-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Thursday, April 08, 2004 7:13 AM To: Information Technology Subject: [Information_technology] Daily News 04/08/04 April 08, IDG News Service - New Netsky worms change their stripes. New versions of the Netsky e-mail worm are spreading on the Internet. Netsky.S appeared Monday, April 5, and Netsky.T was detected Tuesday, April 6. They are the 19th and 20th editions of an e-mail virus that first appeared in February. Like its predecessors, the new Netsky variants target machines running versions of Microsoft's Windows operating system. The viruses arrive as files enclosed in e-mail messages that have faked (or "spoofed") sender addresses and vague subjects such as "Re: My details," "Request" and "Thank You!" according to anti-virus company Symantec Corp. Earlier versions of the Netsky variant abstained from opening communications ports that could be used as back doors that remote attackers could use to gain access to compromised systems. However, the latest Netsky variants open a back door on TCP Port 6789 that could be used to receive instructions or malicious code from the worm author. Source: http://www.computerworld.com/securitytopics/security/virus/story/0,10801 ,91978,00.html April 06, Federal Computer week - Last draft released for security guide. The National Institute of Standards and Technology (NIST) on April 6 released a final draft of security guidelines for federal agencies that need to certify and accredit their information systems. With May as their target date for publication, NIST officials cited an urgent need to receive comments on the final draft document by April 21. The proposed guidelines are relevant to security requirements that all federal agencies must meet under the Federal Information Security Management Act of 2002. NIST officials incorporated several significant changes in the final draft based on earlier comments they received. Among them are newly defined roles for the chief information officer and senior agency information security officer in the certification and accreditation process. Also new are additional guidelines for low-impact information systems, a revised timetable for interim approval to operate information systems, and a summary table of tasks and subtasks for security certification and accreditation. Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, is available online: Source: http://fcw.com/fcw/articles/2004/0405/web-nist-04-06-04.asp April 06, Federal Computer Week - Industry suggests security improvements. The Corporate Information Security Working Group, which Rep. Adam Putnam (R-FL) convened five months ago, issued several lists of cybersecurity recommendations that Putnam has promised to review before considering any new security legislation on Tuesday, April 6. Most of the recommendations from the group's call on the federal government to provide incentives for good corporate security practices, but they reject any substantial role for the federal government in policing the information security practices of corporations. The group made recommendations on best practices, education, incentives, information sharing and procurement practices. One recommendation was to amend the Clinger-Cohen Act of 1996 to require that federal agencies include computer information security in making IT strategic plans and spending decisions. The recommendations are available online: http://reform.house.gov/TIPRC/News/DocumentSingle.aspx?Docum entID=3030 Source: http://www.fcw.com/fcw/articles/2004/0405/web-putnam-04-06-04.asp April 06, vnunet.com (UK) - F-Secure warns on software flaw. Security vendor F-Secure is urging users to patch their systems after the discovery of two flaws in a version of its anti-virus software that leaves users vulnerable to hackers and virus writers. The first flaw could give hackers complete access to a target PC through a hole that affects F-Secure BackWeb 6.31 and earlier versions. This makes the company's anti-virus, BackWeb and policy management software vulnerable. The second problem is in versions 5.41 and 5.42 of F-Secure's Anti-Virus for MIMEsweeper product. It allows the Sober D worm, which is sent in email-attached Zip files, to bypass the antivirus software and infect PCs. Additional information and a patch available here: http://secunia.com/advisories/11297/ Source: http://www.vnunet.com/News/1154100 Current Alert Levels AlertCon: 1 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_NETSKY.P Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 445 (microsoft?ds), 80 (www), 3127 (mydoom), 137 (netbios?ns), 139 (netbios?ssn), 2745(urbisnet), 1434 (ms?sql?m), 1433 (ms?sql?s), 6129(dameware) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Apr 08 2004 - 08:51:51 PDT