[iwar] [fc:Feds,.industry.contemplated.Nimda.curfew]

From: Fred Cohen (fc@all.net)
Date: 2001-09-21 19:17:10
Next message: Fred Cohen: "[iwar] [fc:Anti-US.Hacker.Hits.World.Trade.Portal]"
Previous message: Tony Bartoletti: "Re: [iwar] [fc:PGP.Author.Grieves.from.Terror]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200109220217.TAA32460@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Fri, 21 Sep 2001 19:17:10 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Feds,.industry.contemplated.Nimda.curfew]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Feds, industry contemplated Nimda curfew 
By Brian McWilliams, Newsbytes 9/21/01
<a href="http://www.computeruser.com/news/01/09/20/news13.html">http://www.computeruser.com/news/01/09/20/news13.html>

Concerned that home computer users may not be aware of the true dangers
of a new Internet worm, a powerful coalition of U.S.  government and
industry groups contemplated advising citizens to stay off the Internet
completely to avoid being infected by Nimda. 

In a private conference call conducted today, members of the
coalition--which includes representatives of such government
organizations as the Federal Bureau of Investigation, the Central
Intelligence Agency, and the Department of Justice, as well as
corporations including Microsoft, UUnet, and Network Associates -
expressed concern that the new worm could cause serious damage if not
stopped promptly. 

"This has really got to be watched.  We need to look at worst case
scenarios if something were to happen," said one federal official
participating on the call. 

The cyber-security group planned to issue a press release later this
evening to draw public attention to Nimda and to direct Internet users
to an advisory published today by the Computer Emergency Response Team
(CERT).  CERT is a federally funded computer security information
clearinghouse at Carnegie Mellon University. 

In a similar move in late July, members of the consortium held a press
conference to warn the country about the potential for a "stronger"
version of the Code Red worm, which later came to be called Code Red II. 

While estimates of the number of systems infected today by Nimda were
not available, security experts said the worm appeared to be spreading
rapidly and was causing widespread Internet congestion. 

During the coalition's ninety-minute meeting today, technical experts
expressed concerns that Nimda may have opened back doors or "file
shares" on thousands of infected computers, rendering them vulnerable to
future attacks. 

Members of the consortium also openly worried about Nimda's ability to
spread itself to users who simply visit an infected Web site while using
an older version of Microsoft's Internet Explorer browser. 

A Microsoft representative participating in the call conceded that
"there seems to be potential for customer confusion" but said the
company is preparing an advisory of its own to be released soon. 

Because Nimda is a complex worm that can infect both servers and desktop
Windows computers with any of at least four different means, some
members of the group suggested simplifying their warning about Nimda. 

"If you browse an infected Web site, you could become infected.  That's
most likely to scare them into patching their software," suggested one
government security expert attending the call. 

But that notion was quickly shot down. 

"You're going to cause unmitigated hell.  Sites like Amazon and eBay are
going to say you people are creating panic and pandemonium," cautioned
one official. 

A member of the Department of Justice's computer crime section inquired
whether the worm contained any code that could issue distributed denial
of service (DDoS) attacks. 

The response from technical experts was equivocal.  They noted that
while such a DDoS capability has not yet been detected, the worm does
contain code that checks the system's clock--a feature which one expert
called "a possible time bomb."

Participants also disagreed over whether the worm, which began to hit
systems hard around 9:00 a.m.  Eastern today, was somehow tied to the
terrorist attacks exactly one week before. 

At a press conference earlier today, Attorney General John Ashcroft said
the U.S.  does not believe there is a connection between Nimda and the
attacks.  But during the cyber-security consortium's meeting today, a
representative of one government group suggested there may be new
information to the contrary. 

"Let me just say that we beg to differ with that," said the official. 

The new worm's rapid spread, and the lack of clear information about
mitigating its effects, clearly demonstrates that new mechanisms are
needed for disseminating information about computer security threats,
according to a university-based security expert on the call. 

"I think we need to change the paradigm.  It's obviously not having the
effect that is necessary to prevent this number of systems from being
infected this rapidly," said the expert. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Anti-US.Hacker.Hits.World.Trade.Portal]"
Previous message: Tony Bartoletti: "Re: [iwar] [fc:PGP.Author.Grieves.from.Terror]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:47 PDT