Category: Warnings

The infection appears to take advantage of three separate flaws with Microsoft products.

Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.

Car Bomb in Hilla Kills 17 Iraqis -U.S.

Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn’t substantially interfering with Internet traffic.

Security technicians at Microsoft and elsewhere worked Friday to pin down how the infection spreads across websites.

It appears to target at least one recent version of Internet Information Server, Microsoft’s software for operating websites.

The infection makes subtle changes to the site so visitors get a piece of code that’s designed to retrieve from a Russian website software that records a person’s keystrokes and can send data back, experts say.

Such software “Trojan horses” are routinely used to fish for credit card numbers, bank accounts, passwords and the like.

“Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,” the U.S. Computer Emergency Readiness Team warned in an Internet alert.

Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their antivirus and firewall programs.

Because one flaw has yet to be fixed, he said, users should also turn up security settings on Microsoft’s Internet Explorer browsers to the highest levels.

http://www.wired.com/news/infostructure/0,1377,63994,00.html?tw=newsletter_topstories_html

The attack caused problems for more than two hours–from 5:30 a.m. to 7:45 a.m. PDT.

Many of the world’s most popular sites suffered from widespread outages, according to Keynote Systems, which compiles statistics related to Web surfing. On a typical day, the top 40 sites measured by Keynote rarely dip below 99 percent availability. On Tuesday, however, Keynote saw availability drop to 81 percent.

Bottom line: The attack caused problems for Web surfers for about two hours.

It’s taking a lot longer for the affected companies and Internet monitoring firms to get to the root of the problem. Where the attack struck first has yet to be determined, and the affected companies are pointing to others, not themselves. An attack on Akamai could have rippled out to Google and the other sites, or those sites might have been individually targeted, which in turn could have put pressure on a key Internet service that Akamai runs. An Akamai spokesman said it noticed an attack against four unnamed “customers” that rendered their sites inaccessible. Akamai said that the strike against those customers in turn caused a failure of its own domain name server (DNS) system, which translates word-based URLs into numeric Web addresses to link surfers to company sites.

“We do know that attack was against four sites that happened to be Akamai customers,” said company spokesman Jeff Young. “But I don’t know if the intent was to go after Akamai or go after Web properties that happened to be customers of ours.”

Tuesday’s outage comes nearly a month after Akamai reported glitches in its content management tools, causing some slowdowns.

Other parties may not agree with that assessment. Keynote earlier Tuesday reported the Akamai DNS system outage and speculated that Cambridge, Mass.-based Akamai was the target of a denial-of-service attack, which then caused the Yahoo, Google, Microsoft and Apple sites to fail. Dug Song, security architect for network security company Arbor Networks, said that the outage appeared to be an Akamai problem.

During the outage, Song noticed that sites such as Google were still functional, but someone typing www.google.com couldn’t get to that site because the address would not translate into its numeric Internet Protocol code. “It was definitely some sort of Akamai issue,” Song said in an interview. “Their name service for all these major sites stopped working. You couldn’t reach these sites even though the sites were up. You just couldn’t get to them because the name resolution wasn’t working.”

In a recent incident, the Netsky virus used such a technique to target Kazaa and other file-sharing networks, disrupting service at some. Earlier in the year, the main Web site of the SCO Group was crippled after attacks from computers infected by the MyDoom virus.

Since early Tuesday morning, users have been reporting glitches with Yahoo Mail, such as site inaccessibility, slow page loads and inoperable buttons on the site.

More info: http://news.com.com/Blackout+hits+major+Web+sites/2100-1038_3-5234500.html?part=rss&tag=5234500&subj=news.1038.5

The flaw can be activated by sending an incomplete transmission control protocol (TCP) handshake and can bring down the switch.

The Catalysis 6000, 5000, 4500 and 4000 series are all affected, as well as earlier switches that use the same code base. The company said in a statement: “Cisco is aware that some versions of the Cisco CatOS software may be susceptible to a TCP DoS attack under certain circumstances. Cisco has published a security advisory with mitigation techniques and free software upgrade information that may help customers protect themselves from potential exploitation. To date, Cisco is not aware of any active exploitations of the vulnerability and is working closely with its customers to address this issue.”

The flaw can be fixed by either a software patch or by reconfiguring the switch.

Only users of Telnet, HTTP or SSH services are vulnerable.

More info: http://www.vnunet.com/news/1155779

Many have developed Unix antivirus products, but are only now moving to Linux to deal with potential threats to businesses running both Windows and open source software.

Network Associates recently released its first Linux server antivirus software, citing the need to stop the transmission through Linux servers of malicious code aimed at Windows.

“Linux has been inherently more secure than Microsoft and the latter has also been targeted more heavily,” said Roger Levenhagan, managing director of Trend Micro UK. “But the full force of the antivirus industry won’t be devoted until Linux gets hit hard by a virus, and then consumers will demand it. We have products out there that address open source software but all the emphasis is still against Microsoft in the short term.”

The ADM worm was the first virus aimed specifically at Linux users and appeared briefly in 1998.

Symantec chief executive John Thompson confirmed in a statement that his company would “deliver a Linux desktop antivirus solution to the market” at some point this year, but did not give a time scale for development.

Graham Cluley, senior technology consultant at Sophos, added: “Linux has a better history for security than Microsoft, and hackers are more focused on Microsoft.

More info: http://www.infomaticsonline.co.uk/News/1155836

“Whether hackers are able to enter a company’s WLAN through an unprotected AP or through a peer workstation, once they are associated with the network, they will be difficult to detect because they may not be visible in or near the network site,” said John Pescatore, vice president and Gartner fellow.

Pescatore made his comments at Gartner’s IT Security Summit this week in Washington D.C. He said that it is essential that enterprises prevent rogue APs and that “official” APs are configured correctly.

To do that, enterprises should install their own wireless intrusion detection sensors and not rely on methods such as having IT personnel walk the hallways with wireless sniffers.

More info: http://www.mobilepipeline.com/showArticle.jhtml?articleID=21700070

Coming into summertime and with the violent storms we have seen, it is clear to us the power grid is stretched,” said MAP President Gary Heminger in a conference call.

The bulk of its operations are in the Midwest, a region that has been strafed by deadly storms over the past couple of weeks and which is particularly sensitive to refinery problems due to a shortfall in the region’s fuel production capacity. Oil refinery operations can be brought to a swift and sometimes damaging halt during a power grid failure. He said he expects strong refining margins through the summer due to a lack of U.S. refining capacity and strong demand despite record high gasoline prices. Heminger said MAP is on track to increase refining capacity at its Detroit, Michigan, refinery from 74,000 bpd to 100,000 bpd by the end of 2005.

More info: http://biz.yahoo.com/rc/040602/energy_map_refineries_1.html