I know that there are several people on this list that disagree with me about the ability for the recent virus(es) to infect systems even without executing the VB program manually. Below is a message that I have received from a reputable source that supports my assertions that in fact there is a variation running around that will infect systems in the manner that I suggest. This is really just intended to help those disbelievers be aware. I really don't care to prolong the thread... - Marc ********************************************************************** From: Alan for the SANS NewsBites service Re: May 10 SANS NewsBites ************************* SANS Alert! Windows Users. Please act to fix and protect your systems this week. Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT. Details in the first story in this issue. ************************* SANS conferences are adding programs for newcomers as well as seasoned professionals. First opportunity: Washington, DC in July (http://www.sans.org/dc2000.htm). AP ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 2, Number 19 May 10, 2000 Editorial Team: Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray, Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz <[EMAIL PROTECTED]> ********************************************************************* 10 May 2000 Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT 8 May 2000 ILOVEYOU Virus Suspect Arrested 7 May 2000 ISP Cooperation Helps Target Suspect 6 May 2000 Mutations Circumvent Virus Protection 4 May 2000 How the Virus Works, and What to Do About It 7 May 2000 Spam and E-Mail Worms/Viruses Share Characteristics 6 May 2000 Deutch Case to be Investigated Again 5 May 2000 Apache Site Attacked 5 May 2000 Diligence, Not Legislation, Needed to Stop Attacks 3 May 2000 International Cybercrime Proposal 1 May 2000 Cyberstalking Legislation Pending 5 May 2000 Seventeen Charged in Piracy Scheme 3 May 2000 New DDoS Tool Found "In the Wild" 3 May 2000 Federal Agencies Trailing Private Industry in "Cyberspace Race" 3 May 2000 Microsoft Integrating Biometric Technology 2 May 2000 Supreme Court Rejects ISP Liability Appeal ***** This week's sponsor: VeriSign - The Internet Trust Company **** Running a server farm? If you're managing multiple servers in your organization, securing all of them can quickly become complicated. But now, you can learn how to simplify security administration through a single point of management - with a valuable new guide from VeriSign. Request the FREE Guide "Securing Intranet and Extranet Servers" at: http://www.verisign.com/cgi-bin/go.cgi?a=n016105080151000 ********************************************************************** -- 10 May 2000 Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT. Personal computers running Internet Explorer (IE) version 5.0 and/or Microsoft Office 2000 are vulnerable to virus attacks using most email systems, even if the email recipient opens no attachments. You don't even have to use IE; just have it installed with the default security settings. If you have not closed the hole, you can receive viruses (and spread them) by viewing or previewing malicious email without opening any attachment, or by visiting a malicious web site. The problem is caused by a programming bug in an Internet Explorer ActiveX control called scriptlet.typelib. This is by far the fastest growing virus distribution problem and ripe for a hugely destructive event - at least as large as the ILOVEYOU virus. Updating your virus detection software, while important, is not an effective solution for this problem. You must also close the hole. The hole can be closed in five minutes or less using tools available at Microsoft's security site: http://www.microsoft.com/security/bulletins/ms99-032.asp The correction script may be run directly from: http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick FitzGerald of Computer Virus Consulting Ltd. for raising the visibility of this dangerous problem. -- 8 May 2000 ILOVEYOU Virus Suspect Arrested Officers from the Philippine National Bureau of Investigation have arrested a man in connection with the ILOVEYOU virus that ran rampant through e-mail systems worldwide last week. http://www.usatoday.com/life/cyber/tech/cth864.htm http://www.zdnet.com/zdnn/stories/news/0,4586,2564627,00.html?chkpt=zdhpnews01 -- 7 May 2000 ISP Cooperation Helps Target Suspect Two Philippine Internet service providers (ISPs) helped track down a suspect in the ILOVEYOU virus outbreak. http://www.washingtonpost.com/wp-dyn/articles/A18849-2000May6.html -- 6 May 2000 Mutations Circumvent Virus Protection As the ILOVEYOU virus mutates, subtle changes in its behavior may prevent virus detection systems from adequately protecting computers. http://www.computeruser.com/news/00/05/06/news4.html Editor's (Cowan) Note: As this story shows, virus scanners are a reactive bandaid: This is going to keep happening until something is done about the broken security model in Microsoft Office/Windows. Editor's (Murray) Note: There is a difference between a lack of security and gratuitous function. That they insist upon defending their features in the face of problems is evidence that MS does not appreciate the difference. Let us hope that our readers do. -- 4 May 2000 How the Virus Works, and What to Do About It http://www.wired.com/news/technology/0,1282,36129,00.html