-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Monday, July 19, 2004 7:05 AM To: Information Technology Subject: [Information_technology] Daily News 07/19/04 July 16, eWEEK - New Bagle variant heightens alert levels. A new variant on the Bagle worm has elicited increased alert levels from anti-virus companies. Known as W32/Bagle.af@MM to McAfee, WORM_BAGLE.AF to Trend Micro and W32.Beagle.AB@mm to Symantec, the new version is rated "medium on-watch" by McAfee and "category 3 - moderate" by Symantec. According to Trend Micro, once executed, the worm drops a copy of itself in the Windows system folder and sets Windows to load it at startup. It uses an internal SMTP mail engine to send copies of itself to addresses that it harvests from a variety of files on the system. The message may have one of a variety of subject lines and bodies and a spoofed from: address. It also spreads through networks, including peer-to-peer networks, but copying itself to shared folders. Bagle.AF also attempts to stop running security software on the system and to interfere with copies of the Netsky virus. Finally, it opens up a back door on port 1080 for attackers to use on the system. Source: http://www.eweek.com/article2/0,1759,1624336,00.asp July 15, SearchDomino.com - Java applet flaws found in Notes. A trio of newly discovered vulnerabilities in the IBM Lotus Notes R6.x client could put sensitive information on users' PCs at risk, according Jouko Pynnonen, the independent security consultant who discovered the problems. The vulnerabilities stem from unspecified errors that take place when the Notes client handles Java applets. Pynnonen revealed that the vulnerabilities could be exploited through the sending of harmful Java applets to Notes users via e-mail. "It's when you open an e-mail in Notes that may contain malicious applets," Pynnonen said. Certain applets are handled in such a way that allows a hacker to access certain files on a user's hard disk, and possibly retrieve them surreptitiously via e-mail. Pynnonen said it's unlikely that those looking to spread viruses or worms could successfully exploit the vulnerability because its scope is limited. "It can only read some files, and it can't really do many things; it can't execute any code," Pynnonen said. IBM posted an acknowledgment of Pynnonen's alleged findings last Friday on its Lotus Support Services Website. While an official fix is not yet available, Pynnonen said the threat could be eliminated by disabling Java applets. Source: http://searchdomino.techtarget.com/originalContent/0,289142,sid4_gci9929 61,0 0.html July 15, The Korea Times - Seoul plans anti-hacking network in East Asia. South Korea plans to work together with other Northeast Asian countries including Japan and China to create a joint regional monitoring system against hackers and strengthen cooperation with Australia's Computer Emergency Response Team. The Ministry of Information and Communication (MIC) announced on Thursday, July 15, that it will also form an anti-hacking team with 226 private computer security companies nationwide to promote combined efforts against hacking. The task force will coordinate between government agencies and private companies, which run many of the nation's information networks, it said. As part of precautionary measures against cross-border cyber terrorism, internet service providers (ISPs) and Internet service operators such as KT and Hanaro Telecom will be required to report any hacking incidents to the MIC. In addition, the MIC plans to streamline related regulations so that it can make ISPs shut down hackers' access paths and issue hacking warnings. To help small-sized companies, which are particularly vulnerable to network infringement, the MIC will check the systems of 2,400 such firms starting next month. Source: http://times.hankooki.com/lpage/200407/kt2004071516314510440.htm Internet Alert Dashboard DHS/US-CERT Watch Synopsis Over the preceding 24 hours, there has been no cyber activity which constitutes an unusual and significant threat to Homeland Security, National Security, the Internet, or the Nation's critical infrastructures. US-CERT Operations Center Synopsis: Microsoft has released its July Security Updates. Two of these updates are of a critical nature and should be applied to vulnerable systems. For more information, see Microsoft's bulletin here: http://www.microsoft.com/security/bulletins/200407_windows.mspx Current Port Attacks Top 10 Target Ports 9898 (dabber), 135 (epmap), 5554 (sasser-ftp), 445 (microsoft-ds), 4899 (radmin), 137 (netbios-ns), 1433 (ms-sql-s), 443 (https), 1434 (ms-sql-m), 8000 (irdmi) Source: http://isc.incidents.org/top10.html; Internet Storm Center To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Website: www.us-cert.gov. Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Website: https://www.it-isac.org/. _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2.1.3 : Mon Jul 19 2004 - 09:21:37 PDT