NewsBits for May 19, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Fake Microsoft e-mail spreads Palyh worm A new mass-mailing e-mail worm, which feigns a Microsoft.com origin, is spreading rapidly. Antivirus vendors say it can also spread via a local area network and can install "spyware" on a victim's PC. The Palyh, or Mankx, worm appears to come from support@microsoft.com, a forged address. It contains a file which, upon execution, self-propagates using e-mail addresses from files stored on the targeted system, but which can also spread to other Windows machines on a local area network (LAN). http://zdnet.com.com/2100-1105_2-1007572.html http://news.com.com/2100-1002_3-1007603.html http://www.msnbc.com/news/915499.asp http://www.usatoday.com/tech/news/2003-05-19-worm_x.htm Palyh worm hits the UK http://news.zdnet.co.uk/story/0,,t269-s2134877,00.html http://news.zdnet.co.uk/story/0,,t269-s2134858,00.html Microsoft drafts allies to squash worms http://news.com.com/2100-1002_3-1007675.html 'Microsoft' worm has 13-day timebomb http://www.vnunet.com/News/1140996 Why did support @ microsoft send me a virus this morning? http://www.theregister.co.uk/content/56/30751.html - - - - - - - - - - Indicted couple allegedly used Internet to bilk lovelorn men A husband and wife have been indicted in San Diego federal court on charges of using the Internet to sucker lovelorn men into shelling out money for prospective Russian wives and girlfriends who didn't exist. The case was one of several cited by Attorney General John Ashcroft in a Washington, D.C., news conference yesterday to announce a crackdown on Internet scams. http://www.signonsandiego.com/news/metro/20030517-9999_1m17wives.html - - - - - - - - - - IRC administrators may out-hack Fizzer virus Internet relay chat network administrators have found several possible ways of stopping the Fizzer worm, but they might run afoul of US hacking laws Administrators of Internet relay chat networks believe they might be able to eradicate the Fizzer virus, but the methods may run them afoul of cybercrime laws, according to a legal expert. Several postings on an IRC-Security list have debated the merits of trying to shut the computer virus down, and one operator, QuakeNet security team member Daniel Ferguson, warned that manipulating the worm could be illegal. Despite that, he believes that several IRC operators are likley to attempt to shut down the computer viruses running on PCs connected to their networks. http://news.zdnet.co.uk/story/0,,t269-s2134852,00.html http://news.com.com/2100-1009_3-1007743.html - - - - - - - - - - Chinese Web site operator sentenced A Chinese computer engineer was sentenced to five years in prison for subversion after politically sensitive articles were posted on his Web site, a court official said Monday. Huang Qi, 40, was sentenced May 9 by the Chengdu Intermediate People's Court in the southwestern province of Sichuan, the court official said. Huang spent nearly three years in police custody following his 2000 arrest. http://www.usatoday.com/tech/news/2003-05-19-chinese-sentenced_x.htm http://www.nandotimes.com/technology/story/891617p-6211817c.html - - - - - - - - - - Congress calls to arms against pirates Now it's official: Congress really doesn't like Internet piracy. Three members of the U.S. House of Representatives are creating a new congressional caucus devoted to combating piracy and promoting stronger intellectual property laws. A letter sent to some members of Congress last Friday by Rep. Robert Wexler, D-Fla., warned of the threat of "ever- changing technologies" and asked colleagues if they would like to join the caucus. "The concerns of the thousands of Americans whose livelihoods depend on intellectual property protection are not being fully debated or addressed," said the letter, which was obtained by CNET News.com. http://news.com.com/2100-1028_3-1007908.html - - - - - - - - - - Data protection laws still face uphill battle Though the Data Protection Directive was passed eight years ago, it still faces challenges from sluggish or incorrect implementation, and a critical business environment. The European Commission on Friday issued its first assessment of the 1995 Data Protection Directive, arguing that data protection legislation has achieved many of its aims, but admitting it still faces steep opposition from businesses and non-EU governments. http://news.zdnet.co.uk/story/0,,t269-s2134904,00.html - - - - - - - - - - FBI: Hackers from the Former Soviet Union are most active According to the American Computer Security Institute, in 2002 about 90 % of the U.S. companies have run the danger of digital attacks and 80% suffered damage as a result of these actions. Malefactors had the various purposes - from harmless up to the extremely dangerous. "The most numerous, but least dangerous are hackers- fans, - expert on questions of information security Nile Davis thinks. - They make about 80 % of all computer attacks". http://www.crime-research.org/eng/news/2003/05/Mess1801.html - - - - - - - - - - Russian Police Department "K" fights child pornography According to Law Enforcement Bodies of Russia 75 % of all child pornography is distributed in the Internet. According to Police Department "K", about 90 % of the Interpol's international search orders on computer criminality are devoted to the problem of child porn. The world porno industry, knowing about failure of legal regulation in these crimes in Russia, aspires to move the porn resources on territory of the Russian Side of the Internet. http://www.crime-research.org/eng/news/2003/05/Mess1802.html - - - - - - - - - - Cyber crime buster faults laws Ankit Fadia, hailed as the Sherlock Holmes in the world of cyber crimes, today said the cyber law in the country was useless. "It is full of loopholes", the master cyber crime buster, whose services are often sought by foreign countries and big business houses, told press persons. Ankit said there were not enough trained people to enforce the existing cyber laws. A glaring loophole in the law was that there was nothing in it that could be used to force the Internet service provider to cooperate with agencies investigating cyber crimes. http://hinduonnet.com/stories/2003051904820400.htm - - - - - - - - - - You've got Scam! ID harvest scam targets AOL users It used to be the worst that could come from a kiss was a cold sore or a song by Hot