NewsBits for January 26, 2004 sponsored by, Southeast Cybercrime Institute - ************************************************************ New virus hitting in-boxes Antivirus firms on Monday warned of a new mass-mailing computer virus that has gained a foothold in a large number of PCs by masquerading as an e-mail error. The virus, dubbed MyDoom, arrives in an in-box with one of several different random subject lines such as "Mail Delivery System," "Test" or "Mail Transaction Failed." The body of the e-mail contains an executable file and a statement such as: "The message contains Unicode characters and has been sent as a binary attachment.",10801,89449,00.html - - - - - - - - - - Six plead guilty to stealing and distributing computer software Six people have pleaded guilty to stealing and distributing computer software around the world after undercover agents got into the operation and sorted through millions of computer transactions to build cases against them. - - - - - - - - - - Extradition Hearing for Alleged 'Screener' Pirate A hearing is set in Chicago federal court today that could decide if Russell Sprague, arrested last week on suspicion of helping illegally post Oscar "screeners" on the Internet, should be transferred to L.A. for trial. (LA Times article, free registration required),1,7519473.story - - - - - - - - - - Cheating probe snares Saratoga students A small group of tech-savvy Saratoga High School students allegedly used a tiny computer device last spring to capture teacher passwords, then stole English Department tests and answers and shared them with others. Principal Kevin Skelly said two other incidents also recently came to light: a math student who broke into a school computer and tried to change a grade, and two students who stole a printed test and saved electronic copies. - - - - - - - - - - Six Men Now Arrested In Child Porn Ring Investigators in Mount Vernon have identified six men so far as suspects in a Child Porn Ring. The six men are all charged with possessing child pornography, some face charges of prostitution, sexually assault of a minor, and manufacturing child pornography. - - - - - - - - - - Interpol reported international network selling child porn The financial part of the network - the company charging the money - was located in Belarus, the studios producing children"s porn were in other countries, money was laundered in a Latvian bank. Main porn consumers were US citizens. Special operation enabled detecting the most part of the network, people in many countries were arrested. - - - - - - - - - - FBI expands effort to find pedophiles online Eric Hopkins thought he had found his fantasy girl online. "I remember there were girls I wanted in 8th grade that were hot," the 31-year-old Florida man wrote. "Now Ill have one all to myself." Stacy was an obedient Connecticut 13-year-old who was good at keeping secrets and willing to run away. She promised to become his sex slave and call him Daddy. In exchange, Hopkins promised to take her to Disney World. - - - - - - - - - - 419 scammers start working the phones Nigerian scammers increasingly are calling US companies on the phone, using relay phone services. These are normally free calls made by supposedly deaf people using keyboards which go to a phone company operator, who places a phone call and speaks for them. Companies such as AT&T offer these services at no cost. - - - - - - - - - - DVD Encryption Lawsuit Dropped In a rare retreat, a film industry coalition has dropped its trade secret court battle against a San Francisco computer programmer who in 1999 posted on the Internet code that cracks movie copy-protection technology. But the coalition promised more battles ahead.,1412,62040,00.html - - - - - - - - - - MikeRoweSoft settles--for an Xbox Canadian teenager Mike Rowe, who shot to fame last week after Microsoft decided to threaten him for registering and using the domain name, has settled out of court with the software giant.,1367,62044,00.html Microsoft to take over Mike Rowe goes soft, hands over PR victory - - - - - - - - - - Virus tempts with photo, steals financial info A new computer virus that poses as a personal photo but instead attempts to steal personal financial information spread quickly around the globe on Monday. The worm, which tempts recipients with the message "Here is my photo, which you asked for yesterday," is designed to steal login information for Internet sites such as,, and The voodoo that Dumaru doesn?t do too well? This weekend saw another iteration of email worm Dumaru. Unlike other email worm variants, Dumaru.J spreads itself by way of a zip attachment (rather than the typical executable). Of course, should users open the zipped file, and click the file ?myphoto.jpg.56 (spaces). exe? Dumaru does its typically annoying thing.,39020330,39143708,00.htm New worm targets online payment system - - - - - - - - - - Beware of Bagle's Trojan The Bagle worm can open up a back door that could potentially be used by spammers - here are the warning signs to check for. The Bagle worm is the first seriously widespread virus or worm we've seen in quite a while, and the severity of the infection is increasing. Plus, administrators need to be aware of a backdoor that can be planted by this infection.,39020415,39143703,00.htm - - - - - - - - - - Net fraud cases pile up California led the nation in Internet-related fraud last year with nearly 38,000 reported victims, the Federal Trade Commission said Thursday. Yet that number is less than 10 percent of the more than 500,000 consumer complaints of Internet-related fraud. 