-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Wednesday, November 06, 2002 6:42 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 11/06/02 November 4, CERT/CC Vulnerability Note VU#266817. Sun RPC based libc implementations. Multiple Sun RPC based libc implementations fails to provide time-out mechanism when reading data from TCP connections. A denial-of-service vulnerability exists in multiple vendor Sun RPC based libc implementations. Multiple vendor Sun RPC based libc implementations fail to properly read data from TCP connections. As a result, a remote attacker can deny service to system daemons. A remote attacker can connect to a vulnerable service and cause the service to hang. Source. http://www.kb.cert.org/vuls/id/266817 November 4, IDG News Bride of Funlove virus getting around. A new e-mail worm circulating on the Internet is capable of spreading a variant of the FunLove virus to vulnerable machines running Microsoft Corp.'s Windows operating system, according to statements released by three security companies. The new worm, named W32/Braid.A or I-Worm.Bridex, arrives in an e-mail message without a subject and is contained in an attachment named README.EXE. When recipients double click on the attachment, the worm copies a variant of the FunLove virus to the local system with the name BRIDE.EXE, alters the machine's system registry so that the virus is re-launched each time Windows starts, scans the user's Outlook address book and e-mails copies of itself to any addresses it finds. By taking advantage of a known IFRAME vulnerability in Microsoft's Outlook, Outlook Express and Internet Explorer products, the new worm may be launched without user interaction, according to an alert posted by antivirus software maker Sophos PLC. Source: http://www.idg.net/go.cgi?id=761370 November 2, Associated Press FBI aids probe of hacking. The FBI is assisting in the investigation of a computer hacking that affected thousands of dial-up Internet customers of Touch America, the company said. The hacking occurred Thursday morning and affected about 7,000 customers, most of them in Montana, Touch America said. Company spokesman Cort Freeman said the first hint of trouble was a report from a customer having trouble with a Web site. "We went back through and looked through the monitoring systems and found out where the problem was and we went into a protective strategy to keep customers and their computers safe," Freeman said. It was the first time hackers targeted the company, which also provides fiber-optic and broadband services to customers. The company changed e-mail passwords for the affected customers and beefed up its staff through the weekend to handle calls from people needing new passwords. "It's going well," Freeman said. The telecom company uses several different servers for customers to access the Internet. Source: http://www.billingsgazette.com/index.php?id=1&display=rednews/2002/11/02/bui ld/local/72-hacking.inc Virus: #1 Virus in USA: WORM KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 139(netbios-ssn); 21(ftp); 8080(webcache); 445(microsoft-ds); 25(smtp); 53(domain); 1080(socks) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 08:36:59 PST