-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, January 09, 2002 7:34 AM To: Daily Distribution Subject: NIPC Daily Report, 9 January 2002 The NIPC Daily Report 09 January 2002 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. The NIPC Watch and Warning Unit compiles this report to provide situational awareness of issues impacting the integrity and capability of the nation's critical infrastructures. Security bug affects all current versions of Internet Explorer for Windows Microsoft has a "severe" flaw in its Internet Explorer web browser. According to ThePull, an independent security researcher who discovered it, the vulnerability provides attackers with a grab-bag of techniques for stealing other users' browser cookies, reading hard disk files, and "spoofing" legitimate web sites. Concerned IE users can protect themselves by disabling active scripting in their browser. (Newsbytes, 7 January) SWF/LFM-926 Virus infects Macromedia Flash; possibly intensifies malicious code threat SWF/LFM is a "proof of concept" virus with a "relatively harmless" payload. But this first-ever assault against Macromedia raises concerns that malicious code writers will gain a new method for infecting Internet users. According to Sophos, an anti-virus software firm, SWF/LFM-926 infects Flash files with an .SWF extension in the current directory on computers running Microsoft Windows operating systems. SW/LFM-926 relies on ActionScript, a scripting language built into Flash, the anti-virus software firm said. When the infected animation plays, it invokes the DOS debugger program and creates a second program that infects other Flash files. (Newsbytes 8 January) National Infrastructure Simulation and Analysis Center augments national security defense The federal government plans to use computer?simulated attacks on the nation's infrastructure to develop national security defenses. Scientists and engineers at the center are putting together a computer simulation of airlines, railroads, gas pipelines, telecommunications and other networks in what the program's overseers call an "acupuncture map" of the nation's critical infrastructures. The goal is to determine the best responses to attacks or breakdowns of the systems that keep the US working. (Washington Times, 9 January) Canadians see bin Laden as a cyber threat The Canadian Office of Critical Infrastructure Protection and Emergency Services has raised the possibility of future cyber attacks by Osama bin Laden agents or sympathizers against critical infrastructure facilities, such as the US telecommunications grid, electric power facilities, or oil and natural gas pipelines. Although there has been no evidence of this kind of activity to date, the Canadians say that Bin Laden's vast financial resources give him the capability to buy the equipment and talent needed for a short order cyberattack. (Computer World, 8 January) Brits experience sharp increase in cyber attack British intelligence unit MI2G reports that attacks on government domains ( .co.uk and .org.uk ) rose 378-percent, from 9 attacks in 2000 to 43 attacks in 2001. Anti-capitalist protests, criminal activities and anti-NATO sentiments were the principal motivations behind the UK attacks. German study recommends counter-hacker options The German Ministry of Defense and the German Foreign Office, in a joint study recommends creating a special office for handling hacker attacks. Officials fear German communications networks and systems would fall too easily to serious government-supported intrusions. The study recommends increasing government spending for preparations against hacker attacks and urges developing national software and cryptographic applications. (Europemedia, 7 January) Livermore network intruder pleads guilty Benjamin Breuninger, AKA "KON" or "KONCEPTOR" online, admitted that he hacked the Livermore network, installed programs to give him ongoing access and downloaded lab budget information. Sentencing is set for 12 April. Breuninger could get five years in prison, and incur a $250,000 fine. (Associated Press, 8 January)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:18 PDT