NewsBits for August 19, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ New computer virus clogs e-mail inboxes A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week's outbreak of the Blaster worm. The new virus, named ``Sobig.F'' by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail. MessageLabs Inc., a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday Tuesday, making it by far the most active virus of the day.,39001150,39146897,00.htm,1377,60103,00.html Sobig-F is 'worst variant yet',39020375,39115807,00.htm Sobig.f prevention and cure Two worm strains spreading on the Internet The U.S. Department of Homeland Security (DHS) yesterday released an advisory warning users that a variant of last week's Blaster worm, dubbed "nachi," "welchia" or "msblast.D," could cause denial-of-service conditions within organizations. Meanwhile, a new variant of the Sobig worm, dubbed W32/Sobig-F, is spreading rapidly via e-mail and network shares, security companies warned today.,10801,84156,00.html Computer Virus Hurts Air Canada System A computer virus designed to inoculate against another infection brought down some computer networks Tuesday, forcing Air Canada to check in passengers manually at airports across the country. Long lines formed at counters at Vancouver International Airport as the virus slowed Air Canada's computer system, spokeswoman Laura Cooke said. The virus, of the self-spreading kind known as a "worm," affected the airline's call center in Toronto and check-in systems across the country, she said. Worm aims to eradicate Blaster As if last week's Blaster worm didn't cause enough damage, there are now reports of a worm that breaks into Windows- based computers to try to delete any trace of the Blaster worm infection, and then downloads the patch Microsoft developed to fix the vulnerability that Blaster exploits. First spotted in Asia, the worm is being called Nachi, Welchia or MSBlast.B, according to at least three antivirus firms that have analyzed its code.,1,7168584.story Navy says intranet hit by worm but still functioning The Navy confirmed late today that its multibillion-dollar Navy/Marine Corps Intranet (N/MCI) was hit by a variant of the Blaster worm, but it said that earlier statements that the network had been taken off-line were inaccurate. Nicolle Rose, a Navy spokeswoman, said the N/MCI was first affected by the Blaster variant, also known as W32.Welchia.Worm, Blast.D and Nachi, at 3:05 p.m. yesterday. "The attack affected only the unclassified portion of the N/MCI network, has been contained, and cleanup is in progress," Rose said.,10801,84158,00.html Virus hits Navy Marine Corps Intranet Navy fences in Welchia worm IRS takes blanket approach to Blaster worm Blaster variant may cause DOS attacks,10801,84148,00.html Nachi prevention and cure Cyber attack hits New Zealand,1227,214398-1-7,00.html Are You a Good or a Bad Worm?,1377,60081,00.html As the Worm Turns: Lessons from Blaster Microsoft Mulls Security in Wake of Worm Microsoft cerebrates fifteen years of poor security - - - - - - - - - - Slammer worm crashed Ohio nuke plant network The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned. The breach did not post a safety hazard. The troubled plant had been offline since February, 2002, when workers discovered a 6-by-5-inch hole in the plant's reactor head. Moreover, the monitoring system, called a Safety Parameter Display System, had a redundant analog backup that was unaffected by the worm. - - - - - - - - - - Court Overturns Porn Conviction An appeals court has reversed a Somerset County man's conviction on child pornography charges. The judges said the state must prove that images found on Allen May's computer were actual children and not computer- generated. The 72-year-old was sentenced to five years in 2001 after being convicted of receiving, possessing and distributing child pornography. He was paroled last year while his appeal was pending. - - - - - - - - - - Child-porn suspect free on bond A former Catawba Nuclear Station supervisor accused by authorities of downloading child pornography from his workplace computer in January was released on bond Monday after a hearing in a Columbia court. A grand jury indicted Smith last week on 14 counts of second-degree sexual exploitation of a minor and one count of second-degree computer crime. He is accused of downloading a series of videos showing adults engaged in sexual acts with children, and other videos reportedly showing minors engaged in sexual acts with other minors. - - - - - - - - - - NURSING UNION BACKS CHILD PORN CASE DOC Nursing leaders today backed a decision to reinstate a gynaecologist who was placed on the sex offender's register after accepting a caution from police investigating child pornography on the internet. Charles Redman was last week given his PS80,000-plus job back at the University Hospital of North Staffordshire following a 10-hour disciplinary hearing. - - - - - - - - - - Minn. Library Settles Web Porn Suit A legal settlement in Minneapolis could have implications for libraries everywhere. The Minneapolis library system has agreed to settle a