-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, December 05, 2001 9:24 AM To: Daily/Warning Distribution Subject: NIPC Daily Report, 5 December 2001 NIPC Daily Report 05 December 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC of the FBI. Significant Changes and Assessment - The National Infrastructure Protection Center (NIPC) issued Alert 01-029 "VBS/Mass-Mailing Worm, W32/Goner.A." The NIPC is monitoring a new mass-mailing worm called W32/Goner.A. This is a very fast-spreading mass-mailing worm that appears to take advantage of Visual Basic Scripting built into Microsoft Outlook and Outlook Express. Developing information indicates that this worm mails itself to all the addresses within the infected computer's Outlook or Outlook Express address book, sets itself as a server process so it does not show up in the task manager, and deletes the anti-virus definitions from many common anti-virus products. The anti-virus software industry is aware of Goner and is providing signature files to download to detect and remove it from infected hosts. Full descriptions and removal instructions are located at the following anti-virus web sites: F-Secure Corp., Network Associates Inc./McAfee.com, Symantec Corp., and Trend Micro Inc. Further information and the alert can be found by visiting http://www.nipc.gov/warnings/assessments/2001/01-029.htm The National Infrastructure Protection Center (NIPC) has revised Assessment 01-028 "Multiple Vulnerabilities in Microsoft Internet Explorer - All Versions." NIPC's revision to Assessment 01-028, now labeled 01-028.1, can be found by visiting http://www.nipc.gov/warnings/assessments/2001/01-028.htm Private Sector - A Linux security vulnerability related to FTP, first spotted in April, is finally getting the attention it deserves as Linux vendors and the Washington University WU-FTP Development Group issued software patches to fix it. The vulnerability, which goes by the cumbersome name the "wu-FTP Globbing Heap Corruption Vulnerability," allows an attacker to take control of Linux servers that rely on the Washington University version of FTP. The vendors whose Linux software is affected include Red Hat, SuSE Linux, Caldera International, Turbolinux, Connectiva, Cobalt Networks, MandrakeSoft, and Wirex. The vendors have either already prepared a patch for the problem or have plans to do so. Not all Linux software is affected by the FTP problem, only that software using the Washington University FTP daemon. System administrators are to contact their Linux vendors for input, since adding patches can affect application performance. (Source: PCWorld.com, 30 November) (NIPC Comment: The NIPC issued Advisory 01-027 "Significant Vulnerability Identified in Common Linux File Transport Protocol Program" locted at the following URL: http://www.nipc.gov/warnings/advisories/2001/01-027.htm) International - The United Overseas Bank (UOB) in Singapore has introduced new security measures to guard against further hacking of its Internet system. On 4 December 2001, UOB announced that customized user names, password features, and menus designed to ease access would be among the security enhancements effected before the end of the week ( Dec 8, 2001). Online customers were locked out of the bank's www.uobgroup.com Web site on 5 July 2001, causing the bank to issue new personal identification numbers. A UOB spokesman characterized the July intrusion as a "technical glitch" in the system. "For security reasons, the bank was not in a position to reveal the nature of the incident at that time," the spokesman said. Online banking has surged in Singapore since the beginning of this year, with the total number of customers logging on from home reaching 300,000 in July, up 50% from January this year, according to the research firm NetValue. (Source: The Star Online, 5 December) Government - A Texas state committee is studying the protection of computer systems that Texas Attorney General John Cornyn calls the "central nervous system of industrial society." The Attorney General's State Infrastructure Protection Advisory Committee will examine protection of computer systems that oversee telecommunications, transportation, energy and water systems. The Committee will work closely with the governor's Task Force on Homeland Security, Cornyn said. The committee has its roots in the Texas Internet Bureau that Corryn's office established more than a year ago. Its mission is to assist law officers in cracking down on cyberterrorism. Retired Admiral Bobby Inman will chair the new advisory committee. (Source: Associated Press, 4 December) Presidential cyber security adviser Richard Clark announced two federal initiatives for improving security of the nation's information infrastructure. The first initiative, a national center for infrastructure simulation would address one of the thorniest problems confronting security researchers: interoperability among network elements. The center would model interrelated infrastructures, including the Internet, telephone networks and power grids, to examine the effects that incidents on one have on the others. The second initiative, a cyberwarning intelligence network, would facilitate communications between and among government and commercial entities. (Source: Government Computer News, 4 December)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:46 PDT