-----Original Message----- From: NIPC Watch To: daily Sent: 11/14/01 8:40 AM Subject: NIPC Daily Report 14 November NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - No significant changes. Private Sector - Trend Micro reported that a new variant of the KLEZ worm called TROJ_KLEZ.C, is in the wild and is considered a medium risk. KLEZ.C is a minor variant of the KLEZ.A worm. It carries a compressed copy of the ELKERN virus, which it drops and executes when the worm is run (and thus, will be detected as ELKERN if no protections are up for KLEZ.C, which will have already infected the system). On the 13th of any even month, the worm attempts to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically in the preview pane without the user double-clicking on the attachment. Microsoft has had a patch out for this vulnerability since 29 March. The worm uses random filenames for the attachment and random characters for the sender. (Source: Trend Micro, 12 November) A vulnerability in a component of a graphical user interface that ships with several commercial Unix systems could let a malicious attacker take administrative control of an affected host system, according to an advisory on 13 November from the CERT/CC at Carnegie Mellon University. The vulnerability exists in a function used by the Common Desktop Environment (CDE) Subprocess Control Service, which is responsible for accepting requests from clients to execute commands and open applications remotely. Because of an error in the way requests from remote clients are validated, crackers could manipulate data and cause a buffer overflow. The CDE is an integrated graphical user interface that runs on Unix and Linux systems. The affected software includes several versions of Hewlett-Packard Co.'s HP-UX, IBM's AIX, Sun Microsystems Inc.'s Solaris and Compaq Computer Corp.'s Tru64 Unix. (Source: IDG News, 13 November) According to Internet Corporation for Assigned Names and Numbers (ICANN) Chairman Vinton Cerf, one of the first things that Internet addressing authorities must do to safeguard the security of the Web is assure themselves that their actions aren't actually opening new security holes. ICANN, the body charged with managing the Internet's worldwide addressing system is meeting all this week to assess the stability and security of the Domain Name System (DNS). The November meeting was originally intended as a forum on ICANN governance, but was retooled to address security in the wake of the terrorist attacks. (Source: Newsbytes, 14 November) Government - On 13 November, a high-ranking Bush administration officials, Deputy Commerce Secretary Sam Bodman and White House electronic security advisor Richard Clarke, visited and toured the secure Herndon, VA., offices of VeriSign, to assess the security precautions being taken by the company. The company controls the technology at the heart of the Internet's global addressing system. The VeriSign facility is part of an ongoing effort to gauge the security of the nation's privately operated critical infrastructure. "Protecting the integrity of the Internet is as important as providing the services and functions we have come to expect from the Internet," a spokesperson said. After seeing the protocols VeriSign has in place, Bodman and Clarke came away very confident that procedures have been taken to protect users in cyberspace. (Source: Newsbytes, 13 November) Military - The US Army is pushing to ensure that the people in charge of the latest tools in warfare are up to date in defending its information and computer networks. Personnel who are key to the service's transformation and its move to digitizing the force are being trained to install, configure, operate, and maintain the latest communications systems and are learning to identify evolving threats to these systems. An initiative is underway to revamp the way the Army trains its communications personnel. The Signal Regiment at Fort Gordon, Georgia, recently announced plans to change its approach from one that provides an overview of a multitude of systems to one that is more assignment-oriented and subsequently facilitates lifelong learning. One essential element of this continuous education is a practice that already is established at Fort Gordon's School of Information Technology. It involves drawing on instructor and student expertise as well as industry paradigms. (Source: www.us.net, 13 November) International - The Electricity Generating Authority of Thailand (EGAT) adopted an open source technology with a recently implemented Internet mail system for 12,500 users nationwide. EGAT Research and Development Office assistant director Chana Sobharaksha said that the agency had a limited budget and so had explored alternatives using free software. EGAT had already implemented a Linux system in 1995 for Internet access but only had a few users who could use the system. After six years of operation, EGAT has implemented around 30 servers, with 80% of these running open source technologies. According to Egat's records, its e-commerce site receives around 30,000 hits a day while the mail server has had e-mail transactions of up to 200,000 a month. The division also runs Solaris, Windows NT, Windows 2000 and True64 Unix systems. (Source: Bangkok News, 14 November) Defacements - The Silver Lords hacking group, has launched a new defacement campaign in support of the terrorist organization Al Qa'ida and its leader, Osama bin Laden. According to the Alldas.de defacement archive, Silver Lords is credited with 1,197 defacements or more than 43% of all defacements recorded worldwide. There has been 12 defacements appearing between 12-14 November with a message stating "Silver Lords are back!" Previously, there were only three Silver Lords defacements for the rest of November, and the group had not been very active since 21 October. Silver Lords issued a call to "All Muslim hackers" but "only the ones we know WFD, PHC, G-Force Pakistan, etc." to contact them at silverlords@private (Source: Alldas.de 13 November) U.S. SECTOR INFORMATION: Gas and Oil Storage Distribution - The DOE is expected to unveil a special unit within the agency that will coordinate homeland defense strategies for the nation's oil and gas sector, industry sources said on 9 November. Last month a group of 11 oil companies told Congress they planned to create a limited liability company to operate and manage an information-sharing and analysis center, under the agency's supervision. Global Integrity, a division of Predictive Systems, Inc., will operate the new energy center. Bobby R. Gillham, manager of global security for Conoco Inc., will serve as coordinator between industry, DOE, and various law enforcement agencies. (Oil and Gas Journal, 9 November) President Bush is ordering the government to add millions of barrels of oil to its emergency stockpile with the size of the increase yet to be determined. With oil prices declining, the DOE last month recommended funneling additional crude into the government's Strategic Petroleum Reserve. The reserve, a string of salt caverns along the Gulf Coast at the Texas-Louisiana border, currently has 544 million barrels of oil, with the capacity to hold 700 million barrels. An additional 48 million barrels is expected to be put into the reserve by the end of next year under existing arrangements. (Source: Washington Post, 13 November) Water Supply - EPA Administrator Christie Whitman said on 9 November that her agency is working hard to find the best available science on how to identify and, if necessary, treat the contamination of the water supplies. Whitman spoke at a news conference with Tom Ridge, director of Homeland Security. Commenting on overall security issues since the terrorist attacks in the US, Whitman said the EPA is "very active in promoting the security of America's drinking water and wastewater systems, and of chemical facilities across the country. In many ways, that's just a continuation of what our mission is: To protect America's health and environment." "This effort has included a very real and aggressive outreach to the water companies, to the sewage treatment companies, to the chemical manufacturers, to give them the best possible advice and information on what they can do to secure their various facilities." (Source: Water Technology, 13 November)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:31:22 PDT