lawsuit with 12 librarians over Internet pornography. The librarians had complained that by allowing patrons to "surf" online porn sites and print out Internet pornography, the library had created a hostile work environment. It's going to cost the library plenty. As part of the settlement, the library system will pay nearly $500,000 to the offended employees, and will increase penalties against Internet violators. - - - - - - - - - - Citibank warns of e-mail scam Citibank, a division of New York-based Citigroup Inc., is warning customers to immediately delete a scam e-mail asking them to provide their user names and the first four digits of their bank cards. The e-mail, which appears to come from Citibank with the subject "Your Checking Account at Citibank," warns bank customers that theirchecking accounts could be blocked if they don't provide their user information, the bank said yesterday in a statement.,10801,84146,00.html,1,5099048.story Fake ads target unwary loan seekers - - - - - - - - - - Missing eBay DVD claims 'exaggerated', says trader Zippymilk, the elusive trader who's left hundreds of people waiting weeks for the arrival of DVDs they've paid for after winning auctions on eBay, has denied any wrongdoing. As first reported on The Register earlier this month, patience is wearing thin among the estimated 800 customers of zippymilk (aka Adrian Bailey, 33, of Great Yarmouth, Norfolk). They are growing tired of a succession of excuses he has offered for the non-arrival of goods they secured in eBay auctions. - - - - - - - - - - Ashcroft defends Patriot Act Law enforcement officials can use better technology to communicate with one another and investigate suspected terrorists because of the USA Patriot Act, Attorney General John Ashcroft said today. "We have used the tools provided to fulfill our first responsibility to protect the American people," he said in speech at the American Enterprise Institute, where he defended the act and outlined its benefits.,2100,60102,00.html - - - - - - - - - - Lawmakers approve privacy bill in time to head off initiative With a tougher ballot proposal waiting in the wings, lawmakers on Tuesday sent Gov. Gray Davis a long- stalled bill that supporters said would create the nation's toughest financial records privacy law. "It was a long time in coming but it was worth the wait," Sen. Jackie Speier said before the Senate voted 31-6 to adopt the same version of the legislation that passud the Assembly a day earlier with unusual speed. - - - - - - - - - - Recording industry asks court to overturn file-sharing ruling A group of entertainment companies have asked a federal appeals court to overturn a landmark court decision that short-circuited their efforts to sue two computer file- sharing software distributors for the illegal online swapping of songs and movies by their users. In a sealed brief submitted late Monday to the 9th U.S. Circuit Court of Appeals, the companies argued that federal Judge Stephen Wilson departed from well-established copyright law when he ruled in April that Grokster Ltd. and StreamCast Networks Inc. could not be held liable for their users' copyright violations. Will you be sued by the music industry? The Recording Industry Association of America says it will not go after small violators when it sues people who illegally share songs on the Internet. The assurance came in a written response to questions by Minnesota Sen. Norm Coleman, chairman of the Senate Governmental Affairs' Permanent Subcommittee on Investigations. Coleman plans to hold hearings on the RIAA's campaign, which he has labeled "excessive." - - - - - - - - - - FCC delays rules against junk faxes to 2005 The Federal Communications Commission has delayed until 2005 a new rule requiring companies to obtain written permission before sending unsolicited faxes. The new regulations originally were to take effect next Monday, but the commission earlier this week agreed to delay the starting date to Jan. 1, 2005. The FCC said the delay will give businesses more time to get signed approval forms from people to whom they want to send faxes, and will provide more time for the commission to respond to requests to reconsider the new rules. - - - - - - - - - - FTC chairman says proposed do-not-spam list won't help Federal Trade Commission Chairman Timothy Muris said Tuesday that efforts in Congress to establish a list of Internet users who don't want ``spam'' e-mails won't fix the growing problem. ``If such a list were established, I'd advise customers not to waste their time and effort,'' Muris said at the Aspen Summit, a telecommunications and technology summit. ``Most spam is already so clearly illegitimate that the senders are no more likely to comply with new regulations than with the laws they now ignore.'' - - - - - - - - - - Privacy advocates call for RFID regulation A handful of technology and consumer privacy experts testifying at a California Senate hearing Monday called for regulation of a controversial technology designed to wirelessly monitor everything from clothing to currency. The hearing, presided over by state Sen. Debra Bowen, focused