-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Tuesday, June 08, 2004 8:37 AM To: Information Technology Subject: [Information_technology] Daily News 06/08/04 June 07, IDG News Service - New worm targets old Windows flaws. Anti-virus software companies are warning customers about a new e-mail worm that targets unpatched Microsoft Windows machines with either of two recently disclosed software vulnerabilities. The new worm, known as both "Plexus" and "Explet.A," was first detected on Wednesday and spreads by exploiting Windows machines with vulnerabilities used by two recent worms, Sasser and Blaster, according to alerts. Like Sasser, Plexus can exploit the recently disclosed hole in the Windows component called Local Security Authority Subsystem Service, or LSASS, which Microsoft patched in April. And, like the Blaster worm that appeared in August 2003, Plexus can also crawl through a hole in a Windows component called the DCOM (Distributed Component Object Model) interface, which handles messages sent using the RPC (remote procedure call) protocol. Plexus spreads in files attached to e-mail messages with faked sender addresses and vague subjects such as "RE: order," "For you," and "Good offer." When users open the virus file, the worm is launched and alters the configuration of Windows so that the worm program runs each time Windows starts. It also scans the hard drive of infected computers, harvesting e-mail addresses from a variety of files, including stored Web pages written in Hypertext Markup Language. Anti-virus companies recommend that Windows users who have not done so already apply software patches for the LSASS and DCOM and update their anti-virus software. Source: http://www.pcadvisor.co.uk/index.cfm?go=news.view&news=3980 June 07, The Register - Virus writers deploy bulk mail software. Hackers have used spamming software to distribute thousands of copies of a new Trojan. Demonize-T is a multi-stage Trojan that uses an object data exploit in Internet Explorer to download and execute an encoded visual basic script from a Website. The Trojan then creates an executable file which appears to download a malicious program from the same website as the original script. Early analysis suggests Demonize-T is similar to previous attacks where malicious code has been used to install key loggers and password stealers. Spammers are increasingly using infected as a platform to distribute spam and this technique has come full circle with virus writers using spam to infect machines in the first place. A patch is available on the Microsoft Website: http://www.microsoft.com/technet/security/bulletin/MS03-040. mspx Source: http://www.theregister.co.uk/2004/06/07/demonize_trojan/ June 07, Federal Computer Week - DISA to develop IT standards. The Defense Information Systems Agency (DISA) will oversee information technology standards for the military, according to new policy issued by Defense Department officials. As executive agent, DISA officials will identify and propose IT standards to develop and implement a standards management strategy. They will let the department carry out network-centric operations across the military and with government agencies, said the May 21 directive, "DoD Executive Agent for Information Technology Standards." DISA officials will create a plan for the department's IT shop, the Office of the Assistant Secretary of Defense for Networks and Information Integration and Chief Information Officer. The strategy will give warfighters fast, secure and easy-to-find information that will let them outsmart and outmaneuver enemy forces, according to the 11-page directive signed by Paul Wolfowitz, DOD deputy defense secretary. The new Department of Defense IT standards policy also tells DISA to participate in industry, government and coalition forces' forums. "Facilitate the commercialization of DOD IT requirements by influencing the development of commercial standards through participation in commercial standards bodies," the directive said. Source: http://fcw.com/fcw/articles/2004/0607/web-disa-06-07-04.asp June 05, New Scientist - Passwords can sit on hard disks for years. As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. When you type in a password, it is stored in random access memory (RAM), where it is held temporarily until other data overwrites it or the computer is switched off. But every so often, the computer copies the contents of its RAM onto hard disk, where it is easy prey for a hacker, who can read it directly or design a worm to email it back. The longer sensitive data stays in RAM, the more likely it is to be copied onto the disk, where it stays until it is overwritten--which might not happen for years. Tal Garfinkel and colleagues from Stanford University have created a software tool called TaintBochs which simulates the workings of a complete computer system. Within the simulation, sensitive data can be tagged, or "tainted", and then tracked as it passes through the system. Such tracking is normally impossible on a computer. In a paper to be presented in August at the USENIX Security Conference in San Diego, CA, they conclude that the programs took virtually no measures to limit the length of time the information is retained. Some of the tested software even copied the sensitive information, apparently without restraint. Source: http://www.newscientist.com/news/news.jsp?id=ns99995064 June 03, Canadian Press - Montrealer arrested for hacking into U.S. government computer. Royal Canadian Mounted Police (RCMP) officers have arrested a Montreal resident for hacking into a U.S. government computer. The federal force carried out the arrest on Friday, May 28, at the request of the Federal Bureau of Investigation. RCMP said in a statement Thursday, June 3, the accused had illegally accessed a router connected to a U.S. Supreme Court warehouse and is suspected of having compromised several computers. The man's computers have been seized and charges could be laid in the future, the RCMP said. Source: http://cnews.canoe.ca/CNEWS/Law/2004/06/03/484817-cp.html Internet Alert Dashboard DHS/US-CERT Watch Synopsis Over the preceding 24 hours, there has been no cyber activity which constitutes an unusual and significant threat to Homeland Security, National Security, the Internet, or the Nation's critical infrastructures. Watch Synopsis: There is a new Worm called Plexus that exhibits many of the same characteristics that MyDoom exhibited. The initial variant does not target federal or military systems, but we can be certain that future variants may do so. This worm appears to be a blended threat and propagates by at least 5 various methods. Current Port Attacks Top 10 Target Ports 135 (epmap), 1026 (nterm), 1027 (icq), 445 (microsoft-ds), 9898 (dabber), 1434 (ms-sql-m), 21 (ftp), 5554 (sasser-ftp), 137 (netbios-ns), 3127 (mydoom) Source: http://isc.incidents.org/top10.html; Internet Storm Center To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Website: www.us-cert.gov. Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Website: https://www.it-isac.org/. _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Tue Jun 08 2004 - 14:53:16 PDT