected by Code Red II and runs through a series of steps
    before downloading security patches.  However, there is some concern
    over whether it is the right patch and about the installation method.
    Security officials say the worm cannot be trusted, and almost
    unanimously dismiss the idea of fighting a virus with a virus.  They say
    the concept is interesting and may hold promise on a tightly-controlled
    computer network but is nothing but trouble "in the wild" on the
    Internet.  (Source: News Factor, 4 September)
    
    A hole has been discovered in Network Associate's Gauntlet firewall
    software that makes it possible for intruders to turn the security
    system against the very networks it was designed to protect.  On 4
    September, the company's PGP Security division released patches for a
    buffer overflow vulnerability in the firewall's 'csmap' SMTP proxy, a
    feature of the firewall that is designed to act as a protective membrane
    between an organization's mail server application and the rest of the
    world.  In normal operation, csmap accepts mail connections from the
    Internet, then forwards only valid traffic to the internal mail server.
    By adding reams of text at a particular point in the mail transaction,
    an attacker can overflow the memory dedicated to storing an email
    address.  Properly crafted computer instructions appended to the text
    will then be executed by the machine, giving hackers a way in.  The bug
    affects users of Gauntlet 5.0, 5.5;  6.0 on Solaris and HP-UX; and the
    company's Web Shield line of appliances.  (Source: Security Focus, 4
    September)
    
    International - On 4 September, Belgian Telecommunications Minister Rik
    Daems and his Singaporean counterpart Yeo Cheow Tong signed an agreement
    in principle for the two countries to warn each other when they find a
    new computer virus. Belgium already has its own e?security platform,
    which warns the Belgian population around the clock about a potentially
    dangerous virus within two hours of its discovery.  The system has been
    developed in cooperation with the Belgian Institute for Postal Services
    and Communication.  However, viruses do not stop at national borders.
    Therefore, Daems wants to extend the system to other countries.
    Singapore is one of the most advanced countries in the field of computer
    technology, a press release issued by Daems' cabinet stresses. The
    minister wants to go further than this agreement. This autumn, he will
    discuss the possible establishment of a European e?platform with his
    European counterparts.  (Source: Groot?Bijgaarden De Standaard, Internet
    Version in Dutch, 5 September)
    
     Hanoi plans to spend $26.6 million on developing information technology
    (IT), making this a key industry in the first decade of the new
    century.  The city's first step is to built an IT service center and put
    it into use by the end of this year. The next step aims to build an IT
    development center and the Nam Thang Long IT industrial zone in 2002.
    Hanoi strives to have 100% of its major industries using
    telecommunications networks and the Internet in their business
    management and production by 2005.  The city also targets having 100% of
    high schools, 60% of hospitals, 70% of enterprises, 70% of precinct and
    50% of commune administrative offices accessible to the Internet.
    (Source: Hanoi Vietnam News Agency, Internet Version in English, 4
    September 2001)
    
    Government - NTR
    
    Military - NTR
    
    U.S. SECTOR INFORMATION:
    
    Banking and Finance - Citibank's nationwide system of 2,000 automated
    teller machines crashed on 4 September. The cause of the outage, which
    began at 5pm and lasted about four hours, was due to an internal
    software problem, Citibank spokesman Mark Rodgers said.   About 2
    million US households hold consumer banking accounts at Citibank.
    Citibank said it will waive any fees its customers incurred because of
    the outage, including convenience fees charged by competing banks whose
    ATMs are used by Citibank customers.  Citibank, a unit of financial
    services giant Citigroup, is one of the largest consumer banks in the
    world.  (Source: Associated Press, 4 September)
    
    Telecommunications - NTR
    Emergency Services - NTR
    Water Supply - NTR
    Gas and Oil Storage Distribution - NTR
    Government Services - NTR
    Electrical Power - NTR
    Transportation - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:36 PDT