http://www.zdnet.com/zdhelp/stories/main/0,5594,2562449,00.html?chkpt=zdhpedittop02 http://www.computerworld.com/home/print.nsf/all/000504DC06 -- 7 May 2000 Spam and E-Mail Worms/Viruses Share Characteristics E-Mail worms bear the same types of "digital 'fingerprints'" used to detect and block spam, according to a security expert. http://www.computeruser.com/news/00/05/07/news3.html Editors' Note: These so-called "fingerprints" may be forged and used to frame innocent people. -- 6 May 2000 Deutch Case to be Investigated Again The Justice Department is conducting a new inquiry into the case of former CIA director John Deutch and the possibility of mishandled classified information on a home computer. The Justice Department wants to be sure it holds Deutch to the same standards applied in the case of Wen Ho Lee. http://www.cnn.com/2000/US/05/06/deutch.justice.ap/index.html -- 5 May 2000 Apache Site Attacked Computer intruders broke into the main web page of the Apache web server project and placed a Microsoft advertisement on the web site. Apache has addressed the vulnerabilities by decreasing the number of people with control privileges, and they plan to configure jobs across several servers to improve security. http://news.cnet.com/news/0-1003-200-1821155.html http://www.wired.com/news/politics/0,1283,36170,00.html Editors' note: The attackers themselves have written a description of how they did it. It is instructive of exactly how these break-ins are done, and much can be learned about how to stop them. http://www.dataloss.net/papers/how.defaced.apache.org.txt -- 5 May 2000 Diligence, Not Legislation, Needed to Stop Attacks Internet business groups claim new legislation won't stop crackers; instead, companies need to improve security technology and forge cooperation with federal agencies, and law enforcement needs both to be better trained in cyber crime, and to enforce existing cyber crime laws consistently. http://www.cnn.com/2000/LAW/05/05/love.bug/index.html -- 3 May 2000 International Cybercrime Proposal A proposal that would pave the way to prosecute cyber criminals across international borders has privacy advocates and civil libertarians upset. Among the items taken up in the proposal are the criminalization of the possession of certain software, the potential elimination of anonymity, extradition procedures, and the establishment of cyber crime centers. http://www.wired.com/news/politics/0,1283,36047,00.html -- 1 May 2000 Cyberstalking Legislation Pending US lawmakers are considering making cyberstalking a felony. Additionally, trained computer crime law enforcement units are necessary for effective protection from cybercrimes. http://www.wired.com/news/politics/0,1283,35728,00.html -- 5 May 2000 Seventeen Charged in Piracy Scheme Seventeen alleged members of a software piracy collective have been arrested and charged with conspiracy to infringe copyrights. http://www.cnn.com/2000/TECH/computing/05/05/software.pirates/index.html -- 3 May 2000 New DDoS Tool Found "In the Wild" A new distributed denial of service (DDoS) attack tool has been discovered on a Linux-based computer at Washington State University. While it appears still to be in development, Mstream has the potential to be even more powerful than the attack tools used on major sites in February of this year. http://www.computeruser.com/news/00/05/03/news3.html http://news.cnet.com/news/0-1003-200-1798064.html -- 3 May 2000 Federal Agencies Trailing Private Industry in "Cyberspace Race" Government is lagging behind industry in technology. Many of the government problems stem from lack of audits to ensure compliance with security policies already in place. Many in Congress are in favor of creating a federal IT "czar" position. http://www.fcw.com/fcw/articles/2000/0501/web-afcea-05-03-00.asp -- 3 May 2000 Microsoft Integrating Biometric Technology Microsoft plans to enhance Windows security by integrating biometric options into future versions of Windows 2000. http://www.computerworld.com/home/print.nsf/all/000503DB6E -- 2 May 2000 Supreme Court Rejects ISP Liability Appeal The Supreme Court let stand a lower court ruling preventing an Internet service provider (ISP) from being held liable for material on bulletin boards or in e-mail. The ISP is considered a carrier of information rather than a publisher, and hence is not held accountable for the information. http://www.computerworld.com/home/print.nsf/all/000502DB46 **************** ALSO SPONSORED BY AXENT TECHNOLOGIES **************** How to establish and maintain an effective e-security program Learn about SNCi's integrated approach to lifecycle security, including risk assessment, security roadmaps, incident response & recovery, security policies, standards, procedures, and more. Now through May 9, download your FREE copy, "The Guide to Lifecycle Security" at http://www.snc-inc.com. == End == Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, e-mail [EMAIL PROTECTED] with the subject: Subscribe NewsBites Use this personal URL to change your subscription, address, or other information: http://www.sans.org/sansaddr?hashid=SD134372YRnG9JnfCvX or email <[EMAIL PROTECTED]> with complete instructions and your SD number (from the headers) for subscribe, unsubscribe, change address, add other digests, or any other comments. ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
