-----Original Message----- From: NIPC Watch To: daily Sent: 10/19/01 9:17 AM Subject: NIPC Daily Report, 19 October 2001 NIPC Daily Report, 19 October 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - No significant changes. Private Sector - Newsbytes reports that a new hacking tool is being actively used by attackers hoping to take remote control of unpatched Unix-based systems. The tool appears to exploit a known bug in a popular authentication technology called Secure Shell (SSH). Previously, no working exploits for the overflow flaw in the SSH daemon were known. Rumors have spread in the hacker underground that scripts were available to gain "root" or system-level access to vulnerable systems. System operators have also posted reports on security mailing lists saying they are receiving remote scans from attackers attempting to locate vulnerable systems running SSH. Several versions of the SSH attack scripts have recently been available over Internet relay chat and other online forums. (Source: Newsbytes, 18 October) Hackers have developed a trick for pilfering Digital Subscriber Lines (DSL) account names and passwords right from subscriber's routers, a technique that provides hackers with untraceable Internet access, and potentially exposes subscriber e-mail to interception. The method targets Cayman Systems' popular 3220-H DSL router, a combination modem, router and hub that allows DSL subscribers to share their Internet connections among multiple computers. (Source: Security Focus, 18 October) A worm, called Redesi, disguising itself as a security patch for Microsoft products, will in fact reformat the victim's C: drive. The worm spreads by e-mail under a number of guises, and is reportedly set to trigger on 11 November. Redesi has so far been seen in two variants; either as a Microsoft patch or as what will appear to most people more like junk e-mail. In the first case, the e-mail worm comes with a header randomly selected from a list that includes "FW: Microsoft security update," and "FW: Security Update by Microsoft." The second variant arrives with headers such as: "Scientists have found traces of the HIV virus in cows milk...here is the proof -- Will", "Yay. I caught a fish -- Six", and "I want to live in a wooden house -- Arwel." Only PCs running older versions of Windows that use the autoexec.bat file are vulnerable to having their hard disks formatted on 11 November. (Source: Security News Portal, 18 October) (NIPC Comment: US anti-virus vendors are rating the threat from this worm as low. NIPC will continue to monitor and advise as appropriate.) Microsoft Corp. has released Security Bulletin MS01-052, pertaining to a vulnerability in the Remote Data Protocol (RDP). The vulnerability, which they rate as moderate, relates to the implementation of RDP in the terminal service in Windows NT 4.0 and Windows 2000 which does not correctly handle a particular series of data packets. If such a series of packets were received by an affected server, it would cause the server to fail. The server could be put back into normal service by rebooting it, but any work in progress at the time of the attack would be lost. It would not be necessary for an attacker to be able to start a session with an affected server in order to exploit this vulnerability - the only prerequisite would be the need to be able to send the correct series of packets to the RDP port on the server. A patch to fix this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS01-052.asp <http://www.microsoft.com/technet/security/bulletin/MS01-052.asp> . (Source: Microsoft Corporation, 18 October) Government - The US Department of Energy's Computer Incident Advisory Capability (CIAC) issued a bulletin to DOE employees that the Internet-connected bug-reporting capabilities of Windows XP or Office in combination with recent versions of Microsoft's Internet Explorer browser could disclose sensitive data to Microsoft. The issue, CIAC wrote in its bulletin, is that the Windows Error Reporting feature takes a snapshot of data stored in memory at the time of an application failure - data that could include content from a document being edited at the time of a crash. Microsoft spokesman Rick Miller said the Error Reporting technology, which first appeared in Office 2000, is easily disabled or skipped on an ad hoc basis. (Source: Newsbytes, 18 October) Rep. Chris Smith, R-N.J., this week reintroduced legislation that would restrict the transmission of unsolicited commercial e-mail, otherwise known as spam. The bill, H.R. 3146, debuted this week. Smith originally introduced his bill in October 1999, but the House Energy and Commerce Committee failed to act on it after it was referred there later that month. The original bill, known as the Netizens Protection Act, would have forbidden sending any unsolicited commercial e-mail that did not reveal identities; required Internet service providers to clearly state their spam policies to customers; would have allowed spam recipients to sue; and would have dealt fines of up to $1,500. (Source: Newsbytes, 18 October) International - NTR Military - NTR U.S. SECTOR INFORMATION: Water Supply - The American Water Works Association (AWWA) joined EPA Administrator Christine Todd Whitman in assuring the public that the nation's drinking water is safe and highly unlikely to be compromised in the event of a terrorist attack. Ms. Whitman spoke about potential threats to the nation's water supply at a press conference. "As Ms. Whitman said, water utilities have long taken extensive precautions to prevent against a threat to the security of public drinking water," said AWWA Executive Director Jack Hoffbuhr. "But that doesn't mean utilities should be complacent, and they are not. Indeed, water utilities large and small and in every part of the US have further heightened their security systems and procedures since the deadly and devastating terrorist attacks of 11 September." (Source: The American Water Works Association, 18 October) Electrical Power - The federal government reached a deal on 18 October, with energy companies to build a $300 million transmission line in central California to relieve a chronic bottleneck in moving electricity supplies between the northern and southern parts of California. Construction on the so-called Path 15 project, which was announced by Energy Secretary Spencer Abraham, will begin in the spring of 2003 and may be completed by summer 2004. The project, which would boost capacity by 1,500 megawatts, will involve PG&E Corp., Kinder Morgan Inc., the Williams Cos.' Trans-Elect Inc., Mirant Corp and the federally owned Western Area Power Administration. Path 15, an 84-mile stretch of electricity transmission lines in the state's Central Valley, has contributed to California's chronic power shortages. The outdated power lines in that area do not have enough capacity to carry electricity between Southern California and the northern part of the state during peak power demand times, especially during the winter. (Source: Reuters, 18 October) Transportation - NTR Gas and Oil Storage Distribution - NTR Telecommunications - NTR Government Services - NTR Banking and Finance -NTR Emergency Services - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:28:20 PDT