-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Tuesday, January 27, 2004 6:49 AM To: Information Technology Subject: [Information_technology] Daily News 1/27/04 January 26, eWeek.com - Bagle-type threats on the rise? While the outbreak last week of the Bagle.A virus was one of the least troublesome in recent memory, security experts worry that the virus-following in the infamous footsteps of 2003's SoBig worms-is a harbinger of more-sophisticated attacks to come. Many in the security community say the SoBig family-and possibly Bagle.A-are the work of an organized group of criminals with bigger plans than merely clogging in-boxes and annoying IT staffs. SoBig.F and Bagle.A have the capability to log users' keystrokes, enabling the theft of passwords and other sensitive data, and are programmed to set up proxies on infected machines for the purpose of sending spam. For IT managers, these worms present new difficulties, given that they don't do any noticeable damage to infected machines but, rather, steal sensitive corporate passwords and other data. Administrators can also look for spikes in traffic on unusual ports or client machines sending large amounts of mail messages. "It's certainly interesting to see [Bagle.A] mirror the techniques in SoBig. It could be that virus writers are using Net users as beta testers before they build the very big ones," said Ian Hameroff, eTrust security strategist at Computer Associates International Inc. Source: http://www.eweek.com/article2/0,4149,1457323,00.asp January 26, Computerworld - Mydoom worm spreading rapidly. A new e-mail worm has appeared on the Internet and is spreading rapidly, according to leading anti-virus companies. The worm, called W32/Mydoom, surfaced late Monday, January 26. "This worm is taking off like a rocket, with well over 20,000 interceptions in just 2 hours of it being discovered," Ken Dunham of iDefense Inc. said. The virus is also being called MiMail.R, Shimg, Novarg and Mydoom, althought it's not certain yet that this code is a variant of the MiMail virus, Dunham said. Mydoom carries varying subjects such as "HELLO" or a blank subject, as well as a variety of messages and attachments. When loaded, it calls up Notepad and displays random characters, while creating a copy of itself and modifying the infected machine's Windows registry to run the code upon start-up. It may open a TCP port to listen for commands from a remote attacker, according to Dunham. "It also attacks sco.com with a DDoS [denial-of-service] attack," said a statement from F-Secure. It can spread by both e-mail and the Kazaa file-sharing system, several anti-virus vendors said. Computer Associates International Inc.'s research labs received 11 copies of the new worm almost simultaneously today, indicating a rapidly spreading infection. The Mercury News reports that Vincent Gullotto of McAfee AVERT said the company had received reports from some companies receiving MyDoom e-mails at rates as great as 1,000 a minute. He added at as many as six Fortune 500 companies have been affected. Source: http://www.computerworld.com/securitytopics/security/virus/story/0,10801 ,89449,00.html Internet Alert Dashboard Current Alert Levels AlertCon: 2 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 2 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: JAVA_BYTEVER.A Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 6129 (dameware), 445 (microsoft?ds), 27374 (SubSeven), 901(realsecure), 17300 (Kuang2TheVirus), 1433 (ms?sql?s), 80 (www) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Tue Jan 27 2004 - 13:32:23 PST