'I think most of those cases are sitting on my desk,' said Sgt. Adam Christianson, who oversees the Turlock office of the Sacramento Valley Hi-Tech Crimes Task Force. - - - - - - - - - - Identities snatched in blink of an eye If you aren't a little paranoid, you might want to consider it. Keeping an eye on those who you think are watching you could prevent someone from peeking over your shoulder and stealing your identity. 'The crooks are getting more and more creative on getting the information from you,' said Mike Ryan, chief administrative officer for County Bank. These 'shoulder surfers' steal passwords and other personal information at automated teller machines or in stores. They then use stolen or forged credit cards or other identification to make purchases in the victim's name. - - - - - - - - - - India's cybercafe cops make a meal of net crackdown Relatively few Indians can afford home PCs, so millions go online in the nation's jammed internet cafes, enjoying their low cost and anonymity. That freewheeling access could now be ending. Police in Mumbai are planning to monitor cybercafes, a move some are decrying as excessive regulation that could create a dangerous precedent. - - - - - - - - - - Make Spammers Pay, Bill Gates Says A spam-free world by 2006? That's what Microsoft Corp. chairman Bill Gates is promising. "Two years from now, spam will be solved," he told a select group of World Economic Forum participants at this Alpine ski resort. "And a lot of progress this year," he added at the event late Friday, hosted by U.S. talk show host Charlie Rose. Competing spam 'solutions' Spam Law Generates Confusion,1367,62031,00.html - - - - - - - - - - The virus hunter As you might guess, Vincent Gullotto, who runs Network Associates' McAfee Anti-Virus Emergency Response Team, gets a lot of early-morning emergencies. The AVERT group is charged with examining and subsequently containing the vast amount of malicious code floating around the Net. Although some types of threats are fading, others, such as spoofs that can lead to credit card theft, are sharpening. Symantec scores a coup for its intrusion prevention tool - - - - - - - - - - New Tools Shift Focus to Internal Network Security Last year's Slammer and Blaster viruses, which spread via infected PCs, highlighted the need for IT managers to focus not only on perimeter defenses, but also on internal network vulnerabilities and compliance with security policies.,10801,89385,00.html - - - - - - - - - - TruSecure delivers custom bug alerts Security company TruSecure unveiled a service on Monday that aims to help network administrators get a jump on new threats to critical systems. The service, dubbed the IntelliShield Early Warning System, delivers information from TruSecure's vulnerability-warning service to a device connected to a customer's network. The device then looks at the data on the network, gauges what effect the security flaw could have on it, and alerts information technology staff, depending on the level of threat.,10801,89424,00.html - - - - - - - - - - Help! I've Been Web-Jacked On December 22, an Internet investigator got a tip that child pornography was being housed on an adult Web site. When he visited the site to verify the information, he didn't find any illegal images. But what he did find was a Trojan horse that disabled the ActiveX security controls on his browser and took control of it.,aid,114440,00.asp - - - - - - - - - - Security breach on Capitol Hill: It's criminal Let's say you happen to gain access to confidential information, either on a Web site or another individual's system. Do you report it? Do you read the confidential information yet not act on any of it? Or do you read the information and immediately use it to your own personal advantage? Plans for Wireless Directory Raise Concerns About Privacy - - - - - - - - - - Mobile security is a hot issue, but who is listening? Who really cares? The mere word of security sends most users running. Investing in preventative IT security has never been a very popular topic. Most board directors clam-up and switch off at the words: "Your company could be at risk if you don't invest in XXX technology." - - - - - - - - - - Commentary: The year of living RFID RFID is one of many technologies that will extend the Internet to the physical world. Unfortunately, the focus on the electronic product code (EPC) overshadows the broader context--and power--of RFID, or radio frequency identification. Smart companies will test EPC now and link pilots to process change and other extended Internet technologies. Microsoft hops on the RFID bandwagon *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.