-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Tuesday, January 14, 2003 7:22 AM To: Information Technology; Cyber Threats Subject: [Cyber_threats] Daily News 01/14/03 January 13, Government Computer News Possible war, terrorist threats shape Defense IT agenda. The prospect of war with Iraq is defining the Defense Department's 2003 technology initiatives. U.S. soldiers on the front lines are preparing to use the latest technologies-including wireless communications and high-end cryptography tools-being tested and deployed by DOD, senior department officials said. In the coming months, DOD's technical focus will be squarely on security, boosting projects to develop antiterrorism tools, creating a DOD-wide public-key infrastructure (PKI), expanding IT training, and beginning biometric pilots. Source: http://www.gcn.com/22_1/dod/20843-1.html January 13, ZDNet Virus alert: W32/Sobig-A. Anti-virus experts are warning of a new virus, code-named W32/Sobig-A, which was discovered late last week and spread rapidly over the weekend. Sobig is a mass-mailing worm incorporating its own SMTP engine, according to antivirus companies. It arrives from the e-mail address "big@private" and bears a subject line such as "Re: here is that sample", "Re: Movies", "Re: Document" or "Re: Sample". The e-mail contains an attachment called "Document003.pif", "Sample.pif", "Untitled1.pif" or "Movie_0074.pif". It affects the Windows 95, 98, Me, NT, 2000 and XP platforms. When the attachment is clicked on, it runs a program that searches for files containing e-mail addresses and uses these to send infected e-mails. It also connects to a Web site and downloads a text file containing another Web address, from which it attempts to download and run another program. MessageLabs speculated that this program was a backdoor trojan horse, which could allow a hacker to take control of the user's PC. If there is a local-area network connection, Sobig attempts to copy itself onto shared network folders. CERT/CC has received over one hundred reports of this worm. Anti-virus software companies Sophos, Symantec and McAfee have published instructions on their websites for blocking and removing the worm. Source: http://zdnet.com.com/2100-1105-980338.html January 12, CNN U.S. e-mail attack targets key Iraqis. U.S. military and other U.S. government agencies have begun a surreptitious e-mail campaign inside Iraq in an effort to get some Iraqis to defy President Saddam Hussein. Thousands of e-mail messages have been sent out since Thursday. The disguised e-mails, being sent to key Iraqi leaders, include instructions to the e-mail recipients to contact the United Nations in Iraq if they want to defect. If they do not, the messages warn, the United States will go to war against them. Senior military sources told CNN this was the first time the military had engaged in this type of "information warfare campaign." The U.S. military and intelligence officials were apparently hoping that the Iraqis do not realize where the e-mails are coming from. One official tells CNN the Pentagon wanted "to preserve this capability as long as possible," but once the e-mail campaign was discovered it would be acknowledged publicly. The official also says the United States acknowledges that Iraq may have already shut off some Internet gateways to prevent the e-mails from getting through. He said these same types of messages will now be sent by radio broadcast in the days ahead from U.S. airborne and ground platforms. Source: http://europe.cnn.com/2003/WORLD/meast/01/11/sproject.irq.email Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (http), 1433 (ms-sql-s), 21 (ftp), 445 (microsoft-ds), 4662 (???), 53 (domain), 135 (???), 139 (netbios-ssn), 27374 (asp) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 09:46:53 PST