- Email: [email protected]
Melissa is back
stop press/events
CERT to charge for alerts Melissa is back Computer Emergency Response Team (CERT) is to charge members for security alerts. Organizations who sign up for the service will receive information an average of 45 days before it is made public. They will have to pay between $2 500 and $70 000 depending on turnover. CERT is funded by US taxpayers to the tune of $3.5 million each year, mostly from the Defense Department. As a result of this existing financial commitment, US government agencies will continue to recieve the service for free. The move is part of an organizational change: CERT has joined the Electronic Industries Alliance (EIA) to launch the Internet Security Alliance (ISA). EIA president Dave McCurdy that ISA is for businesses in every market. “Our mission is to increase the awareness within corporate leadership of the risk and help them provide the tools to manage those risks... It will be looking more at issues like policy and standards.” Many in the industry view this as a bad thing as many rely on CERT for threat warnings.
An updated version of the Melissa worm, known as Matcher, is back in circulation. It it does not carry a malicious payload but it can overwhelm E-mail servers. Matcher is an Outlook mass mailer Trojan written in visual basic version six. It poses as an attachment, Matcher.exe, in an E-mail with the body: “Want to find your love mates!!! Try this its cool... Looks and Attitude matching to opposite sex”. David Perry at Trend Micro said, “This looks like a cheap rip-off of the original Melissa virus. Unfortunately, people are still falling for it. Our hope is that people will take this warning seriously and not open any .exe attachments.” The approach of appealing to the timepoor in search of companionship is a subtle twist on such recent threats as NakedWife and AnnaKournakova. Mark Sumner, CTO of Messagelabs, said: “It's not as serious as Melissa or the Love Letter but we have given it a medium grading which means it is serious. The virus is similar to the Naked Wife reported in March.”
CyberNanny hit by two profane defacements Leading Internet filtering company CyberNanny’s website has been defaced twice in one day. Hacking group Hackweiser has taken credit for the attacks on www. CyberNanny.net. The first graffiti was fairly standard greetings and links to files presumably found on the server — indicating that root access was gained. The second attack was marked by a mock ‘file not found’ page indicating that CyberNanny admins were trying to work out what was going on. At the time of going to press, this page is still up — begging the question as to why the admins have not yet noticed it. It was suggested at online news site the Register that this failure may be due to the local instalation of their own software — it may be blocking the site as profane as it contains bad language. The site was running Apache on a FreeBSD platform.
Events Calendar EUROCRYPT 2001
ANNUAL RISK & CONTINUITY 2001
6-10 May 2001. Location: Innsbruck, Austria. Contact: International Association for Cryptologic Research; E-mail: [email protected]; website: www.ec2001.ocg.at
15-16 May 2001. Location: London, UK. Contact: Perspective Events, 402 The Fruit & Wool Exchange, Brushfield Street, London E1 6EP, UK; tel: +44 20 7426 0101; fax: +44 20 7426 0425; E-mail: [email protected]; website: www.arc-event.com
CTST 2001
SUMMERCON 2001
14-17 May 2001. Location: Las Vegas, Nevada, USA; tel: +1 301 654 0551; website: www.ctst.com
ANNUAL RISK & CONTINUITY 2001
1-3 June 2001. Location: Amsterdam, the Netherlands. E-mail: [email protected]; website: www.summercon.org
15-16 May 2001. Location: London, UK. Contact: Perspective Events, 402 The Fruit & Wool Exchange, Brushfield Street, London E1 6EP, UK; tel: +44 20 7426 0101; fax: +44 20 7426 0425; E-mail: [email protected] website: www.arc-event.com
IFIP/SEC 2001
INVESTIGATING COMPUTER CRIME & MISUSE
NETSEC '01
1-2 May 2001. Location: London, UK. Contact: Commercial Seminars Ltd, The White House, 17 Burley Road, Oakham, Rutland LE15 6DH, UK; tel: +44 1572 757751; fax: +44 1572 757752; E-mail: [email protected] 20
11-13 June 2001. Location: Paris, France. Contact: Pierre Paradinas, Gemplus Research Lab, BP 100, 13 881 Gemenos, France; E-mail: Pierre. [email protected]; website: www.ifip.tu-gaz.ac.at/TC11/SEC2001 18-22 June 2001. Location: New Orleans, Louisiana, USA. Contact: tel: +1 415 947 6320; fax: +1 415 947 6023; E-mail: [email protected]; website: www.gocsi.com
CERT to charge for alerts Melissa is back Computer Emergency Response Team (CERT) is to charge members for security alerts. Organizations who sign up for the service will receive information an average of 45 days before it is made public. They will have to pay between $2 500 and $70 000 depending on turnover. CERT is funded by US taxpayers to the tune of $3.5 million each year, mostly from the Defense Department. As a result of this existing financial commitment, US government agencies will continue to recieve the service for free. The move is part of an organizational change: CERT has joined the Electronic Industries Alliance (EIA) to launch the Internet Security Alliance (ISA). EIA president Dave McCurdy that ISA is for businesses in every market. “Our mission is to increase the awareness within corporate leadership of the risk and help them provide the tools to manage those risks... It will be looking more at issues like policy and standards.” Many in the industry view this as a bad thing as many rely on CERT for threat warnings.
