Return-Path: <sentto-279987-1680-999354008-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 01 Sep 2001 07:21:09 -0700 (PDT) Received: (qmail 8825 invoked by uid 510); 1 Sep 2001 14:20:28 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 1 Sep 2001 14:20:28 -0000 X-eGroups-Return: sentto-279987-1680-999354008-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by mr.egroups.com with NNFMP; 01 Sep 2001 14:20:09 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2); 1 Sep 2001 14:20:08 -0000 Received: (qmail 15278 invoked from network); 1 Sep 2001 14:20:07 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 1 Sep 2001 14:20:07 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 1 Sep 2001 14:20:07 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA28518 for iwar@onelist.com; Sat, 1 Sep 2001 07:18:33 -0700 Message-Id: <200109011418.HAA28518@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 1 Sep 2001 07:18:33 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] news Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit FBI Warns of New Worm, Says No Code Red Suspects Yet By Brian McWilliams, Newsbytes, 8/31/2001 http://www.newsbytes.com/news/01/169601.html The FBI has not yet issued any warrants for the arrest of individuals suspected of authoring the Code Red Worm, a spokesperson for the agency's National Infrastructure Protection Center said today. An investigation into the release of the original worm and several variants is still pending, according to NIPC spokesperson Deborah Weierman. "We haven't said anything about suspects in the Code Red case at this point. We are continuing our analysis and monitoring infected systems. But we are making no comment at this time about whether we have suspects," said Weierman. Separately, the FBI today issued a caution to operators of systems based on the Unix operating system. According to the agency, a new worm dubbed "X.C." has been targeting a vulnerability in the telnet daemon that ships with Sun's Solaris, IBM's AIX, and several versions of Linux. No additional details on the worm were provided by the FBI, which advised operators to apply the appropriate patches from their operating system vendors. Chad Dougherty, an incident analyst with the Computer Emergency Response Team (CERT), told Newsbytes that the security information clearinghouse has received several reports from Unix system administrators of programs and other "artifacts" left behind by what CERT believes may be a new worm exploiting the telnet vulnerability. Dougherty said the information on the new worm is still being collected and CERT has not yet assigned it a name or released an advisory about the code... ======================================================================== New Worm Masquerades As Microsoft Message By Marcia Savage, CRN, 8/31/2001 http://www.securitynewsportal.com/article.php?sid=1749&mode=thread&order=0 The worm comes as an e-mail from Microsoft Support with the message "Invalid SSL Certificate" in the message line. The body of the message says the invalid SSL (Secure Sockets Layer) certificate causes a buffer overrun in Internet Explorer that can allow attackers to access the user's computer. It urges the user to download an attached patch to avoid being attacked. According to Central Command, when activated, the worm first verifies that an Internet connection is available, and once the connection is established, it searches for all files starting with the extension .ht in the My Documents folder. Then it sends itself to the e-mail addresses it extracts from within the files. The fake message that pretends to come from Microsoft says: From: "Microsoft Support" support@microsoft.com Subject: Invalid SSL Certificate Hello, Microsoft Corporation announced that an invalid SSL certificate that web sites use is required to be installed on the user computer to use the https protocol. During the installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by that allows attackers to get access to your computer. The SSL protocol is used by many companies that require credit card or personal information so, there is a high possibility that you have this certificate installed. To avoid of being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge. Have a nice day, Microsoft Corporation Attachment: sslpatch.exe ======================================================================== Reiman Wants to Control RuNet By Yuri Granovsky, via Security News Portal, 8/31/2001 http://www.securitynewsportal.com/article.php?sid=1756&mode=thread&order=0 Vedomosti The Cabinet is considering a draft resolution that if adopted would put the entire Russian Internet under the control of the Communications Ministry. "The Internet is controlled in many countries - China for example," he said, adding that so far his ministry does not have the necessary permission, as the Justice Ministry has not approved the regulatory documentation. Currently, domain names are allocated by the independent noncommercial Regional Network Information Center, or Ru-Center. Ru-Center was established by the Russian Scientific Research Institute for the Development of Social Networks, or RosNIIROS, which is responsible for all technical servicing on RuNet. Registration rights are also held by several major Internet providers in the Union of Internet Operators.... ======================================================================== NIPC ASSESSMENT 01-019: "Buffer Overflow Vulnerability in Telnet Daemon" NIPC, 8/31/2001 http://www.nipc.gov/warnings/assessments/2001/01-019.htm Synopsis: Recently, the cyber security community received numerous reports of intruders using the buffer overflow vulnerability in the telnet daemon program. Security organizations, such as CERT/Coordination Center, cited this vulnerability in a July advisory (http://www.cert.org/advisories/CA-2001-21.html) outlining the vulnerability and solutions to address this problem. Due to the increase of these reports and with the activity of a new worm that has targeted this vulnerability, the NIPC urges the consumers to contact their vendors to obtain the appropriate fix. This vulnerability has the potential to impact the victim by allowing an intruder to copy, delete, or execute any program on the victim's system. A new worm called "x.c", designed to exploit this vulnerability, has been discovered. Although that specific worm has been disabled, other malicious code variants could take advantage of the same vulnerability. Vendor patches are available and NIPC urges consumers to contact their vendor to obtain the appropriate fix for their operating system.... ======================================================================== Security software: blind lead blind By Elias Levy, Security Focus, 8/31/2001 http://www.theregister.co.uk/content/4/21384.html It's incredible that in this day and age some of the most popular security products, products that are marketed as protecting you from the evils of computers, are so badly designed. Case in point: The many antivirus products that failed to detect and stop the highly effective SirCam worm, even when updated with the latest signatures and when configured correctly. ... ======================================================================== India to Open First Cyber Police Station Reuters, 8/31/2001 http://dailynews.yahoo.com/h/nm/20010831/tc/tech_india_crime_dc_1.html India's first police station to exclusively handle cyber crimes such as computer hacking, data damage and Internet fraud (news - web sites) will start work in Bangalore on September 15, police said on Friday. The station, which would cover the state of Karnataka, was launched on Thursday, a senior police official told Reuters. The station, which would cover crimes under India's information technology law passed last year, was aimed at taking quick action on solving cyber crimes, taking the burden from local police. Local police stations would continue to register cyberspace crimes and would also carry out searches. The Cyber Crime Police Station (CCPS) has set up a Web site for complaints (http://ccps.karnatakastatepolice.org). India, joining a handful of nations, last year passed the cyber law that covers a wide range of issues, from the potential of electronic commerce to the possible threats posed by too much policing of Internet. Law and order are state-level subjects under India's constitution, and is governed by the provincial administration. Karnataka had set up in 1999 a cyber crime cell with experts called in from leading Bangalore software firms Wipro Ltd and Infosys Technologies and the Indian Institute of Science. ``The same cell has now been given the status of a police station,'' said the official. ======================================================================== ------------------------ Yahoo! Groups Sponsor ---------------------~--> Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide: "Securing Your Web Site for Business." Get it Now! http://us.click.yahoo.com/n7RbFC/zhwCAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT