0blivion1:(NEWS-2.txt):15/03/2000 << Back To 0blivion1


+------------------------------------------------------+ ▌ Oblivion Underground Magazine - Issue 1 - 15/03/2000 ▌ ▌ This months News 2 by Slider ▌ ▌ E-Mail : SlideR_100@hotmail.com ▌ +------------------------------------------------------+ This is the rest of the months headlines..... ------------------------------------------------------------------------------ ZDNet: Dot Com-bat: How To Fend Off An Attack <http://www.zdnet.com/intweek/stories/news/0,4164,2436847,00.html> Vendors of new, high-performance traffic management switches said their gear has the ability to protect against a Syn barrage. Ervin Johnson, director of technical marketing at ArrowPoint Communications, said his company's switches can process 40,000 IP requests per second - plenty of horsepower to catch and analyze bogus open connection requests. ------------------------------------------------------------------------------ FoxNews: Report: Investigators Focus on Two Known Hackers <http://www.foxnews.com/vtech/0214/t_rt_0214_13.sml> Federal agents investigating recent attacks on computers that overwhelmed popular Web sites belonging to Yahoo Inc. and Amazon.com Inc. are focusing on two known hackers, The Wall Street Journal reported Monday. ------------------------------------------------------------------------------ ZDNet: Mixter: I'm going to talk with the FBI <http://www.zdnet.com/zdnn/stories/news/0,4586,2437637,00.html> The "white-hat" hacker known as Mixter, who is reportedly being sought for questioning by the FBI in conjunction with last week's Web-site attacks, expects to talk with the agency within the next 24 hours, he said in an interview Monday with ZDNet News. ------------------------------------------------------------------------------ Sophos: WM97Marker-BQ word macro virus <http://www.sophos.com/virusinfo/analyses/wm97markerbq.html> This virus has two potential payloads. On the first day of the month it appends information about the infected user to the virus macro. Because of this it is possible to view a log of who has been infected, which obviously can have serious implications if the infection spreads outside your company. The second payload of the virus is that on Sundays it overwrites several important settings in the Windows registry. The overwritten settings are: ProductKey, ProductId, ProductName, ComputerName, RegisteredOrganization, RegisteredOwner and Version. ------------------------------------------------------------------------------ ComputerNewsDaily: Macro Virus Poses A Growing Threat <http://199.97.97.16/contWriter/cndlatest_columns/2000/02/14/cndin/5960-0006 -pat_nytimes.html> If you use Microsoft Word, Excel, or Outlook, then you better keep on your toes: you are vulnerable to one of the most common pests on the Internet today. ------------------------------------------------------------------------------ Excite: Network Associates Detects Web Attack Agents <http://news.excite.com/news/r/000214/06/net-hackers-zombie> Internet security firm Network Associates Inc. on Monday said it had detected each of the three major "Zombie" agents, which have been attacking well known Web sites such as Yahoo! and Amazon.com. ------------------------------------------------------------------------------ Sophos: WM97Goober-B word macro virus <http://www.sophos.com/virusinfo/analyses/wm97gooberb.html> This virus attempts to rectify the damage caused by another macro virus, WM97Goober-A. Whenever a document is opened on an infected machine WM97Goober-B replaces the phrase ShiThe with the word The, and the phrase shithe with the. Sophos researchers point out that writing a virus to try and repair the damage caused by another virus is not a good idea. ------------------------------------------------------------------------------ FCW: Few downloaded FBI tool to detect e-commerce attacks <http://www.fcw.com/fcw/articles/2000/0214/web-fbi-02-14-00.asp> The National Infrastructure Protection Center anticipated the kind of massive denial-of-service attacks that crippled a number of commercial electronic commerce sites last week and offered a free software tool to help detect the software demons or zombies used to carry out those attacks. But few Internet Service Providers or World Wide Web-based companies downloaded the tool from the NIPC Web site. ------------------------------------------------------------------------------ WashingtonPost: Police Say Disgruntled Motorist Disrupted DMV Web Site in Va. <http://search.washingtonpost.com/wp-srv/WPlate/2000-02/15/126l-021500-idx.h tml> DMV officials, who said the department's Web site was shut down for about 45 minutes early Sunday, were able to identify a suspect within one hour of the attack by tracing the source of the requests. Virginia State Police arrested a 26-year-old Haymarket man about 24 hours after he allegedly began overloading the site with fake transactions. ------------------------------------------------------------------------------ PlanetIT: Programmable logic may ease encryption hacks <http://www.planetit.com/techcenters/docs/security/news/PIT20000214S0009> Separate papers at the FPGA 2000 conference here this week highlighted how programmable logic can be used to create or crack data encryption schemes. ------------------------------------------------------------------------------ YahooNews: Tracker Site Profiles Cracker Culprits <http://dailynews.yahoo.com/h/is/20000214/bs/20000214008.html> As the FBI continues its investigation into last week's distributed denial of service attacks on Yahoo, CNN and other sites, a self-proclaimed "hacker tracker" site has published a profile of who it thinks may be responsible. John Vranesevich, founder of AntiOnline, a well-known Web site that monitors hacker sites and activities, said in an article that after examining the circumstances around the attacks, he's concluded that the culprits are likely to be a group of three to six malicious hackers, known as crackers, in their late teens to early 20s, living in the United States. ------------------------------------------------------------------------------ Fairfax: Hacking comes from the inside, computer expert warns <http://www.it.fairfax.com.au/breaking/20000215/A19865-2000Feb15.html> MOST computer hacking is carried out from within, the head of the national information security testing body said today. And Australian Information Security Evaluation Program AISEP manager Anne Robins said that with increasing computer and Internet access around the world, information security risks were a virtually limitless problem. ------------------------------------------------------------------------------ FCW: NSA concerned about PKI scalability <http://www.fcw.com/fcw/articles/2000/0214/web-nsa-02-15-00.asp> Protecting access to Defense Department information systems with public-key infrastructure software tokens presents an enormous problem because of the scale of the effort involved in issuing digital certificates to a uniformed and civilian work force that totals more than a million users, a top National Security Agency official said. ------------------------------------------------------------------------------ CNet: German programmer Mixter addresses cyberattacks <http://news.cnet.com/news/0-1005-200-1549399.html> The federal investigation into last week's attacks on major Web sites has reportedly turned to at least one anonymous programmer believed to have written software that may have been used in the assaults. ------------------------------------------------------------------------------ NTSecurity: RSA Security Site Ransacked - Update <http://www.ntsecurity.net/forums/2cents/news.asp?IDF=213&TB=news> Every Web site defacement is an opportunity to learn a valuable lesson. In the case of RSA Security's spoofed home page the lesson is rather clear, and quite dated: everyone makes mistakes. That's a given. The question is, can you afford to make a mistake when it comes to security? Check your DNS software to ensure you have the most current revisions and patches installed. And double check your DNS records to ensure you have strong authentication required for any potential record changes. ------------------------------------------------------------------------------ Wired: Irish, UK Crypto Regs Far Apart <http://www.wired.com/news/politics/0,1283,34350,00.html> Britain is likely to become the first country in the world to make imprisonment a possible consequence of refusing to surrender, or even losing, one's private encryption keys. At the same time, neighboring Ireland is preparing legislation that would make it the first country to prohibit law enforcement from forcing encryption users to hand over their private keys. ------------------------------------------------------------------------------ APBNews: Web Attackers Chose Assault Computers With Care <http://www.apbnews.com/newscenter/internetcrime/2000/02/15/hack0215_01.html > It apparently was no accident the cyberattacks on eBay.com, Yahoo and Amazon.com last week were launched from computers in California and Oregon. Experts say these computers were compromised because of their proximity to the intended targets. ------------------------------------------------------------------------------ SCO: SSE062 - MMDF Vulnerabilities Found In SCO OpenServer 5 <http://www.sco.com/security/> Possible vulnerabilities of MMDF binaries to buffer overflow. Many of the OpenServer MMDF binaries are susceptible to buffer overflows from long input lines. Patch available. ------------------------------------------------------------------------------ SCO: SSE063 - ARCserve startup script symlink vulnerability in SCO OpenServer 5 <http://www.sco.com/security/> The ARCserve agent startup script creates multiple world writable staticly named temp files. An attacker can remove these files and create symlinks to other files on the system allowing him to create root owned world writable files or overwrite existing files he should not be able to access. Patch available. ------------------------------------------------------------------------------ TechWeb: Japan Web Hackers Use Chinese, U.S. Servers <http://www.techweb.com/wire/story/reuters/REU20000216S0001> Tokyo police said on Wednesday that hackers had used computer servers in China and the United States to attack several Japanese government websites last month. ------------------------------------------------------------------------------ FCW: DMS security cracked during testing <http://www.fcw.com/fcw/articles/2000/0214/web-dms-02-16-00.asp> Information warfare tests conducted in September 1999 on the Pentagon's $1.6 billion Defense Message System found serious deficiencies in the system's security protections. ------------------------------------------------------------------------------ WinNTMag: Something Old, Something New: DNS Hijacking <http://www.winntmag.com/Articles/Content/8170_01.html> Every day, intruders break into and deface Web sites. The methods these crackers use are incredibly numerous. In most cases, someone failed to establish adequate security controls, and an intruder was able to penetrate the network. That assumption might seem obvious, but malicious users can use methods to subvert a normally functioning system without actually penetrating that system's security. ------------------------------------------------------------------------------ Sophos: WM97/Ethan-BB, Word Macro <http://www.sophos.com/virusinfo/analyses/wm97ethanbb.html> There is a 3 in 10 probability that the virus will change the infected document properties so that the new title is Ethan Frome and the new author is ew/ln/cb. This virus has been reported in the wild. ------------------------------------------------------------------------------ Sophos: Troj/Rf Poison, Trojan <http://www.sophos.com/virusinfo/analyses/trojrfpoison.html> This Trojan allows an attacker to hang a Windows NT machine connected to a network. Both the remote and the local machine have to be using TCP/IP networking. The remote machine must have at least one disk or directory which is shared. This Trojan has been reported in the wild. ------------------------------------------------------------------------------ NAI: W97M/VMPCK1.dg Word Macro <http://vil.nai.com/vil/vm98496.asp> This is a macro virus for Word97 documents and templates. This virus can infect Word environments which have been updated to SR-1 update and above. This virus consists of a single macro module named "virus". This virus will write its source code to a temporary text file for use as an import to host documents. ------------------------------------------------------------------------------ BusinessWeek: Who's Going to Train the Cyber Security Pros? <http://www.businessweek.com/bwdaily/dnflash/feb2000/nf00216d.htm> Recent breaches of Web-site security are raising concern that the American workforce may not have enough troops to battle cyber snoops. Only about a half-dozen academic institutions in the U.S. have graduate programs that address computer security -- and that number hasn't changed much in 10 years. Today, the private and public sector are scrambling to retain the few qualified professionals who exist. And colleges are finding that just when they┤re starting to integrate information security into their curriculum, PhDs aren't hanging around academia long enough to teach the classes. ------------------------------------------------------------------------------ CNN: FBI investigation swamped with tips, continue to seek Midwest Coolio <http://cnn.com/2000/TECH/computing/02/16/dos.attacks.coolio/index.html> Coolio is such an incredibly popular name among the script kiddies, also being gangsta rap wanna-be's, it could be an entirely other hacker calling himself Coolio, said B.K. DeLong, a staff member with Attrition.org, which chronicles Web site defacements. ------------------------------------------------------------------------------ Slashdot: Security Expert Dave Dittrich on DDoS Attacks <http://slashdot.org/article.pl?sid=00/02/16/1836215&mode=nocomment> We've linked to plenty of "secondhand" media pieces about the recent DoS attacks on major commercial Web sites. Fine. Now here's real, hard-core hard-tech info on the subject - in answer to your excellent questions - from somebody who actually knows what's going on, namely Dave Dittrich from the University of Washington. He's been interviewed up the yin-yang this last week by mainstream reporters who probably wouldn't understand half the answers he gives here. ------------------------------------------------------------------------------ ZDNet: Open broadband invites hackers <http://www.zdnet.com/zdnn/stories/news/0,4586,2439985,00.html> Security experts warn that network intruders -- once only a boogey man for large corporations and government agencies -- are becoming an increasing threat to home users, especially those wired to the Internet via new broadband connections. ------------------------------------------------------------------------------ Microsoft Bulletin: Image Source Redirect Vulnerability <http://securityportal.com/topnews/ms00-009.html> When a web server navigates a window from one domain into another one, the IE security model checks the server's permissions on the new page. However, it is possible for a web server to open a browser window to a client-local file, then navigate the window to a page that is in the web site's domain in such a way that the data in the client-local file is accessible to the new window. Access to sensitive data is possible. Patch available for vulnerability. ------------------------------------------------------------------------------ NetBSD Security Advisory 2000-001 - procfs security hole <ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-001. txt.asc> The procfs filesystem makes the different resources of a process available under the directory /proc//. One of these resources is the memory image of the process. Reading to and writing from this special file is restricted. However, by tricking a setuid binary to write into this file, this restriction can be circumvented, and the memory image of another setuid binary can be manipulated in such a way that it will execute a shell. ------------------------------------------------------------------------------ InfoWorld: Microsoft refutes reports of 63,000 Bugs in Win2000 <http://www.infoworld.com/articles/pi/xml/00/02/16/000216pimanybugs.xml> JUST ONE day before the launch of its Windows 2000 operating system, Microsoft is disputing suggestions in a leaked company memo that the product contains 63,000 bugs. ------------------------------------------------------------------------------ Industry Standard: EPA Shuts Down Web Site for Fear of Hacker Attack <http://www.thestandard.net/article/display/0,1151,10902,00.html> The U..S. Environmental Protection Agency on Thursday said it had shut down its Web site for fear of computer hacker attacks after security deficiencies were made public this week. ------------------------------------------------------------------------------ PCWorld: Patching IE Security, Yet Again <http://www.pcworld.com/pcwtoday/article/0,1510,15340,00.html> Windows 2000 is finally here. And so is a patch for a security vulnerability in the Internet browser that is bundled with the new operating system. Microsoft issued the patch on Wednesday, the eve of the release of its much-delayed operating system. ------------------------------------------------------------------------------ Currents: Hacks Worry 90 percent Of Home Users <http://www.currents.net/newstoday/00/02/17/news11.html> Nine out of 10 home Internet users say they're "concerned" about hacker attacks that brought down or stalled major sites last week, but are split over who should police the Web, according to a poll by PC Data Online. ------------------------------------------------------------------------------ TheStar: Internet Direct hands over Mafiaboy files <http://www.thestar.com/thestar/editorial/updates/gta/200002170_INTERNET-HAC .html> A Canadian company has turned over files to police on a former client who may be connected with last week's Internet hacking. ------------------------------------------------------------------------------ MSNBC: Hacker suspect has struck before <http://www.msnbc.com/news/367495.asp> While investigators are continuing the hunt for clues to who's responsible for last week's massive computer attacks, MSNBC has learned that one of the alleged suspects has a history of attacking big media companies. Coolio - the name most mentioned in the FBI hunt for a suspect in last week's vandalism - has a past in denial-of-service attacks. ------------------------------------------------------------------------------ HP Bulletin: Security Vulnerability with Ignite on Trusted systems <http://securityportal.com/topnews/hp20000218.html> Trusted systems may have vulnerabilities if a password field in /etc/passwd is blank. This affects HP-9000 Series700/800 running release HP-UX 11.X, and can result in an elevation of privileges ------------------------------------------------------------------------------ Microsoft: Novell Wrong About Windows 2000 Security Hole <http://www.microsoft.com/windows2000/news/bulletins/novellresponse.asp> Novell recently published a document on their Web site which claims that Novell had discovered and reported an Active Directory security hole to Microsoft. As with every report of a possible vulnerability in a Microsoft product, the Security Response Center immediately mobilized Microsoft engineering staff to evaluate the report and, if the report was valid, to develop a response to keep our customers' information safe. ------------------------------------------------------------------------------ Microsoft Bulletin: VM File Reading Vulnerability <http://securityportal.com/topnews/ms00-011.html> Microsoft has released a patch that eliminates a security vulnerability in the Microsoft virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. In both cases the malicious applet would have to know the exact name and location of the files. ------------------------------------------------------------------------------ Microsoft Bulletin: Site Wizard Input Validation Vulnerability <http://securityportal.com/topnews/ms00-010.html> Microsoft has released a patch that eliminates a security vulnerability in web applications associated with Microsoft Site Server 3.0, Commerce Edition. These applications are provided as samples and generated by wizards, but do not follow security best practices. If deployed on a web site, they could allow inappropriate access to a database on the site. ------------------------------------------------------------------------------ BugNet Tests: Windows 2000's Active Directory <http://www.msnbc.com/news/371548.asp> With days before Windows 2000's official release, Novell Corp. found a security bug in Microsoft's Windows 2000 Active Directory, Microsoft's fledgling directory service offering. Independent BugNet tests confirm security flaw. ------------------------------------------------------------------------------ NAI: Windows version of Trinoo reported <http://vil.nai.com/vil/DoS98506.asp> This is a 32bit Intel-based version of a previously published as source code Denial of Service (DDoS) attack program, similar to the Unix versions used in recent Net attacks. ------------------------------------------------------------------------------ BBC: Encryption for all <http://news.bbc.co.uk/hi/english/sci/tech/specials/washington_2000/newsid_6 50000/650303.stm> Many believe that encryption is key to the success of the information economy because it provides for privacy, a certain level of anonymity and also authentication of identity. ------------------------------------------------------------------------------ IDG: FBI looks at NZ student in DoS attack investigation <http://www.idg.net.nz/webhome.nsf/UNID/DA146ECC445D04C1CC25688B00642BF0!ope ndocument> The FBI is looking at a New Zealand student in its investigation of the recent denial of service attacks on major US Internet sites. The name of the man came up last week along with those of others in the US, Canada and Germany. In his early 20s, he goes by the nickname Venomous and lives in Auckland. ------------------------------------------------------------------------------ ComputerNewsDaily: Distinguishing 'Packet Monkey' Hackers from 'Black Hats' <http://199.97.97.16/contWriter/cnd7/2000/02/18/cndin/0787-0005-pat_nytimes. html> Who's been hacking into eBay and Yahoo and other popular Web sites? So far, nobody knows for sure: The technology required for such denial-of-service attacks has been in the public domain for months, easily accessible to any malcontent with a working knowledge of computers. But experts in the Internet underground are betting that the culprits are adolescent misfits looking for cheap thrills and bragging rights. ------------------------------------------------------------------------------ NAI: W32Trinoo Trojan <http://vil.nai.com/vil/DoS98506.asp> This is a 32bit Intel-based version of a previously published as source code Denial of Service DDoS attack program. This compilation of the trojan when run on a system, will load from the registry. This file will run as a service at Windows startup, listening for commands on a pre-designated UDP port. ------------------------------------------------------------------------------ FreeBSD Security Advisory: Asmon/Ascpu <http://securityportal.com/topnews/freebsd20000221.html> Two optional third-party ports distributed with FreeBSD can be used to execute commands with elevated privileges, specifically setgid kmem privileges. This may lead to a local root compromise. ------------------------------------------------------------------------------ ZDNet: Web attacks: Are ISPs doing enough? <http://www.zdnet.com/zdnn/stories/news/0,4586,2444159,00.html?chkpt=zdnntop > Security experts and Internet users are becoming increasingly vocal about their concerns that high-speed Internet providers are not doing enough to ensure the data security of home users. ------------------------------------------------------------------------------ NTSecurity.net: IIS 4 Denial of Service <http://www.ntsecurity.net/go/loader.asp?iD=/security/iis4-4.htm> On IIS machines with the SMTP service installed, it is possible to cause a denial of service condition against IIS by manipulating file names within the SMTP service's directory structure. ------------------------------------------------------------------------------ Computer Currents: Office 2000 Anti-Virus Software <http://www.computercurrents.net/newstoday/00/02/21/news4.html> Russian IT security firm Kaspersky Lab has unveiled AntiViral Toolkit Pro (AVP) for MS-Office 2000. The firm said that the package is the first of its type for the new Microsoft suite of software. ------------------------------------------------------------------------------ FreeBSD Security Advisory: Delegate port <http://securityportal.com/topnews/freebsd20000222.html> Delegate, distributed with FreeBSD, contains numerous remotely-exploitable buffer overflows which allow an attacker to execute arbitrary commands on the local system, typically as the 'nobody' user. ------------------------------------------------------------------------------ Currents: Is Your Browser Being Bugged? <http://www.currents.net/magazine/national/1804/intb1804.html> Web bugs, according to some experts, are infesting the Internet. One view is that congressional action is needed to stamp them out. Another view is they are as beneficial as butterflies, bringing us true happiness in our online existence. Let me dissect these critters for you, so you can decide if they are pests. ------------------------------------------------------------------------------ Fairfax: Hackers hide behind teen vandal facade, inquiry told <http://www.it.fairfax.com.au/breaking/20000222/A33010-2000Feb22.html> DOT-COM firms are hacking each other while professional hackers hide behind the image of 15-year-old children vandalising the Web, a US Senate inquiry has been told. ------------------------------------------------------------------------------ Wired: A Patented Approach To Crypto <http://www.wired.com/news/technology/0,1282,34496,00.html> Brands said he's spent the last few years weighing the social implications of technology -- and concluded that encryption, digital cash, and identity certificates are going to change the world. He envisions a future where Brandian digital IDs replace mundane technology like dollar bills, lottery tickets, cinema tickets, and government-issued identification cards. ------------------------------------------------------------------------------ Microsoft Security Bulletin MS00-012: SMS remote agent vulnerability <http://securityportal.com/topnews/ms00-012.html> Microsoft Security Bulletin MS00-012 announces the availability of a patch that eliminates a vulnerability in Microsoft Systems Management Server. If the Remote Control feature of SMS has been installed and enabled, the vulnerability could allow a workstation user to take virtually any desired action on the machine. ------------------------------------------------------------------------------ Computer Currents: PrettyPark Worm Returns <http://www.computercurrents.com/newstoday/00/02/23/news5.html> Virus and malicious code specialist Finjan said that a second version of the PrettyPark virus from last June has surfaced in the wild. The firm reported that the PrettyPark II worm is being delivered to recipients as an e-mail attachment and sends itself to e-mail addresses listed in the victim's Microsoft Outlook e-mail address book. ------------------------------------------------------------------------------ Excite: Microsoft Says It Foiled Hacker Assault on Web Site <http://news.excite.com/news/r/000223/20/net-hackers-microsoft> Microsoft Corp. said on Wednesday that hackers had tried to topple its corporate Web Site, but the software giant said the assault, the latest in a string of crippling attacks on major Internet operations, had done little damage. ------------------------------------------------------------------------------ Microsoft Bulletin: Misordered Windows Media Services Handshake <http://securityportal.com/topnews/ms00-013.html> The handshake sequence between a Windows Media server and a Windows Media Player is asynchronous, because certain resource requests are dependent on the successful completion of previous ones. If the client-side handshake packets are sent in a particular misordered sequence, with certain timing constraints, the server will attempt to use a resource before it has been initialized and will fail catastrophically, causing the Windows Media Unicast Service to crash. Patch Available ------------------------------------------------------------------------------ ActiveX - an interesting technology with disturbing security problems <http://securityportal.com/direct.cgi?