-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Monday, September 30, 2002 10:02 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 09/30/02 September 27, National Infrastructure Protection Center - NIPC ASSESSMENT 02-008: "Slapper" OpenSSL/Apache Worm. The National Infrastructure Protection Center (NIPC) has been coordinating with the anti-virus and security community on the life cycle of "Slapper," the OpenSSL/Apache worm and all its variants. Currently, infection rates for the four variants have dropped off and will very likely be minimal until the next variant is released into the wild. However, the NIPC is still concerned about the thousands of systems that have already been compromised by the worm. The NIPC strongly urges system administrators, as well as home users of OpenSSL up to and including versions 0.9.6d or 0.9.7beta1, to consider immediately upgrading to the latest version of OpenSSL version 0.9.6g. For users that are trying to determine if their system is infected with the worm, the NIPC is currently modifying its "Find DDoS Tool" to include Slapper. Once modified, this tool will be able to detect the presence of Slapper and all its variants. The NIPC expects to post the tool to its website next week for downloading. Source: http://www.nipc.gov/warnings/assessments/2002/02-008.htm September 27, Electronicnews.net - Hacker groups declare war on U.S. government. A record number of malicious hacking attempts were made this month, and anti-American groups are responsible. So says Mi2g, the London-based security consultancy, which notes that US government on-line computers belonging to the House of Representatives, Department of Agriculture, Department of Education, National Park Service, NASA and the US Geological Survey were attacked in September. According to Mi2g, malicious hacker groups such as S4t4n1c_S0uls, USG, WFD, EgyptianHackers, Arab VieruZ, MHA, The Bugz and FBH, as responsible for many anti-Israeli and anti-Indian attacks, as well as the US targets. Mi2g has recorded 9,011 digital attacks to date in September, following previous record highs of 4,904 and 5,830 recorded in July and August of this year, compared with 3,499 and 2,820 for the same months last year. This month, US-registered domains suffered the most, with 4,157 attacks, well ahead of the number two nation on the list Brazil which suffered 835 attacks. According to DK Matai, chairman and chief executive officer of Mi2g, an increasing number of vulnerabilities are being found in generic operating systems, server software, applications and libraries deployed on mission critical systems. These flaws are often time-consuming to patch and as a result, fixes on these holes are often delayed. Source: http://www.theregister.co.uk/content/55/27320.html September 26, CNET News - VPN flaw puts internal networks at risk. A suspected vulnerability in Microsoft's popular virtual private networking application discovered Thursday could, if confirmed, leave corporate intranets open to attack, said security experts. A security advisory posted by Austrian security firm Phion Information Technologies to Internet mailing lists and the company's Web site said that the vulnerability affects the point-to-point tunneling protocol (PPTP) commonly used in the VPN software bundled in Microsoft's Windows 2000 and XP operating systems for servers and PCs. Companies often use Microsoft's VPN to let employees log into a corporate network remotely via an encrypted channel. Because of the implied security a VPN is supposed to provide, many companies let users connect directly into an internal network--a practice that could make this flaw a valuable one for Internet attackers, warned Marc Maiffret, chief hacking officer for eEye Digital Security. For the text of the Phion alert, please see http://www.phion.com. Source: http://news.com.com/2100-1001-959659.html Virus: #1 Virus in USA: : PE_FUNLOVE.4099Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 80(http); 21(ftp); 1433(ms-sql-s); 103; 139(netbios-ssn); 67(bootps); 25(smtp); 3389; 4665; 6346(morpheus) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 11:27:54 PDT