on an emerging area of technology that's known as radio frequency identification (RFID). Retailers and manufacturers in the United States and Europe, including Wal-Mart Stores, have begun testing RFID systems, which use millions of special sensors to automatically detect the movement of merchandise in stores and monitor inventory in warehouses. - - - - - - - - - - UK sets up DVD piracy task force The UK film industry and the government are joining forces to take on DVD pirates. The British film industry and the government have decided to set up a new body charged with tackling movie piracy, it was announced on Monday. The taskforce will be chaired by UK Film Council director Nigel Green and will include representatives from the actors' union Equity; the Department of Culture, Media and Sport; and assorted industry types including producers, distributors and cinema owners.,39020651,39115790,00.htm - - - - - - - - - - Security agency 'needs funds' AUSTRALIA'S peak virus and hacker incident detection agency, AusCERT, will be unable to adequately deal with increasing electronic attacks without a major boost in funding, according to security expert Nick Ellsmore. Despite greater awareness of growing terrorists threats to physical security in Australia, potentially devastating electronic attacks had remained largely ignored, said Mr Ellsmore, a consultant and director of security firm SIFT.,4057,6994427%255E15319,00.html - - - - - - - - - - Dean campaign says it spammed Howard Dean's presidential campaign acknowledged on Monday that it had spammed an undisclosed number of people with unsolicited political advertisements. The campaign said Dean, the former Democratic governor of Vermont, remained opposed to unsolicited bulk e-mail and blamed the spamming on two contractors who had promised to contact only people who had specifically requested to receive the advertisements. - - - - - - - - - - China Readies Super ID Card, a Worry to Some For almost two decades, Chinese citizens have been defined, judged and, in some cases, constrained by their all-purpose national identification card, a laminated document the size of a driver's license. But starting next year, they will face something new and breathtaking in scale: an electronic card that will store that vital information for all 960 million eligible citizens on chips that the authorities anywhere can access. - - - - - - - - - - Security shop rethinks network scanning Next Generation Security Software is offering a network and application scanning tool which, it hopes, will take vulnerability scanning to a higher level. Typhon III departs radically from earlier releases, said Next Generation Security Software managing director David Litchfield. NGSSoftware describes the new version of Typhon as an "intelligent scanner" that does not simply rely on a database of known vulnerabilities, as other vulnerability assessment tools do.,10801,84151,00.html - - - - - - - - - - Vulnerability assessment is no longer an ad hoc luxury The risk of information security vulnerabilities in the global (and more specifically) South African business landscape, is unfortunately, an ever-increasing and alarmingly constant. Exploits are being used to compromise vulnerable systems on an ongoing basis, and the time frame from vulnerability to exploitation of such vulnerabilities appears to be narrowing to mere weeks. This narrowing period has substantial implications for business, as attacks on systems continue to surprise unprepared organisations. - - - - - - - - - - The IT Security Spending Conundrum The market is growing, revenues are up, spending has not increased. Er, what's up? Recent reports from across the pond suggest that 9/11 did not generate the spending surge that many analysts and vendors predicted, and it's all because organisations have lapsed back to the bad habits they practiced pre- 9/11. The problem with statistics is familiar to all of us. The IT security market is a broad church. To the extent that you might even say DR and BCP are a separate industry to security of information systems. - - - - - - - - - - Wisconsin governor signs E-911 bill Wisconsin cell phone users will pay a new surcharge to help cover a federally mandated program allowing law enforcement to pinpoint 911 calls from mobile phones, under legislation the governor signed Monday. The monthly fee will start in 2005 and be added to cell phone bills until 2008. Gov. Jim Doyle said the bill will allow police, fire departments and paramedics to respond more quickly when someone uses a cell phone to dial 911. - - - - - - - - - - Police grab Wang in covert Segway opp The first, known Segway sting operation has gone down in New York with a 24-year-old student being arrested on felony scooter theft charges. Yili Wang entered a Starbucks in Queens, hoping a Segway expert he met on the Internet could help get the gizmo going, according to court papers unearthed by The Smoking Gun. Wang apparently forgot to ask about the keys for the machine when he purchased it for the, uh hem, bargain price of $75 off a man in East Harlem. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.