An updated version of the Melissa worm, known as Matcher, is back in circulation. It it does not carry a malicious payload but it can overwhelm E-mail servers. Matcher is an Outlook mass mailer Trojan written in visual basic version six. It poses as an attachment, Matcher.exe, in an E-mail with the body: “Want to find your love mates!!! Try this its cool... Looks and Attitude matching to opposite sex”. David Perry at Trend Micro said, “This looks like a cheap rip-off of the original Melissa virus. Unfortunately, people are still falling for it. Our hope is that people will take this warning seriously and not open any .exe attachments.” The approach of appealing to the timepoor in search of companionship is a subtle twist on such recent threats as NakedWife and AnnaKournakova. Mark Sumner, CTO of Messagelabs, said: “It's not as serious as Melissa or the Love Letter but we have given it a medium grading which means it is serious. The virus is similar to the Naked Wife reported in March.”
CyberNanny hit by two profane defacements Leading Internet filtering company CyberNanny’s website has been defaced twice in one day. Hacking group Hackweiser has taken credit for the attacks on www. CyberNanny.net. The first graffiti was fairly standard greetings and links to files presumably found on the server — indicating that root access was gained. The second attack was marked by a mock ‘file not found’ page indicating that CyberNanny admins were trying to work out what was going on. At the time of going to press, this page is still up — begging the question as to why the admins have not yet noticed it. It was suggested at online news site the Register that this failure may be due to the local instalation of their own software — it may be blocking the site as profane as it contains bad language. The site was running Apache on a FreeBSD platform.
Events Calendar EUROCRYPT 2001
ANNUAL RISK & CONTINUITY 2001
6-10 May 2001. Location: Innsbruck, Austria. Contact: International Association for Cryptologic Research; E-mail: [email protected]; website: www.ec2001.ocg.at
15-16 May 2001. Location: London, UK. Contact: Perspective Events, 402 The Fruit & Wool Exchange, Brushfield Street, London E1 6EP, UK; tel: +44 20 7426 0101; fax: +44 20 7426 0425; E-mail: [email protected]; website: www.arc-event.com
CTST 2001
SUMMERCON 2001
14-17 May 2001. Location: Las Vegas, Nevada, USA; tel: +1 301 654 0551; website: www.ctst.com
ANNUAL RISK & CONTINUITY 2001
1-3 June 2001. Location: Amsterdam, the Netherlands. E-mail: [email protected]; website: www.summercon.org
15-16 May 2001. Location: London, UK. Contact: Perspective Events, 402 The Fruit & Wool Exchange, Brushfield Street, London E1 6EP, UK; tel: +44 20 7426 0101; fax: +44 20 7426 0425; E-mail: [email protected] website: www.arc-event.com
IFIP/SEC 2001
INVESTIGATING COMPUTER CRIME & MISUSE
NETSEC '01
1-2 May 2001. Location: London, UK. Contact: Commercial Seminars Ltd, The White House, 17 Burley Road, Oakham, Rutland LE15 6DH, UK; tel: +44 1572 757751; fax: +44 1572 757752; E-mail: [email protected] 20
11-13 June 2001. Location: Paris, France. Contact: Pierre Paradinas, Gemplus Research Lab, BP 100, 13 881 Gemenos, France; E-mail: Pierre. [email protected]; website: www.ifip.tu-gaz.ac.at/TC11/SEC2001 18-22 June 2001. Location: New Orleans, Louisiana, USA. Contact: tel: +1 415 947 6320; fax: +1 415 947 6023; E-mail: [email protected]; website: www.gocsi.com