-----Original Message-----
From: NIPC Watch
To: Daily Distribution
Sent: 12/27/01 6:22 AM
Subject: NIPC Daily Report 27 December 2001
NIPC Daily Report 27 December 2001
NOTE: Please understand that this is for informational purposes only
and does not constitute any verification of the information contained in
the report nor does this constitute endorsement by the NIPC or the FBI.
Significant Changes and Assessment - PC users returning to their
machines after the Christmas break should take care to update their
security software, after two anti-virus firms issued warnings about the
Zoher worm. F-Secure issued a Level Two security alert to users of its
radar security service. F-Secure warned customers that the Zoher worm
arrives in e-mail under the subject line "Scherzo!," usually with a
Javascript attachment. The worm executes automatically on some systems.
Russia's Kaspersky Lab issued a Christmas Day Zoher alert to its
customers, reporting that the worm is 6.6 kilobytes large, and coded in
assembler language. (Newsbytes, 26 December) (NIPC Comment: Currently
major US anti virus vendors are rating the Zoher worm as LOW. The
NIPC's Malicious Code Team continues to monitor Zoher, and will advise
of changes in status, as necessary.)
General - Germany-based E-matters, a Web development company, has found
a hole in Internet Explorer's (IE) authentication of secure sockets
layer (SSL) exchanges that allows Webmasters to use stolen or expired
SSL certificates. The flaw apparently affects only Windows versions of
the IE browser. The problem is that IE does not alert users when an
unauthorized or expired secure certificate is present, thus making them
vulnerable to hackers who could use the SSL to link to an image on an
uncertified server to force the IE browser to later establish a secure
session without the user knowing of the duplicity. The IE problem also
allows otherwise legitimate sites to continue using expired certificates
for other domains. A hacker in the rare position to divert SSL traffic
could pose as a legitimate e-commerce site and hijack transactions
without most IE users knowing. Micorsoft is aware of the problem, but
says it will take some time to fix. (Newsbytes, 26 December)
International - A China National Emergency Response Team/Coordination
Center (CNCERT/CC) survey indicates that the Chinese list of most
prevalent viruses differs from the top ten viruses listed in the United
States and Great Britain. Of three prevalent Chinese viruses (CIH,
Funlove and Binghe), only Funlove was included on the top 10 virus lists
of the US's Securityportal and the UK's Sophos. Zhang Jian, senior
engineer of CNCERT/CC said Internet-related viruses are not found in
China because the networking infrastructure in China is not as
sophisticated as in the western countries. (Asia Computer Weekly, 17
December)
Electric Power - The Diablo nuclear power plant near San Luis Obispo,
California has tightened security measures since 11 September. Public
tours have been canceled. The Coast Guard has cordoned off coastal
access to the plant. Overland, the PG&E twin reactors are buffered by
13,000 acres of private property. Access requires screening through
X-ray machines and explosives and metal detectors. At one checkpoint,
employees slide a card through an electronic reader, then place a hand
in a device that determines if the body and ID card match. (San Jose
Mercury News, 26 December)
Transportation - Airports around the globe put holiday travelers'
footwear under scrutiny after a man allegedly tried to blow up a plane
using explosives in his shoes. The Federal Aviation Administration
(FAA) ordered US airlines and airports on 23 December to be more
vigilant in screening passengers boarding planes. This FAA order
follows a similar one issued on 11 December warning that hijackers might
try to smuggle weapons in their footwear. (MSNBC, 26 December)
The new generation of airport security equipment is designed to go well
beyond the detection of metal objects. The Sentinel from New
Jersey-based Barringer Technologies, Inc. and the Entry Scan from Ion
Track Instruments of Massachusetts blow air on passengers, then analyze
that air for traces of explosives. (CNN 26 December)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:37:57 PDT