-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Monday, May 17, 2004 7:01 AM To: Information Technology Subject: [Information_technology] Daily News 05/17/04 May 17, IDG News Service - New worm targets Sasser code flaw. A new Internet worm called Dabber is believed to be the first worm that spreads by specifically targeting a flaw in another worm's code, according to LURHQ Corp., a managed security services company. Using code written to exploit the FTP flaw, the recently released worm scans the Internet for Port 5554 to identify computers running Microsoft Corp.'s Windows operating system that are infected with Sasser, LURHQ said. When it finds vulnerable hosts, it connects to the victim and uses a built-in FTP server to transfer the worm file, named package.exe, to the system. When it runs, the Dabber worm installs itself on Windows and then shuts down the Sasser worm and other worm processes, preventing them from running again. Dabber also opens TCP Port 9898 as a back door, which can be used by a remote attacker to download other code or communicate with the infected host, LURHQ said. The original advisory and insturctions for shutting down and removing Dabber are available here: http://www.lurhq.com/dabber.html Source: http://www.computerworld.com/securitytopics/security/virus/story/0,10801 ,93154,00.html May 14, CBS/Associated Press - Phone ignites gas station fire. Flames shot up around a 21-year-old college student whose cell phone rang while he was pumping gas. Firefighters said Matthew Erhorn, a SUNY New Paltz student, received minor burns at a Mobil station near the New York State Thruway Thursday, May 13. It doesn't take much of a charge to ignite gasoline vapors, New Paltz fire chief Patrick Koch said. That's why motorists are told "don't use their cell phones when they're pumping gas," Koch said. There's a sign at the pumps at the New Paltz, NY, gas station warning that cell phones should be turned off for safety while pumping gas. Firefighters believe the cell phone ignited vapors coming from the car's fuel tank as it was being filled. The fire was immediately put out by the service station's fire suppression system, using an oxygen-killing powder. That covered other cars in the gas station parking lot as well as nearby trees. The station will remain closed until the system can be recharged. Source: http://www.cbsnews.com/stories/2004/05/14/tech/main617547.shtml May 14, The Register - Spam fighters infiltrate spam clubs. Spam fighters are gaining vital clues in the battle to keep in-boxes clean of junk mail by infiltrating spammer clubs. Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organizations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory invitation to the members-only forums of these sites is only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques. Instead of using open mail relays or unscrupulous hosts, spammers are using compromised machines to get their junk mail out. Viruses such as My-Doom and Bagle surrender the control of infected machines to hackers. This expanding network of infected, zombie machines can be used either for spam distribution or as platforms for DDoS attacks, such as those that many online bookies have suffered in recent months. Trade in machines for DDoS attacks normally happens in more in more anonymous IRC channels but spammers are tapping into the same resource. Source: http://www.theregister.co.uk/2004/05/14/spam_club/ May 13, Government Computer News - Greater supercomputer coordination urged. A report issued by the White House's Office of Science and Technology Policy recommends that agencies with supercomputers work more closely to share and develop resources. New House legislation introduced last month also calls for greater interagency collaboration, as well as central oversight of federal supercomputing resources. John Marburger, director of the policy office, unveiled the report in a House Science Committee hearing Thursday, May 13, on HR 4218, the High Performance Computing Revitalization Act. The report, Federal Plan for High-End Computing, was conducted by the White House's High-End Computing Task Force. The task force recommended that agencies with supercomputers coordinate in order to provide more computational power for themselves and other users. Introduced by Rep. Judy Biggert (R-IK) on April 28, the High Performance Revitalization Act would establish an interagency advisory committee to oversee a road map for supercomputing development. The report is available online: http://www.ostp.gov/nstc/html/HECRTF-FINAL_051004.pdf Source: http://www.gcn.com/vol1_no1/daily-updates/25888-1.html May 13, Washington Post - States speed up spyware race. State lawmakers' eagerness to crack down on Internet "spyware" could force the federal government to move sooner than expected to pass its own law. Only one state--Utah--has an anti-spyware law, but New York and California both are considering proposals. If enough states pass similar laws, businesses say the resulting "patchwork" of conflicting statutes would be almost impossible to obey, adding further pressure on Congress to act. "If the states are busy writing laws and particularly if they're writing inconsistent laws or laws that strongly interfere with certain markets, that certainly would strengthen the case for federal legislation," said Howard Beales, the Federal Trade Commission's top consumer protection official. At an April FTC hearing on spyware, witnesses testified that computer users often don't know how the programs got onto their machines or how to remove them. Any national spyware law probably would preempt various state laws, much like the federal Can-Spam Act preempted tougher anti-spam laws in California and Washington. Beales said that Congress should not let the threat of state laws goad it into passing a poorly written bill. Source: http://www.washingtonpost.com/wp-dyn/articles/A24746-2004May13.html . May 13, Associated Press - German telecom profit plunges. Deutsche Telekom AG posted an 80 percent drop in first-quarter net profit Thursday, May 13, as earnings slowed at its wireless arm and a German truck toll project continued to hurt its bottom line. Germany's largest telecommunications operator said net profit fell to $200 million when the figure was padded by asset sales and a tax gain. The latest results reflect a charge of $176 million to cover problems with Toll Collect - the troubled project for a satellite-based truck toll system in Germany--after the venture's new management revised its budget. Deutsche Telekom still enjoys faster sales growth than rivals France Telecom SA and Royal KPN NV thanks to its decision not to sell the U.S. mobile arm, T-Mobile USA. However, earnings at the wireless unit weren't as strong as some had expected, with the German business posting a decline in the period. Source: http://www.washingtonpost.com/wp-dyn/articles/A23713-2004May13.html?nav= headlines Internet Alert Dashboard Current Alert Levels AlertCon: 2 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 2 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_NETSKY.P Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 137 (netbios?ns), 80 (www), 139 (netbios?ssn), 443 (https), 21 (ftp), 53 (domain), 111 (sunrpc), 113 (ident), 25 (smtp) _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Mon May 17 2004 - 09:23:16 PDT