CRIME FW: NIPC Daily Report 26 November, 2001

From: George Heuston (georgeh@private)
Date: Mon Nov 26 2001 - 09:12:25 PST

  • Next message: T. Sugahara: "CRIME W32.Badtrans.B@mm"

     
    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Monday, November 26, 2001 8:36 AM
    To: daily
    Subject: NIPC Daily Report 26 November, 2001
    Importance: High
    
    
    NOTE: Please understand that this is for informational purposes only and
    does not constitute any verification of the information contained in the
    report nor does this constitute endorsement by the NIPC of the FBI. 
    
    The NIPC Daily Report 26 November 
    
    
    Significant Changes and Assessment - A new variant of the Badtrans worm has
    been discovered in the wild.  It is referred to as variant .b by most
    companies.  Badtrans is a mass mailer that attempts to send itself using
    Microsoft Outlook by replying to unread e-mail messages.  The worm exploits
    a known MIME Header vulnerability in Microsoft Internet Explorer that was
    previously reported in Microsoft Security Bulletin MS01-20.  This
    vulnerability allows for the automatic execution of attachments when an
    e-mail is viewed in the Preview Pane of Outlook or Outlook Express.  The
    worm arrives through e-mail with no message text and an attachment that is
    randomly generated from three parts.  Badtrans also installs a trojan that
    is a keystroke logger.  (Source: Multiple Sources, 24-25 November) (NIPC
    Comment: Currently US Anti-virus vendors are rating this worm as a medium
    threat.  Several vendors have released updated anti-virus definition files
    to detect this worm.  The NIPC Malicious Code Team is currently monitoring
    this worm and will advise of any status changes.) 
    
    
    Government - The recently approved antiterrorism law could be used to
    prosecute foreign hackers, a move critics say could make the US the world's
    Internet policeman.  The new prosecutorial powers, which have no parallel in
    other nations, affect computer hacking cases and takes advantage of the
    nation's pivotal role in Internet communications.  The precedent could be
    used to apply to pornography or other crimes in which laws differ between
    nations, according to a former Department of Justice (DOJ) computer crimes
    prosecutor.  A prosecution can occur if any part of a crime takes place
    within US borders.  A large part of the Internet's communications traffic
    goes through the US, even in messages that travel from one foreign country
    to another.  More than 80% of Internet access points in Asia, Africa and
    South America are connected through US cities, according to Jessica Marantz
    of the Internet statistics firm Telegeography.  The DOJ pushed for the
    legislation as a way to fight terrorism, and US interests overseas could be
    protected by the change.  (Source: AP Technology, 22 November) 
    
    
    International - The ALIZ computer virus has caused an epidemic in
    Kazakhstan.  On 22 November, Kazakhstan Today news agency was paralyzed  and
    numerous cases of infection by this virus, already logged in many countries
    around the world.  The Nursat company, which is an Internet Provider in
    Kazakhstan, refused to comment on this issue, saying that it does not track
    such situations.  Experts at the Alma-Media computer center said that
    similar virus epidemics are becoming common in the country.  The last such
    epidemic happened in Kazakhstan six weeks ago.  This time the operations of
    Kazakh media such as Karavan, KTK (Kazakh Commercial TV) television channel
    and the Kazakhstan Today news agency were fully or partially halted on 22
    November.  (Source:  Almaty Kazakhstan Today, 23 November) 
    
    
    According to a 17 November VNExpress, a  Hanoi University student has
    written a network monitoring tool that combines the best features of
    existing anti-hacker programs.  The solution is one of a new generation of
    indigenous software products designed by students and showcased in a
    nationwide contest called "Vietnam Intellect."  The software reportedly
    captures and processes information packets that pass through network cards,
    analyzes telnet and e-mail services, and maintains security across networked
    computers more quickly and accurately than existing software.  The program
    stores all information received on a network in a database for processing or
    lets the user designate which services and addresses are retained for
    analysis.  It displays speed and statistical data about network operations
    to help system administrators deal effectively with stoppages.  (Source;
    VNExpress, 23 November) 
    
    
    Private Sector - NTR 
    Military - NTR 
    
    
    U.S. SECTOR INFORMATION: 
    
    
    Telecommunications - Public safety experts and telecommunications executives
    are growing increasingly concerned about the possibility of attacks on the
    telephone system, a century-old network of copper wires and newer fiber
    optic strands that wind their way through critical but vulnerable hubs.
    Most of the concern involves the prospect of physical attacks on the 100 or
    so most important central offices that route voice calls and Internet
    traffic.  Service for more than 30 million phone lines in the largest cities
    could be interrupted if such attacks were successful.  Another important
    concern focuses on cyber attacks that could shut down parts of the public
    telephone system.  Some information warfare experts also worry about the
    development of weapons that disrupt communications networks with
    electromagnetic bursts.  The worries about the phone network's exposure to
    saboteurs have increased since the collapse of the World Trade Center caused
    nearby switching operations in one of the nation's busiest central offices
    to shut down temporarily.  The National Communications System cited the
    increase in the number of companies that provide telecommunications services
    as one of the main reasons the public telephone network is less secure over
    all.  (Source: New York Times, 23 November) 
    
    
    According to industry players and bankers at a conference in Montpellier,
    France, former monopoly telecom operators are well on their way to becoming
    the dominant sellers of fast Internet to the home over supercharged
    telephone wires.  According to the participants, a mix of complicated
    technology, failed deregulation and a cash crisis has brought a dozen or so
    new telecom carriers in the US and Europe to their knees.  Meanwhile
    incumbent telecom carriers, who a year ago may have feared they would be
    marginalized by competition from new carriers and cable companies, are now
    taking a decisive lead.  Incumbent operators, which already have large
    maintenance staff, are able to control costs much better.  In the US several
    carriers had also passed the one million threshold, giving them scale
    economies hard to beat by any of the new carriers.  Once the incumbent
    telecoms operators have squeezed out ambitious upstarts, regulators will
    likely come in to cut tariffs, but it will be too late to change the
    competitive landscape, one banker said.  (Source: Reuters, 23 November) 
    
    
    Electrical Power  - A blast of winter weather chilled California on 24
    November, toppling trees and knocking out power to 500,000 customers.  Half
    a million Pacific Gas and Electric Company customers lost power on 25
    November, mostly in the northern part of the state. By the evening, crews
    had restored electricity but lights remained out at about 119,000 homes,
    said company spokesman Jonathan Franks.  (Source: Associated Press, 25
    November) 
    
    
    Transportation - NTR 
    Emergency Services - NTR 
    Water Supply - NTR 
    Banking and Finance - NTR 
    Government Services - NTR 
    Gas and Oil Storage Distribution - NTR 
      
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:32:58 PDT