CERT has (ahem, finally) released a Sircam advisory this afternoon: http://www.cert.org/advisories/CA-2001-22.html Sircam is an amazingly noxious critter. I'll give you an example. At Wired News, like other news organizations, we have feedback addresses so people can send us thoughts on articles. Those have been the same for at least three years, so they're well-known and available to programs like Sircam that scan hard drives for email addresses. Since 1 am ET Tuesday, we've received about 150 MB of mail directed at those addresses, the vast bulk of it Sircam output. A quick scroll through the messages says about 90 percent of it by message and probably 99 percent of it by size is due to Sircam. Dave Farber wrote on his Interesting People list: >The person/group who launched the SirCam virus should get the first >Cyberspace death-- namely permanent banishment from any network access any >place in the world. We yell endlessly about spam mail but one mess like >this makes spam mail almost interesting Which I heartily endorse. -Declan ********* From: "Bridis, Ted" <Ted.Bridisat_private> To: "'declanat_private'" <declanat_private> Subject: fbi, fyi Date: Wed, 25 Jul 2001 08:53:19 -0400 http://interactive.wsj.com/articles/SB99601609210000000.htm FBI Cyber Researcher Unleashes Virus That E-Mails Private Agency Documents By TED BRIDIS Staff Reporter of THE WALL STREET JOURNAL WASHINGTON -- A researcher in the Federal Bureau of Investigation's cyber-protection unit unleashed a fast-spreading Internet virus that e-mailed private FBI documents to outsiders -- all on the eve of a Senate hearing into troubles at the unit. Although the Sircam virus didn't spread to other computers at the FBI's National Infrastructure Protection Center, it did send at least eight documents to a number of outsiders. One, about the investigation into an unrelated virus, was marked "official use only." The Sircam virus has infected thousands of computers since its discovery last week. FBI spokeswoman Deb Weierman said that no sensitive or classified information about continuing investigations was disclosed Tuesday. The "official use" designation protects documents from disclosure under the U.S. Freedom of Information Act. It isn't uncommon for virus researchers to accidentally infect their own computers, but the mistake was particularly embarrassing because it occurred ahead of a Senate Judiciary panel's oversight hearing about the FBI cyber unit's effectiveness. Lawmakers were expected to focus on other agencies' failure to cooperate fully with the FBI center, and on a perceived lack of trust between the FBI and private-sector groups. The unit generally gets high remarks for its criminal investigations, and even critics say the unit is more effective than it was a year ago. "The effort here is not to embarrass anybody but to stress that a lot of work has to be done," said Republican Sen. Jon Kyl of Arizona. Meanwhile, the White House has begun organizing a new early-warning network for Internet threats. But unlike the current system, it will be coordinated by the Pentagon, not the FBI. The mechanism for warning all U.S. military and civilian agencies -- and ultimately corporations -- will be dubbed the Cyber-Warning and Information Network, or "c-win." Organizers envision dozens of computer centers that could sound an alert when a threat is identified. The network is expected to begin operating in October. The FBI unit, which currently relays these warnings, came under sharp criticism from congressional auditors for issuing tardy alerts. Ms. Weierman, the FBI spokeswoman, called the new network a "useful mechanism" to offer the government a "technical capability that doesn't currently exist." The FBI, she said, wasn't concerned it would lose its warning responsibilities. Tuesday, at least three people said they received some of the FBI documents, including a 23-year-old Internet-security expert in Belgium, Niels Heinen. He operates a Web site that reports on Internet break-ins and speculated that the analyst, Vince Rowe, visited the site on the infected computer. Mr. Rowe didn't respond to a request for comment. Write to Ted Bridis at ted.bridisat_private ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 16:05:21 PDT