NewsBits for March 22, 2004 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ 'Witty' Worm Wrecks Computers A quickly spreading Internet worm destroyed or damaged tens of thousands of personal computers worldwide Saturday morning by exploiting a security flaw in a firewall program designed to protect PCs from online threats, computer experts said. The "Witty" worm writes random data onto the hard drives of computers equipped with the Black Ice and Real Secure Internet firewall products, causing the drives to fail and making it impossible to restart the PCs. Unlike many recent worms that arrive as e-mail attachments, it spreads automatically to vulnerable computers without any action on the part of the user. http://news.com.com/2100-7349_3-5177292.html http://www.washingtonpost.com/wp-dyn/articles/A11310-2004Mar20.html http://www.theregister.co.uk/content/56/36413.html http://www.vnunet.com/News/1153695 http://zdnet.com.com/2100-1105-5176595.html http://news.zdnet.co.uk/internet/security/0,39020375,39149459,00.htm http://www.gcn.com/vol1_no1/daily-updates/25360-1.html http://www.newsfactor.com/story.xhtml?story_title=Witty_Worm_Overwrites_Hard_Disks&story_id=23470 http://computerworld.com/securitytopics/security/virus/story/0,10801,91528,00.html - - - - - - - - - - Federal charges: Man threatened Google Relying on secretly recorded meetings at Google, federal agents this week arrested a Ventura County man for allegedly threatening to release a software program to spammers that he claimed could cost the Internet search-engine company millions of dollars through bogus advertising clicks. http://www.mercurynews.com/mld/mercurynews/8231386.htm http://zdnet.com.com/2100-1104-5176670.html Google seeks consensus on personal-info issues http://www.usatoday.com/tech/news/techpolicy/2004-03-22-google-privacy_x.htm - - - - - - - - - - U.S. shuts down Internet 'phishing' scam The U.S. government said Monday it had arrested a Texas man who crafted fake e-mail messages to trick hundreds of Internet users into providing credit card numbers and other sensitive information. http://www.cnn.com/2004/TECH/internet/03/22/crime.phishing.reut/index.html 'Phishing' Scams on the Rise http://www.latimes.com/technology/la-fi-cybercrime22mar22,1,5692627.story http://news.zdnet.co.uk/internet/security/0,39020375,39149467,00.htm - - - - - - - - - - Germany: largest hacker crack down operation ever held On March 18, German law enforcement held the largest operation against homeland hackers. Several people were arrested and around 38 terabytes of pirated software and films seized following raids in Germany, according to a media release from the German Federation Against Copyright Theft (GVU). http://www.crime-research.org/news/21.03.2004/145 - - - - - - - - - - RIAA site apparently downed for five days by virus The Web site for the recording industry's anti- piracy lobby has been inaccessible for several days, possibly the victim of a computer virus specifically targeting the site. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8250038.htm - - - - - - - - - - BT engineer denies deflowering lesbian BT is investigating claims that one of its engineers had sex with a lesbian student who auctioned her virginity for PS8,400. Weekend press reports said that a 44-year-old BT engineer from South London paid for sex with Rosie Reid, 18, following her online auction. http://www.theregister.co.uk/content/6/36442.html http://www.theregister.co.uk/content/6/36420.html - - - - - - - - - - Phatbot primed to steal your credit card details A Trojan horse-type computer virus called Phatbot can steal credit card numbers and launch denial of service attacks on Web sites. The new virus made its debut on the Internet on Friday (18 March), clogging bandwidth, stealing personal data and initiating denial of service attacks. http://www.theregister.co.uk/content/6/36414.html - - - - - - - - - - Enticing Attachments Spell Trouble Surely most people have gotten the news by now. E-mail attachments can be bad stuff. Click on the wrong file and you could be installing a bug that crashes your system, makes your financial information available to some guy in Russia or commandeers your computer for an attack on some company's Web site. Still, people sometimes have a hard time resisting the urge to click when that strange or unexpected file-bearing e-mail arrives -- even the folks who should know better. http://www.washingtonpost.com/wp-dyn/articles/A10086-2004Mar20.html Watch out: It's virus season again http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5126837.html Close encounters of the viral kind