NewsBits for January 28, 2004 sponsored by, Southeast Cybercrime Institute - ************************************************************ Update: New Mydoom worm discovered A new variant of the Mydoom.a (Novarg.a) worm, which has been spreading swiftly across the Internet since Monday, emerged today, according to London-based security vendor Mi2g Ltd.,10801,89494,00.html,1377,62082,00.html Bounty on creators of e-mail worm Mydoom has been bigger and faster than Sobig. The malicious e-mail worm, Mydoom, is still burrowing through global e-mail networks, but will plateau in the next two days, said security experts. Carried in an e-mail attachment, it sends itself out to other e-mail addresses if opened, and may allow unauthorised access to computers. Computer virus unleashed against IT company Computer experts are claiming that a new computer virus is only one step away from cyber terrorism. The Norvag virus, currently sweeping the globe, is causing massive disruptions to computer systems and frustration for those whose machines have been affected.,4057,8511114%255E15306,00.html Notification emails cause virus-like chaos Security experts are urging administrators to turn off a feature on antivirus applications that causes almost as much chaos as a virus. A common antivirus feature that automatically replies to emails infected with a virus to inform the sender that they are infected is obsolete and should be disabled because it creates almost as much trouble as the virus itself, according to security experts.,39020375,39143774,00.htm An e-mail worm's greatest ally is us On Tuesday, the ``Mydoom'' (or ``Novarg'' or ``MiMail.r,'' depending on who's naming it) e-mail worm was still spreading rapidly. It comes in the form of a file attachment, and Windows users who click on the attachment have their computers turned into zombies after spreading the worm further, clogging e-mail systems around the world. Worm's spread leveling off MyDoom swarms the Net (series of stories) Mydoom overtakes Sobig.F as worst virus; experts warn of more damage Is Virus the Work of Linux Lovers? (LA Times article, free registration required),1,3179106.story Worm spreads, but companies ready this time E-Mail Worm Snarls Computers Around Globe MyDoom virus targets Utah firm Experts: Standard virus protection best way to fight Mydoom,10801,89500,00.html - - - - - - - - - - Worm mutants spoof Internet Explorer MyDoom.A is not the only virus users should be aware of, as three mutant modifications of the recently discovered Dumaru worm were identified in the wild. Versions J, K and L of the email worm are rapidly creating a fresh global outbreak, despite using much the same techniques as the original infections, security firm Kaspersky Labs has warned. - - - - - - - - - - Homeland Security to offer free e-mails with cyber warnings Aiming to increase Internet security, the government is now offering Americans free cyber alerts and computer advice from the Homeland Security Department.,2000061744,39115859,00.htm,1367,62078,00.html - - - - - - - - - - FTC proposes adult spam labels The Federal Trade Commission on Wednesday proposed a mandatory tag for commercial e-mail that contains pornographic material--a stipulation of the new federal antispam law enacted this month. The FTC, which is charged with enforcing the Can-Spam Act, short for Controlling the Assault of Non-Solicited Pornography and Marketing, proposed a rule that would require senders of adult-related e-mail to include the phrase, "Sexually-Explicit-Content:" in messages. That way, recipients would be able to recognize and easily filter such e-mail before viewing it, according to the FTC and backers of the law. - - - - - - - - - - OMB: Agencies are halfway to securing IT systems The Office of Management and Budget is expecting a little more than 50 percent of all IT systems to be accredited and certified as secure when it releases its annual report to Congress in early summer, an administration official said. Kamela White, an OMB senior policy analyst, said the patterns and trends are going in the right direction from what she has seen so far from agency and inspectors general reports that make up the administrations statement to the Hill. - - - - - - - - - - P2P companies say they can't filter Responding to sharp criticism from legislators, a group of file-swapping companies told Congress that they have no ability to block copyrighted files or child pornography from their networks. As part of a lengthy letter to Sen. Lindsay Graham, R-N.C., the P2P United trade association said Wednesday that file-swapping companies should not be held to a standard that is technologically infeasible. - - - - - - - - - - Web services security spec closer to approval WS-Security, a widely supported proposal for securing web services, could become an official Oasis standard by March. Next month, Oasis anticipates a full-membership vote on the WS-Security specification, which is intended to provide critical security for web services. If approved during a 30-day voting period, WS-Security becomes an Oasis standard. - - - - - - - - - - 'Warspying' San Francisco Striding through San Francisco's busy financial district after dusk, 20-year-old Jake Appelbaum is an odd sight. His right hand is clutching the handle of a two-foot-long fiberglass pole wrapped in a metal spiral, which he holds high like a lance. The device is a directional antenna: a thin cable hangs between it and what looks like a handheld TV in Appelbaum's other hand. - - - - - - - - - - Amnesty calls for China to free 54 people jailed for Internet opinions Amnesty International called Wednesday for the release of 54 people jailed in China for expressing opinions on the Internet, citing a ``dramatic rise'' in the number detained for anything from political speech to spreading news about SARS. In a report released Wednesday, the London-based group said the 54 cases it had documented represented a significant increase from the 33 people listed in its November 2002 report. - - - - - - - - - - Crypto booster tech for mobile phones Discretix, the Israeli embedded-security specialist, yesterday launched an upgraded version of Cryptocell, its encryption technology for mobile phones. The technology includes a co-processor, security software and device drivers designed to optimise the delivery of encryption onto resource-constrained mobile phones. - - - - - - - - - - Computer miscounts? Not likely in New Hampshire As New Hampshire election supervisors compiled official results Wednesday of the nation's first primary, they were unencumbered by worries about the computer miscounts that could embroil Georgia, California, Florida and other states in upcoming months. - - - - - - - - - - Watch your backup When thinking about technology principles, one tends to ponder the bold profundities of Moore's Law. But if you work in an IT department, you are more apt to relate to Murphy's Law, because what can go wrong usually will go wrong. - - - - - - - - - - Wi-Fi Week: Mobility at the cost of security The ability to log on to the Internet in a cafe or on a train has obvious benefits for workers on the road - but just how secure is it? The mass media has had a lot of fun with wireless security: war driving, virus insertion and bandwidth stealing have all had their day in the sun. Public hot spots are more vulnerable to attack than private networks, where individual users can have their hardware authenticated as permanent network members.,39020415,39143769,00.htm - - - - - - - - - - The Eagle Is Grounded While America works to protect intellectual property, everyone else is innovating. In the late 1960s, the US cargo shipping industry was in trouble. The 2,000-vessel fleet that ruled the seas after World War II had dwindled to fewer than 900. New technologies - containers, automated loading - were taking hold on foreign ships while America clung to old methods. As a result, other countries were transporting nearly 80 percent of worldwide traffic. - - - - - - - - - - Putting a Stop to Fly and Tell It's time for rules spelling out that airlines shouldn't be allowed to share your travel data with anyone without your permission. "Some people just know how to fly," boasts Northwest Airlines' advertising slogan. But some people evidently don't know how to protect your privacy. On Jan. 18, the Electronic Privacy Information Center (EPIC), a Washington-based advocacy group, revealed that Northwest had secretly shared millions of passenger data records with NASA back in 2001. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2004,, Campbell, CA.