CRIME FW: [Information_technology] Daily News 05/04/04

From: George Heuston (GeorgeH@private)
Date: Tue May 04 2004 - 10:57:27 PDT

  • Next message: Quinby, Kris (MED): "[PLUG-ANNOUNCE] Security/Network Engineer Position at GE Healthcare"

     
    
    ________________________________
    
    From: information_technology-admin@private on behalf of InfraGard
    Sent: Tue 5/4/2004 7:08 AM
    To: Information Technology
    Subject: [Information_technology] Daily News 05/04/04
    
    
    
    May 03, Reuters - Sasser worm strikes hundreds of thousands of PCs. The
    fast-spreading "Sasser" computer worm has infected hundreds of thousands of
    PCs globally and the number could soon rise sharply, a top computer security
    official said on Monday, May 3. "If you take a normal Windows PC and connect
    to the Internet, you will be infected in 10 minutes without protection,"
    said Mikko Hypponen, Anti-Virus Research Director at Finnish data security
    firm F-Secure. F-Secure says the worm, which surfaced at the weekend,
    automatically spreads via the Internet to computers using the Microsoft
    Windows operating system, especially Windows 2000 and XP. "We have already
    seen three versions of Sasser during the weekend, and we could see more
    today," Hypponen said. The current worm does not need to be activated by
    double-clicking on an attachment, and can strike even if no one is using the
    PC at the time. When a machine is infected, error messages may appear and
    the computer may reboot repeatedly. Source:
    http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=5016252§ion=news
    
    May 03, Federal Computer Week - Linux has its own security holes. There may
    be fewer viruses designed to attack the Linux operating system, but experts
    warn that Linux is no more bulletproof than any other system. Agencies that
    adopt Linux should be aware of its vulnerabilities, according to Travis
    Witteveen, of security firm F-Secure Corp. "Computing systems are very
    similar, whether they're called Linux, Windows, Unix, MacIntosh, or even
    PocketPC," he said. Vius writers will target Linux when the system gains a
    high enough profile, Witteveen said. But even now, there are some Linux
    viruses out in cyberspace. The most damaging Linux virus so far, the Slapper
    worm, infected 20,000 systems in 100 countries in late 2002, said Laura
    DiDio, senior analyst of application infrastructure and software platforms
    for the Yankee Group. "That pales in comparison to the most damaging Windows
    virus, MyDoom and its variants, which infected several million computers in
    three weeks," she said. Linux is "on everyone's radar screen," and creators
    of malicious code are increasingly taking notice, she said. Many Linux
    viruses don't require user interaction, unlike most Windows attacks that
    depend on the user to run an attached file in order to infect the computer.
    Source: http://www.fcw.com/fcw/articles/2004/0503/feat-linux3-05-03-04.asp
    
    May 03, Federal Computer Week - Agencies team to develop integrated wireless
    network. The Integrated Wireless Network (IWN) will provide a common
    wireless infrastructure to support the departments of Homeland Security,
    Justice, and Treasury, and officials expect to release their requirements
    this summer. Bringing three diverse departments together can be challenging,
    said Mike Duffy, Justice's deputy chief information officer for
    e-government, citing as an example the number of people needed to approve a
    memorandum of understanding. But the three agencies' leaders see the
    benefits and are committed to the project, he said. "The architecture
    analysis we conducted show there are substantial savings to be had both in
    cost and spectrum use by consolidating the three departments' resources,"
    Duffy said. The new network will replace the aging wireless systems in many
    of the departments' components and will be designed to serve more than
    80,000 law enforcement and homeland security users at 2,500 radio sites. The
    statement of objectives for IWN will be released in June or July and will
    outline the expectations and constraints of the project, officials said.
    Although the project will initially focus on voice capabilities, it will
    soon require wireless data capabilities, officials said. Also, the
    standards-based system must work with state and local law enforcement
    systems. Source:
    http://www.fcw.com/fcw/articles/2004/0503/pol-wireless-05-03-04.asp
    
    May 03, IDG News Service - Experts probe Sasser, Netsky link. Analysis of
    the Sasser and Netsky code reveals many similarities between the two worms,
    even as a new version of the Netsky e-mail worm appeared on Monday, May 3,
    that capitalized on fears caused by Sasser Internet worms by posing as an
    antivirus software patch, experts say. Netsky-AC is the thirtieth version of
    the mass-mailing e-mail worm to be released since Netsky-A appeared in
    February. Like earlier versions of Netsky, the AC-variant uses e-mail
    messages and infected file attachments to spread from computer to computer.
    A message buried in the worm's code and directed to antivirus vendors claims
    responsibility for Sasser, which first appeared on Friday, April 30. "Hey av
    firms, do you know that we have programmed the sasser virus?!? Yeah, thats
    true," the message reads, in part. The message is attributed to "the
    Skynet," a virus writing group that also claimed responsibility for other
    Netsky variants. The worm's author or authors included a sample of the
    Sasser worm raw "source" code as proof of the legitimacy of the claim, says
    Graham Cluley, senior technology consultant at Sophos. Source:
    http://www.pcworld.com/news/article/0,aid,115964,00.asp
    
    
    Internet Alert Dashboard
    Current Alert Levels
    AlertCon: 2 out of 4
    https://gtoc.iss.net
    
    Security Focus
    ThreatCon: 3 out of 4
    http://analyzer.securityfocus.com/
    
    Current Virus and Port Attacks
    Virus: #1 Virus in the United States: WORM_MYDOOM.A
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center
    [Infected Computers, North America, Past 24 hours, #1 in United States]
    
    Top 10 Target Ports
    135 (epmap), 8000 (irdmi), 443 (https), 445 (microsoft?ds), 17300
    (Kuang2TheVirus), 80 (www), 137 (netbios?ns), 1434 (ms?sql?m), 3127
    (mydoom), 1025 (blackjack)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    
    
    _______________________________________________
    Information_technology mailing list
    Information_technology@listserv
    



    This archive was generated by hypermail 2b30 : Tue May 04 2004 - 11:39:05 PDT