________________________________ From: information_technology-admin@private on behalf of InfraGard Sent: Tue 5/4/2004 7:08 AM To: Information Technology Subject: [Information_technology] Daily News 05/04/04 May 03, Reuters - Sasser worm strikes hundreds of thousands of PCs. The fast-spreading "Sasser" computer worm has infected hundreds of thousands of PCs globally and the number could soon rise sharply, a top computer security official said on Monday, May 3. "If you take a normal Windows PC and connect to the Internet, you will be infected in 10 minutes without protection," said Mikko Hypponen, Anti-Virus Research Director at Finnish data security firm F-Secure. F-Secure says the worm, which surfaced at the weekend, automatically spreads via the Internet to computers using the Microsoft Windows operating system, especially Windows 2000 and XP. "We have already seen three versions of Sasser during the weekend, and we could see more today," Hypponen said. The current worm does not need to be activated by double-clicking on an attachment, and can strike even if no one is using the PC at the time. When a machine is infected, error messages may appear and the computer may reboot repeatedly. Source: http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=5016252§ion=news May 03, Federal Computer Week - Linux has its own security holes. There may be fewer viruses designed to attack the Linux operating system, but experts warn that Linux is no more bulletproof than any other system. Agencies that adopt Linux should be aware of its vulnerabilities, according to Travis Witteveen, of security firm F-Secure Corp. "Computing systems are very similar, whether they're called Linux, Windows, Unix, MacIntosh, or even PocketPC," he said. Vius writers will target Linux when the system gains a high enough profile, Witteveen said. But even now, there are some Linux viruses out in cyberspace. The most damaging Linux virus so far, the Slapper worm, infected 20,000 systems in 100 countries in late 2002, said Laura DiDio, senior analyst of application infrastructure and software platforms for the Yankee Group. "That pales in comparison to the most damaging Windows virus, MyDoom and its variants, which infected several million computers in three weeks," she said. Linux is "on everyone's radar screen," and creators of malicious code are increasingly taking notice, she said. Many Linux viruses don't require user interaction, unlike most Windows attacks that depend on the user to run an attached file in order to infect the computer. Source: http://www.fcw.com/fcw/articles/2004/0503/feat-linux3-05-03-04.asp May 03, Federal Computer Week - Agencies team to develop integrated wireless network. The Integrated Wireless Network (IWN) will provide a common wireless infrastructure to support the departments of Homeland Security, Justice, and Treasury, and officials expect to release their requirements this summer. Bringing three diverse departments together can be challenging, said Mike Duffy, Justice's deputy chief information officer for e-government, citing as an example the number of people needed to approve a memorandum of understanding. But the three agencies' leaders see the benefits and are committed to the project, he said. "The architecture analysis we conducted show there are substantial savings to be had both in cost and spectrum use by consolidating the three departments' resources," Duffy said. The new network will replace the aging wireless systems in many of the departments' components and will be designed to serve more than 80,000 law enforcement and homeland security users at 2,500 radio sites. The statement of objectives for IWN will be released in June or July and will outline the expectations and constraints of the project, officials said. Although the project will initially focus on voice capabilities, it will soon require wireless data capabilities, officials said. Also, the standards-based system must work with state and local law enforcement systems. Source: http://www.fcw.com/fcw/articles/2004/0503/pol-wireless-05-03-04.asp May 03, IDG News Service - Experts probe Sasser, Netsky link. Analysis of the Sasser and Netsky code reveals many similarities between the two worms, even as a new version of the Netsky e-mail worm appeared on Monday, May 3, that capitalized on fears caused by Sasser Internet worms by posing as an antivirus software patch, experts say. Netsky-AC is the thirtieth version of the mass-mailing e-mail worm to be released since Netsky-A appeared in February. Like earlier versions of Netsky, the AC-variant uses e-mail messages and infected file attachments to spread from computer to computer. A message buried in the worm's code and directed to antivirus vendors claims responsibility for Sasser, which first appeared on Friday, April 30. "Hey av firms, do you know that we have programmed the sasser virus?!? Yeah, thats true," the message reads, in part. The message is attributed to "the Skynet," a virus writing group that also claimed responsibility for other Netsky variants. The worm's author or authors included a sample of the Sasser worm raw "source" code as proof of the legitimacy of the claim, says Graham Cluley, senior technology consultant at Sophos. Source: http://www.pcworld.com/news/article/0,aid,115964,00.asp Internet Alert Dashboard Current Alert Levels AlertCon: 2 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 3 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_MYDOOM.A Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 8000 (irdmi), 443 (https), 445 (microsoft?ds), 17300 (Kuang2TheVirus), 80 (www), 137 (netbios?ns), 1434 (ms?sql?m), 3127 (mydoom), 1025 (blackjack) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Tue May 04 2004 - 11:39:05 PDT