CRIME FW: NIPC Daily Report 27 December 2001

From: George Heuston (GeorgeH@private)
Date: Thu Dec 27 2001 - 09:41:38 PST

  • Next message: toby@private: "CRIME address instability & forthcoming change"

    -----Original Message-----
    From: NIPC Watch
    To: Daily Distribution
    Sent: 12/27/01 6:22 AM
    Subject: NIPC Daily Report 27 December 2001
    NIPC Daily Report 27 December 2001
    NOTE:  Please understand that this is for informational purposes only
    and does not constitute any verification of the information contained in
    the report nor does this constitute endorsement by the NIPC or the FBI.
    Significant Changes and Assessment - PC users returning to their
    machines after the Christmas break should take care to update their
    security software, after two anti-virus firms issued warnings about the
    Zoher worm.  F-Secure issued a Level Two security alert to users of its
    radar security service.  F-Secure warned customers that the Zoher worm
    arrives in e-mail under the subject line "Scherzo!," usually with a
    Javascript attachment.  The worm executes automatically on some systems.
    Russia's Kaspersky Lab issued a Christmas Day Zoher alert to its
    customers, reporting that the worm is 6.6 kilobytes large, and coded in
    assembler language. (Newsbytes, 26 December) (NIPC Comment: Currently
    major US anti virus vendors are rating the Zoher worm as LOW.  The
    NIPC's Malicious Code Team continues to monitor Zoher, and will advise
    of changes in status, as necessary.)
    General - Germany-based E-matters, a Web development company, has found
    a hole in Internet Explorer's (IE) authentication of secure sockets
    layer (SSL) exchanges that allows Webmasters to use stolen or expired
    SSL certificates.  The flaw apparently affects only Windows versions of
    the IE browser.  The problem is that IE does not alert users when an
    unauthorized or expired secure certificate is present, thus making them
    vulnerable to hackers who could use the SSL to link to an image on an
    uncertified server to force the IE browser to later establish a secure
    session without the user knowing of the duplicity.  The IE problem also
    allows otherwise legitimate sites to continue using expired certificates
    for other domains.  A hacker in the rare position to divert SSL traffic
    could pose as a legitimate e-commerce site and hijack transactions
    without most IE users knowing.  Micorsoft is aware of the problem, but
    says it will take some time to fix. (Newsbytes, 26 December)
    International - A China National Emergency Response Team/Coordination
    Center (CNCERT/CC) survey indicates that the Chinese list of  most
    prevalent viruses differs from the top ten viruses listed in the United
    States and Great Britain.  Of three prevalent Chinese viruses (CIH,
    Funlove and Binghe), only Funlove was included on the top 10 virus lists
    of the US's Securityportal and the UK's Sophos.  Zhang Jian, senior
    engineer of CNCERT/CC said Internet-related viruses are not found in
    China because the networking infrastructure in China is not as
    sophisticated as in the western countries.  (Asia Computer Weekly, 17
    Electric Power - The Diablo nuclear power plant near San Luis Obispo,
    California has tightened security measures since 11 September.  Public
    tours have been canceled.  The Coast Guard has cordoned off coastal
    access to the plant.  Overland, the PG&E twin reactors are buffered by
    13,000 acres of private property.  Access requires screening through
    X-ray machines and explosives and metal detectors.   At one checkpoint,
    employees slide a card through an electronic reader, then place a hand
    in a device that determines if the body and ID card match.  (San Jose
    Mercury News, 26 December)
    Transportation - Airports around the globe put holiday travelers'
    footwear under scrutiny after a man allegedly tried to blow up a plane
    using explosives in his shoes.  The Federal Aviation Administration
    (FAA) ordered US airlines and airports on 23 December to be more
    vigilant in screening passengers boarding planes.  This FAA order
    follows a similar one issued on 11 December warning that hijackers might
    try to smuggle weapons in their footwear.  (MSNBC, 26 December)
    The new generation of airport security equipment is designed to go well
    beyond the detection of metal objects.  The Sentinel from New
    Jersey-based Barringer Technologies, Inc. and the Entry Scan from Ion
    Track Instruments of Massachusetts blow air on passengers, then analyze
    that air for traces of explosives.  (CNN 26 December)

    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:37:57 PDT