FYI: http://xforce.iss.net/alerts/advise40.php3
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 15, 1999 4:07 PM
Subject: Hoax? I'm sure it is.. what do you think?
>
>
> Ok, I have to say I've never seen this one in the typical Hoax "alerts"
> people pass around, I'm not sure how these programs can "lie dormant until
> activated" (sure crontab, but it'd be pretty obvious somethings up..)
> anyone confirm this is a hoax?
>
> >>>>
>
> Malicious programs lie in wait, FBI warns
> By Bruce V. Bigelow
> STAFF WRITER
> Union-Tribune Publishing Co.
> December 15, 1999
>
> The FBI's nerve center for cyberspace crimes has warned that outlaw
hackers
> may use a new class of malicious software to cripple Internet operations
> and
> other computer networks on New Year's Eve.
>
> Under a "worst-case but clearly possible scenario," the National
> Infrastructure Protection Center says the destructive new programs could
be
> used to wreak havoc during the Y2K period.
>
> The center issued its alert last week to computer-security professionals
> throughout the United States.
>
> Some of those experts already are alarmed, saying thousands of copies of
> the
> malicious programs have been discovered in Unix and Linux-based computers
> operated by corporations, governments and universities.
>
>
> Dormant danger
> The malicious programs -- including ones dubbed "trinoo" and "Tribe Flood
> Network" -- typically lie dormant until activated. Once activated,
however,
> the program orchestrates a coordinated attack -- commanding legions of
> machines to transmit a flood of computerized data to a particular system.
> "It's like puting something into a computer and then issuing a command
that
> says, 'Lazarus come forth!' " said Gene Schultz, a network security expert
> at
> SAIC's Global Integrity Corp.
>
> In its alert, the FBI center says the unknown perpetrators apparently have
> targeted "high bandwidth Internet connections," such as computers operated
> by
> universities.
>
> Thousands of illicit programs also have been found in computers operated
by
> major telecommunication corporations.
>
> The center urges computer network owners to rapidly examine their systems
> for
> signs that the programs such as trinoo have been covertly installed.
>
>
> Significant concerns
> "NIPC recommends these actions as strongly as any of the instructions
> provided by information technology security personnel for Y2K
preparation,"
> the bulletin says.
> Officials at the FBI center, which was established last year, were
> unavailable for comment on the alert.
>
> In its bulletin, however, the center says it is "highly concerned about
the
> scale and significance" of reports it has received.
>
> "Some of the known cases involve substantial financial loss, with at least
> one million-dollar loss known to date," the alert states. "The FBI is
> currently investigating a large number of these cases through many
> different
> field offices."
>
> In one attack, a network computer operated by the University of Minnesota
> was
> rendered unusable for almost two days. The system was swamped by data
> traffic
> transmitted from at least 227 different computer "slaves," including more
> than 100 compromised computers operated by the University of Washington.
>
> One of the problems for system administrators is determining who's the
> victim
> and who's the attacker, said Dave Dittrich, who worked to resolve the
> problems at the University of Washington.
>
> Experts who have analyzed the malicious code say programs like trinoo are
> used to covertly establish a nefarious network of hundreds or even
> thousands
> of unwitting "slave" computers.
>
> The network of slaves can then be used at any time to transmit a flood of
> computerized data to a particular system, overwhelming the targeted site
in
> a
> coordinated assault known as a "denial of service" attack.
>
> The malicious programs have nothing to do with the Y2K problem itself,
> which
> stems from a decades-old programming glitch involving the change in dates
> from 1999 to the year 2000.
>
> But to malicious hackers, the tolling of the midnight bell on New Year's
> Eve
> offers a chance to cause trouble, since any disruptions might be blamed on
> Y2K, said Tom Perrine of UCSD's San Diego Supercomputer Center.
>
> *
> * NOTE: In accordance with Title 17 <U.S.C.> Section 107, this material
> * is distributed without profit or payment to those who have expressed a
> * prior interest in receiving this information for non-profit research and
>
> * educational purposes only. Provided by G2-Forward.
>
>
>
>
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
>
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
