CRIME FW: [Information_technology] Daily News 12/09/03

From: George Heuston (GeorgeH@private)
Date: Tue Dec 09 2003 - 10:00:11 PST

  • Next message: Alan: "CRIME Good article on spammer hijacking machines"

    -----Original Message-----
    From: information_technology-admin@private
    [mailto:information_technology-admin@private] On Behalf
    Of InfraGard
    Sent: Tuesday, December 09, 2003 7:12 AM
    To: Information Technology
    Subject: [Information_technology] Daily News 12/09/03
    
    December 08, New York Times - Hackers steal from pirates, to no good
    end.
    Rogue programs known as "Trojan horses" are used by hackers to mask
    their
    identities by using unwitting people's computers as relay stations. It
    had
    been assumed that investigators could ultimately shut down a system by
    identifying the server computer used as the initial launching pad. But
    computer expert Joe Stewart has said that a program called
    Backdoor.Sinit
    uses the commandeered machines to form a peer-to-peer network like the
    Kazaa
    program used to trade music files. Each machine on the network can share
    resources and provide information to the others without being controlled
    by
    a central server machine. When there is no central machine, "these
    tactics
    make it impossible to shut down," he said. Rings of infected computers
    have
    been used to send spam, present online advertisements for pornographic
    Websites, or trick people into giving up information like credit card
    numbers. "Sinit appears to have been created as a money-making
    endeavor,"
    Stewart said. "This Trojan is also further evidence that money, not
    notoriety, is now the major driving force behind the spread of malware
    these
    days." On Websites frequented by hackers, spammers and people who
    identify
    themselves as practitioners of credit card fraud, the remote-access
    networks, or "radmins," are offered openly. Source:
    http://www.nytimes.com/2003/12/08/technology/08trojan.html
    
    December 07, - Cybercops and robbers growing trickier on World Wide Web.
    When the World Summit on the Information Society convenes in Geneva,
    Switzerland, December 10 to 12, leaders will seek to build on their
    success
    in developing better cross-border guidelines to fight online crime.
    Investigators say organized crime rings and terror groups are using the
    Internet to expand their reach and exploit the Web's anonymity to stay
    one
    step ahead of the law. Internet experts are particularly concerned about
    the
    potential for "cyber terrorism" in which the Internet is used to shut
    down
    computer networks, potentially disabling vital infrastructure at banks,
    airports and emergency services. "It is not at all unusual for a
    regional
    conflict to have a cyber dimension, where the battles are fought by
    self-appointed hackers operating under their own rules of engagement,"
    said
    Dorothy Denning, a cyber terrorism expert at the Naval Postgraduate
    School
    in Monterey, CA. "A rash of cyber attacks have accompanied the conflict
    between Israel and the Palestinians, the conflict over Kashmir, and the
    Kosovo conflict, among others." Denning said that for now, at least,
    studies
    indicated that anything more than irritating cyber attacks were still
    difficult for most extremists to mount -- although the future could hold
    more technically savvy terrorists. Source:
    http://www.abc.net.au/news/newsitems/s1005154.htm
    
    December 05, eWEEK - Oracle issues high-severity vulnerability warning.
    Oracle issued a high severity security alert warning Thursday, December
    4,
    confirming that a variety of its server products could be tampered with
    through vulnerabilities via the OpenSSL protocol. The flaws could
    potentially open the door for a remote hacker to cause a
    denial-of-service
    (DoS) attack, execute arbitrary code, and gain access privileges. The
    notification addresses SSL vulnerabilities detailed in CERT Advisory
    CA-2003-26 and SSL vulnerabilities detailed in several older Common
    Vulnerabilities and Exposures (CVE) Candidates. Products concerned with
    the
    vulnerability include certain releases of Oracle9i Database Server,
    Oracle8i
    Database Server, Oracle9i Application Server, and Oracle HTTP Server.
    Additional information is available on Oracle's Website:
    http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf Source:
    http://www.eweek.com/article2/0,4149,1405700,00.asp
    
    
    Current Alert Levels
    AlertCon: 1 out of 4
    https://gtoc.iss.net
    
    Security Focus
    ThreatCon: 1 out of 4
    http://analyzer.securityfocus.com/
    
    Current Virus and Port Attacks
    Virus: #1 Virus in the United States: JAVA_BYTVERIFY.A
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    
    Tracking Center
    [Infected Computers, North America, Past 24 hours, #1 in United States]
    
    Top 10 Target Ports 135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 139
    (netbios?ssn), 445 (microsoft?ds), 80 (www), 21 (ftp), 53 (domain), 1433
    (ms?sql?s), 57 (priv?term)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    _______________________________________________
    Information_technology mailing list
    Information_technology@listserv
    



    This archive was generated by hypermail 2b30 : Tue Dec 09 2003 - 10:56:34 PST