http://www.theregister.co.uk/content/55/36443.html - - - - - - - - - - Scripting flaws threaten Norton software Symantec has released a fix for a pair of potentially troublesome flaws that create a mechanism to turn its Norton security software packages against their owners. http://www.theregister.co.uk/content/55/36441.html http://www.globetechnology.com/servlet/story/RTGAM.20040322.gtsymantecmar22/BNStory/Technology/ - - - - - - - - - - Child porn industry may reach $6 billion in 2004 Internet has exerted a strong catalytic influence on development of child porn. If caught red-handed producers or owners of child porn could face up to 15 years of jail. Nowadays, the anonymity of the Internet and complexity of detection and liquidation of sites scatterred all over the world allow these sites' owners to duck out. http://www.crime-research.org/news/22.03.2004/146 - - - - - - - - - - Incorrect signature on e-mail snares professor in Web It's a parody James M. Kauffman said he wished he had written but he didn't, a point that the University of Virginia education professor emeritus has been repeating and repeating. Kauffman's name and title have been circulating under a long-lived e-mail that satirizes the anti-homosexual pronouncements of conservative radio talk show host Laura Schlessinger. The result has been a flood of daily calls and e-mails from people around the world. http://www.usatoday.com/tech/webguide/internetlife/2004-03-22-email-credit_x.htm - - - - - - - - - - Cisco upgrades IOS secure functionality Cisco is strengthening its security play with the launch of new features for its internet operating system (IOS), and the acquisition of a security vendor. http://www.vnunet.com/News/1153694 - - - - - - - - - - The farce of federal cybersecurity Over the past several years, various Washington entities, from the General Accounting Office to assorted Congressional committees, conducted surveys and issued reports on the state of the federal government's information security posture. In each case, with few exceptions, the findings range from the scathing to the downright embarrassing, and remain essentially unchanged since the mid-1990s. http://www.theregister.co.uk/content/55/36429.html - - - - - - - - - - Stopping the enemy at the gate Over the past few years, security vulnerabilities have spiralled, writes Bloor Research analyst Fran Howarth. The CERT Co-ordination Centre, a federally- funded R&D centre operated by the Carnegie Mellon University in the US, publishes statistics of security vulnerabilities that are reported to it on an annual basis. In 1995, just 171 such incidences were brought to its attention; by 2003, that figure had risen to 3,784. http://www.theregister.co.uk/content/55/36421.html - - - - - - - - - - How Secure Is OS X? What is the big picture when it comes to Apple security? Is OS X safe enough to be a viable contender for running public Web sites and general enterprise applications? http://www.newsfactor.com/story.xhtml?story_title=How_Secure_Is_OS_X_&story_id=23467 - - - - - - - - - - Forensic Analysis of a Live Linux System, Part One During the incident response process we often come across a situation where a compromised system wasn't powered off by a user or administrator. http://www.securityfocus.com/infocus/1769 - - - - - - - - - - RFID goes to war Come 2005, radio frequency identification will no longer be an option for the U.S. military. It will be the law. For the Pentagon, RFID systems are part of a major logistics revamp. And the deadline for suppliers to attach RFID tags to many of the goods they ship to the American armed forces is indeed looming. http://zdnet.com.com/2100-1105_2-5176613.html - - - - - - - - - - War games teach data sharing Two computer-simulated exercises showed that U.S. and coalition forces can improve data sharing and train together by connecting their virtual laboratories, said Joint Forces Command officials in statements. http://www.fcw.com/fcw/articles/2004/0322/web-jfcom-03-22-04.asp Foundation showcases data-sharing network, urges action http://www.govexec.com/dailyfed/0304/032204tdpm2.htm - - - - - - - - - - Brits Going at It Tooth and Nail First came dogging, an underground swinging scene where couples and sometimes third or fourth parties engage in public sex for an exhibitionist thrill. And now comes "toothing," where strangers on trains and buses and at bars and concerts hook up for clandestine sex by text messaging each other with their Bluetooth-enabled cell phones or PDAs. http://www.wired.com/news/culture/0,1284,62687,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2004, NewsBits.net, Campbell, CA.