CRIME FW: [Cyber_threats] Daily News 11/14/02

From: George Heuston (GeorgeH@private)
Date: Thu Nov 14 2002 - 08:58:34 PST

  • Next message: Lyle Leavitt: "CRIME [Fwd: [Information_technology] Daily News 11/13/02]"

    -----Original Message-----
    From: NIPC Watch [mailto:nipcwatch@private] 
    Sent: Thursday, November 14, 2002 7:34 AM
    To: Cyber Threats
    Subject: [Cyber_threats] Daily News 11/14/02
    
    November 12, InfoWorld - ISS reports more BIND flaws. New vulnerabilities
    have been discovered in the common Berkeley Internet Name Domain (BIND)
    domain name system (DNS) software that could allow hackers to carry out
    denial of service attacks against servers using BIND, according to an
    advisory issued on Tuesday by security company Internet Security Systems
    Inc. (ISS). The ISS advisory details three separate vulnerabilities. All
    three of those vulnerabilities make BIND susceptible to denial of service
    attacks from Internet users or rogue DNS administrators. One of the three
    vulnerabilities also involves a buffer overflow condition in the BIND code
    that could enable malicious code to be placed and executed on the machine
    running the name server software. The newly discovered vulnerabilities all
    allow hackers to use what are referred to as "malformed requests" to attack
    BIND. Such attacks rely on passing invalid or improperly formatted
    information to the BIND DNS, targeting specific weaknesses in the way the
    BIND code processes requests, to cause the DNS server to fail, according to
    Dan Ingevaldson, team leader of ISS's X-Force security research group.
    Source.
    http://www.infoworld.com/articles/hn/xml/02/11/12/021112hnbindflaws.xml?1112
    alert
    
    November 12, Government Executive - Hackers could be planning major attack,
    says White House. A computer worm infecting a popular World Wide Web
    technology is proof that computer hackers have grown more sophisticated and
    could be preparing a significant attack, according to a senior White House
    official. Marcus Sachs, director of communication and infrastructure
    protection at the White House Office of Cyberspace Security, said hackers
    driven to "the back streets and back alleys of the Internet" by intense law
    enforcement scrutiny following the Sept. 11 attacks have quietly been
    building new threats. The worm, widely known as Slapper, is a prime example
    of their abilities, he said. The Slapper worm was identified two months ago,
    but federal officials still are concerned that many infected or at-risk
    organizations and individuals haven't taken adequate steps to protect
    themselves. Sachs said Slapper represents a "double barrel" feat of hacker
    engineering, because it targets two well-known devices that have long been
    considered quite secure. Some believe Slapper is a sign of threats to come.
    "These types of worms have the potential of becoming the much bigger problem
    out there," said Vincent Weafer, senior director of the Symantec Anti Virus
    Research Center in Santa Monica, California. Source.
    http://www.govexec.com/dailyfed/1102/111202h1.htm
    
    Virus: #1 Virus in USA: WORM_KLEZ.H
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
    United States]
    
    Top 10 Target Ports
    137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 443(https); 4665;
    139(netbios-ssn); 25(smtp); 445(microsoft-ds); 27374(asp)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    _______________________________________________
    Cyber_Threats mailing list
    Cyber_Threats@listserv
    http://listserv.infragard.org/mailman/listinfo/cyber_threats
    



    This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 10:21:02 PST