CRIME FW: [Information_technology] Daily News 1/12/04

From: George Heuston (GeorgeH@private)
Date: Mon Jan 12 2004 - 11:57:28 PST

Next message: George Heuston: "2nd Call -- CRIME Meeting 13 Jan @10AM @ Zoo"

Previous message: George Heuston: "2nd Call -- CRIME Meeting 13 Jan @10AM @ Zoo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: information_technology-admin@private
[mailto:information_technology-admin@private] On Behalf
Of InfraGard
Sent: Monday, January 12, 2004 6:45 AM
To: Information Technology
Subject: [Information_technology] Daily News 1/12/04

January 09, Government Computer News - New malware masquerades as
Microsoft
update. A Trojan horse program that appears to be a Microsoft security
update can download malicious code from a remote Web site and install a
back
door on the compromised computer, leaving it vulnerable to remote
control.
IDefense Inc., computer security company, said the malicious code is the
latest example of so-called social engineering to fool Windows users. It
is
similar to the W32Swen worm, which last year passed itself off as a
Microsoft patch. "The success of Swen in 2003 encouraged virus writers
to
put effort into creating official-looking e-mails and Web sites," said
Ken
Dunham, director of malicious code for iDefense. The Trojan arrives as
an
attachment to an e-mail that appears to be from
Windowsupdate@private
The subject line says, "Windows XP Service Pack (Express)-Critical
Update."
The message describes the attachment, WinxpSp1.A, as a cumulative patch
that
corrects security flaws in versions of Microsoft Internet Explorer,
Outlook
and Outlook Express. It downloads an executable file that will open a
TCP
port to listen for remote commands from the attacker. Source:
http://www.gcn.com/vol1_no1/daily-updates/24599-1.html

Internet Alert Dashboard
Current Alert Levels
AlertCon: 1 out of 4
https://gtoc.iss.net

Security Focus
ThreatCon: 1 out of 4
http://analyzer.securityfocus.com/

Current Virus and Port Attacks
Virus: #1 Virus in the United States: WORM_LOVGATE.G
Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus

Tracking Center
[Infected Computers, North America, Past 24 hours, #1 in United States]
Top 10 Target Ports 135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 1433
(ms?sql?s), 554 (rtsp), 6129 (dameware), 80 (www), 445 (microsoft?ds),
53
(domain), 139 (netbios?ssn)
Source: http://isc.incidents.org/top10.html; Internet Storm Center

_______________________________________________
Information_technology mailing list
Information_technology@listserv

Next message: George Heuston: "2nd Call -- CRIME Meeting 13 Jan @10AM @ Zoo"
Previous message: George Heuston: "2nd Call -- CRIME Meeting 13 Jan @10AM @ Zoo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 12 2004 - 14:27:11 PST