NewsBits for January 27, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Computer Worm Spreading Rapidly A malicious program attached to seemingly innocuous e-mails was spreading quickly over the Internet, clogging network traffic and potentially leaving hackers an open door to infected personal computers. The worm, called "Mydoom" or "Novarg" by anti-virus companies, appears to be an e-mail error message. http://msnbc.msn.com/id/4065701/ http://www.latimes.com/technology/la-fi-rup27.10jan27,1,1125522.story http://www.newsfactor.com/story.xhtml?story_title=MyDoom_Spreading_Quickly&story_id=23070 http://www.washingtonpost.com/wp-dyn/articles/A53096-2004Jan27.html http://computerworld.com/securitytopics/security/story/0,10801,89449,00.html Virulent MyDoom virus skirts feds, military users The W32/MyDoom virus now raging across the Internet has special code designed to prevent it from attacking federal and military users, according to Symantec Corp. This particular virus tries to avoid sending itself to any domain with a .gov or .mil extension, said Alfred Huger, senior director of engineering for Symantec security response. http://www.gcn.com/vol1_no1/daily-updates/24765-1.html http://www.fcw.com/fcw/articles/2004/0126/web-virus-01-27-04.asp MyDoom Worm Spreads Rapidly, Targets SCO Web Site MyDoom, the latest worm to infect computers over the Internet, was designed to attack the Web site of the SCO Group Inc., the small software maker suing IBM over the use of code for the Linux operating system, experts said on Tuesday. http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=1&u=/nm/20040127/tc_nm/tech_worm_dc&sid=95573503 http://www.wired.com/news/technology/0,1282,62058,00.html Experts: Vicious worm 'Linux war' weapon http://www.cnn.com/2004/TECH/internet/01/27/mydoom.spread/index.html http://www.vnunet.com/News/1152326 http://www.theregister.co.uk/content/56/35127.html New e-mail worm breaks infection records http://computerworld.com/securitytopics/security/virus/story/0,10801,89467,00.html Experts: 'Mydoom' virus is vicious http://www.securityfocus.com/news/7910 Virus update: Mydoom is everybody's gloom http://www.silicon.com/software/security/0,39024655,39118015,00.htm http://computerworld.com/securitytopics/security/story/0,10801,89453,00.html Latest virus outbreak highlights flaw in brain's operating system http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7808613.htm - - - - - - - - - - Teen charged in Internet fraud case Police say a 19-year-old, working out of a tiny cottage overlooking Lake Quinsigamond, used the Internet to bilk customers all over the country and Canada out of $30,000 to $40,000. The accused, Michael R. Deppe, says all the transactions were legitimate, part of a brisk business he has conducted online since he was 13 years old. http://www.boston.com/news/local/articles/2004/01/25/teen_charged_in_internet_fraud_case/ - - - - - - - - - - Maxim Vysochanski agreed to extradition in the USA Maxim Vysochanski, Ukrainian being behind bars in Thailand, accused of hacking in the USA, agreed to extradition in the USA for investigating these accusations, Ukrainian News report. Vysochanski refused to appeal against Bangkok courts decision to extradite him to the US. http://www.crime-research.org/news/2004/01/Mess2703.html - - - - - - - - - - Hacker seeks compensation after acquittals in DVD case A Norwegian man who became a hacker hero for cracking security codes on Hollywood DVDs wants police to compensate him now that he's been acquitted twice of computer piracy, his lawyer said Tuesday. Jon Lech Johansen, 20, also known as DVD Jon, was 15 when he developed a program to watch movies on a Linux-based computer without DVD-viewing software. He posted the codes on the Internet in 1999 and became a folk hero among computer hackers. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7808655.htm http://www.washingtonpost.com/wp-dyn/articles/A52442-2004Jan27.html - - - - - - - - - - Cisco warns of IP PBX security hole on IBM hardware Cisco Systems Inc. released a security bulletin warning of a vulnerability in its IP telephony software running on IBM Corp. server hardware. http://computerworld.com/securitytopics/security/story/0,10801,89452,00.html - - - - - - - - - - Introducing the ten-legged 419er We thank reader Colin Swan for the following 419 email, which we believe is a first. It contains the bog- standard Liberian connection, as is the local custom, but this particular advance fee fraudster appears to have ten rather than the traditional two legs: http://www.theregister.co.uk/content/28/35146.html - - - - - - - - - - Microsoft patches latest Word Microsoft released a patch on Tuesday for flaws that can cause the latest version of its widely used Word software to crash in certain circumstances. The update, available for download now, primarily corrects a flaw that can cause Word 2003 to freeze or crash when trying to print or save a document that includes an object based on Object Linking and Embedding. http://news.com.com/2100-1002_3-5148343.html - - - - - - - - - - Microsoft unveils security server beta Microsoft released a beta, or test version, of its Internet Security and Acceleration (ISA) Server 2004 software on Tuesday. The product is designed to offer an improved application-layer firewall, a stronger virtual private network (VPN), and expanded Web- caching capabilities, in order to provide users with increased network security and performance. http://news.com.com/2110-1012_3-5148325.html - - - - - - - - - - SanDisk ships 1GB Secure Digital card Removable flash memory maker SanDisk announced Tuesday it is shipping a 1GB Secure Digital card. The card costs $499.99 and can store more than 30 hours of compressed digital audio, according to the Sunnyvale, Calif.-based company. The card uses a "stackable" packaging technology that SanDisk worked on with Sharp. http://news.com.com/2110-1041-5148365.html - - - - - - - - - - Information security is possiblewithin a decade Whitfield Diffie, one of the discoverers of public- key encryption in the 1970s, expects the distribution of computing processes across networks can produce a more secure computing environment. "I'm bullish on communications and information security," Diffie said today during a keynote address at the Comnet conference in Washington. http://www.gcn.com/vol1_no1/daily-updates/24769-1.html - - - - - - - - - - The Soft Underbelly: Attacking the Client Since at least 1998, security experts have warned that a perimeter defence alone is insufficient, and the vast majority of networks are extremely vulnerable as soon as the firewall, proxy service or physical security layer at said perimeter has been breached. http://www.securityfocus.com/infocus/1758 - - - - - - - - - - Digital Signatures and European Laws Editor's Note: this document has been updated with greater clarity on the difference between a key holder and owner, and the fact that a private key need not be attached to any device (though often is, to make it easier to use). People who do business on the Internet require security and trust. In electronic commerce and communication you can't see the person you are speaking with, you can't see the documents that prove one's identity, and you can't even know if the web site you are connected to belongs to the society it says. http://www.securityfocus.com/infocus/1756 - - - - - - - - - - Sept. 11 commission raps law enforcement, immigration agencies Federal immigration and law enforcement agencies failed to adequately share information and detect fraudulent documents in the months leading up to the Sept. 11 terrorist attacks, former government officials and staff members with the federal commission investigating the attacks said Monday. http://www.govexec.com/dailyfed/0104/012604c1.htm - - - - - - - - - - Firm rolls out bodyscanner Two years after privacy advocates railed against a prototypic X-ray device that sees through people's clothing for hidden weapons, another company has launched similar technology that will be marketed to airports and government facilities. http://www.fcw.com/fcw/articles/2004/0126/web-xray-01-27-04.asp - - - - - - - - - - Press M for Murder: Cell Phones That Kill Don't be surprised if you're asked to whip out your cell phone and make a call next time you go through airport security. A mobile phone that masquerades as a gun may sound like a device concocted for 007, but it's the latest hidden weaponry to show up on the radar of law-enforcement folks. http://www.time.com/time/magazine/article/0,9171,1101040202-581402,00.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.