Chocolate. Now with the Net, we can get identity theft and stolen Internet access into the bargain. Scammers are sending out invitations targeted at AOL members asking them to click on a link, which states that recipients have seven unread email messages. http://www.theregister.co.uk/content/55/30770.html - - - - - - - - - - "Relax, It Was a Honeypot" A security company cleverly tricks hackers into compromising one of its distribution sites. Really. Jim Fiebig once said that no one should be allowed to play the violin until they have mastered it. It is a humorous paradox, and for those who have been in the proximity of a fledgling violinist, one with merit. As clever as this conundrum is, it illustrates a mindset that is pervasive in the security industry: We are not allowed to make mistakes. http://www.theregister.co.uk/content/55/30766.html - - - - - - - - - - Fees rile spam foes Claiming they helped build a service that was supposed to remain free, beta testers of Cloudmark's spam-blocking system are protesting the launch of the finished version, which costs $3.99 per month. Pelted from one side by irate beta testers, Cloudmark is also taking hits on the other side from industry analysts who question whether the crowded market for spam-blocking tools and services can support a revenue model reliant on consumer subscriptions. http://news.com.com/2100-1032_3-1007844.html - - - - - - - - - - UK banks tackle card crime with smart chips Major retailers, banks and consumers are today beginning a trial of credit and debit cards that will use secure chip technology to tackle the UKs annual PS425m card fraud bill. Northampton has been chosen as a pilot for the Chip and Pin scheme that is intended to be rolled out nationwide to 40 million card holders by 2005. Over 150,000 people in the town will be issued with the new cards with retailers switching to new point-of-sale terminals. http://zdnet.com.com/2110-1105_2-1007663.html - - - - - - - - - - Security Fears Stall Wi-Fi Growth To counter enterprise security concerns, the Wi-Fi Alliance is abandoning the outdated Wired Equivalent Privacy security protocol and making Wi-Fi Protected Access (WPA) mandatory from August onward for new products. Fears over wireless security are hampering enterprise adoption of Wi-Fi technology, although smaller businesses seem less concerned. The value of the market share between enterprise and small office/home office customers is roughly equal, but in terms of unit volume, small businesses are out-buying enterprises by five to one. http://www.newsfactor.com/perl/story/21544.html - - - - - - - - - - A Tempting Offer for Russian Pair The Bait: Chance For Jobs in U.S. Jon Morgenstern's nightmare began with an e-mail. It arrived in his computer's mailbox on July 15, 2000, and its basic message was this: Your security has been compromised. We would like to help you. http://www.washingtonpost.com/wp-dyn/articles/A7774-2003May18.html - - - - - - - - - - Malware Myths and Misinformation, Part One: Windows, Mac, Exchange, and IIS Much Internet culture is founded on misinformation: computer security in general and the virus/malware arena in particular constitute prime examples. Most IT professionals and many people on the periphery (power users, hobbyists, computer journalists) see themselves as de facto security experts, and every security expert is a self-perceived virus expert. Virus writers, malware distributors, and their admirers add an extra spoonful of horsefeather sauce to the mix. http://www.securityfocus.com/infocus/1695 - - - - - - - - - - Surveillance system hopes to identify people by the way they walk Watch your step! The Pentagon is developing a radar-based device that can identify people by the way they walk, for use in a new antiterrorist surveillance system. Operating on the theory that an individual's walk is as unique as a signature, the Pentagon has financed a research project at the Georgia Institute of Technology that has been 80 to 95 percent successful in identifying people. http://www.securityfocus.com/news/4909 http://www.nandotimes.com/technology/story/892547p-6218025c.html Proposed antiterror surveillance would use 50 times more data than Library of Congress http://www.securityfocus.com/news/4908 Extent of UK snooping revealed http://news.bbc.co.uk/2/hi/technology/3030851.stm - - - - - - - - - - Fingerprint scans in trial FRENCH company Sagem says it is trialling a fingerprint access system at a number of Australian sites. MorphoAccess is currently used only for door entry, but Sagem Australasia said fingerprints would soon replace conventional methods of identification including computer log-ins. "Today we have the technologies," Sagem Australasia managing director Nicolas Wolff said. "The system will automatically analyse the finger... compare it against the information in the system and open web based applications, your network or any other professional access you need. http://australianit.news.com.au/articles/0,7204,6439876%5E15321%5E%5Enbv%5E15306,00.html - - - - - - - - - - Tracking predators If you lived in Iowa, you could search online for the pedophiles in your area. Enter your zip code on the search engine, and voila, a list of all the sex offenders in your neighbourhood, with photos and addresses attached. In the United States, Megan's Laws have made public the names of more than 450,000 convicted sex offenders. Named for Megan Kanka, the seven-year-old raped and murdered by a convicted child molester in 1994, Megan's Laws in 34 states also allow publication of their lists on the Internet. http://cnews.canoe.ca/CNEWS/Law/2003/05/18/90087.html - - - - - - - - - - Hi-Tech Crime Predictor "It's surprising that it worked at all and the 20 percent error area was impressive" Wilpen Gorr, a Carnegie Mellon professor of public policy and management information systems. (CBS) More than a decade of extensive crime data collection matched with new technology may soon allow police to predict the number and type of crimes that will occur in a given neighborhood one month in advance. Researchers at Carnegie Mellon University plan to release software later this summer that, according to computer models, can predict the number and types of crimes that will occur within a 10-block area with a 20 percent error rate. http://www.cbsnews.com/stories/2003/05/17/tech/main554398.shtml *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.