/topnews/tn20000224.html> "Using ActiveX you can write programs that can be delivered over the Internet easily, and are trivial to install on the user's end. Unfortunately in Microsoft's push to make ActiveX easy to install and use they ended up shafting users, from a security point of view" (Yeah, bollocks !). ------------------------------------------------------------------------------ CNN: Pentagon security cracked during testing <http://cnn.com/2000/TECH/computing/02/22/pentagon.bad.dms.idg/index.html> Information warfare tests conducted in September 1999 on the Pentagon's $1.6 billion Defense Message System found serious deficiencies in the system's security protections. ------------------------------------------------------------------------------ ComputerWorld: Update: College student accused of cracking NASA, defense computers <http://www.computerworld.com/home/print.nsf/all/000224EF42> The defendant gained illegal access to several computers, either causing substantial business loss, defacing a Web page with hacker graphics, copying personal information or in the case of a NASA computer, effectively seizing control, said Donald K. Stern, U.S. attorney for the District of Massachusetts in a statement. All in all, the defendant used his home computer to leave a trail of cybercrime from coast to coast. ------------------------------------------------------------------------------ PCWorld: First Win 2000 Virus Found <http://www.pcworld.com/pcwtoday/article/0,1510,15444,00.html> Windows 2000 made its public debut only last week. Already, the first native virus has surfaced for the brand-spanking-new operating system. The virus is dubbed W2K.Infis.4608, according to a report from Symantec, the maker of Norton AntiVirus. ------------------------------------------------------------------------------ NAI: W97M/Lenni Word Macro Virus <http://vil.nai.com/vil/vm98512.asp> This is a class module macro virus with dangerous date activated payload of formatting the hard drive. This virus will infect Word97 documents and templates. This virus will also infect Word97 environments which have been updated to SR1 update and above. ------------------------------------------------------------------------------ ZDNet: Microsoft goes on a bug hunt <http://www.zdnet.com/zdnn/stories/news/0,4586,2448411,00.html?chkpt=zdnntop> Microsoft has issued five official security bulletins, with independent analysts delivering several more on a variety of products. ------------------------------------------------------------------------------ Distributed Denial of Service attacks likely to get worse <http://securityportal.com/direct.cgi?/topnews/ddos20000224.html> Just when you thought it was getting better (no major sites attacked in a few days..) guess what? It's gonna get worse. Trinoo, one of the simpler programs in the current bumper crop is now available for Windows. Instead of just being able to infect various UNIX platforms, it can now make the leap into the bigtime. ------------------------------------------------------------------------------ ABCNews: FBI Admits Hackers Crippled Its Web Site <http://www.apbnews.com/newscenter/internetcrime/2000/02/25/fbihack0225_01.h tml> The FBI acknowledged today that electronic vandals shut down its own Internet site for hours last week in the same type of attack that disrupted some of the Web's major commercial sites. ------------------------------------------------------------------------------ SecureMac: Security Auditing Tools for the Macintosh <http://www.securemac.com/secauditing.cfm> We will review two programs created by hackers, which can be used for security purposes, and can be used by a hacker. ------------------------------------------------------------------------------ CNN: Microsoft to patch Active Directory <http://cnn.com/2000/TECH/computing/02/25/patch.active.idg/index.html> Less than a week after releasing Windows 2000, Microsoft is already working on a patch for Active Directory that addresses problems with the directory┤s user administration features. ------------------------------------------------------------------------------ ComputerWorld: Hackers may be infecting thousands of Windows PCs <http://www.computerworld.com/home/print.nsf/all/000225F16A> Computer hackers may quietly be infecting thousands of Windows PCs in preparation for another wave of DoS (denial-of-service) attacks of the type that brought high-profile Web sites such as Yahoo Inc. and eBay Inc. to their knees two weeks ago, security experts warned. ------------------------------------------------------------------------------ Thats it for this months headlines....make sure you get Issue 2 - Cyber0ptix Slider.