Mass Mailing Email Worm Discovered
The Symantec Security Response Team has discovered a new mass mailing worm, W32.Klez.E@mm, that infects Outlook and Outlook Express users. The worm is distributed via email with a random subject line and a random file attachment. Once opened the attachment attempts to execute itself from the message in which it is contained. In addition, the worm attempts to disable on-access virus scanners and will overwrite files and creates hidden copies of itself.
The worm searches the Windows address book as well as local files containing email addresses and sends an email message to these addresses with itself as an attachment. The worm contains its own SMTP engine and attempts to guess at available SMTP servers. If the message is opened in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be automatically executed.
Finally, the worm has a payload. On the 6th of any month (except January or July), the worm will attempt to overwrite with zeroes files that have the extensions .txt, .htm, .html, .wab, .doc, .xls, .jpg, .cpp, .c, .pas, .mpg, .mpeg, .bak, or .mp3. If the month is January or July, this payload attempts to overwrite all files with zeroes, not just those with the aforementioned extensions.
NIST Releases Draft IT Contingency Planning Guide
The National Institute of Standards and Technology released a draft guide Jan. 15, entitled "Contingency Planning Guide for Information Technology Systems" (released in pdf format). The guide outlines what is needed in order to deal with IT systems disruptions during and after an emergency.
Bank IT professionals might find the guide useful in developing IT Best Practices as well as Diaster Recovery and Information Security procedures.
Information Security Company Checklist
Interpol (the International Policy organization) has made available an Information Technology Crime Prevention Checklist. It focuses on a range of IT security topics to be considered. Click Here to access the Checklist
Security Hole in Sun Solaris Systems
The Computer Emergency Response Team, (CERT) recently posted an advisory regarding a security hole in
SUN Solaris systems running Common Desktop Environment (CDE). Unix administrators are urged to download a patch available from SUN. Unpatched versions of the (CDE) are vulnerable to cyber attacks. The service is susceptible to a buffer overflow and could allow hackers to access the computer and launch their own
code. Linux systems typically do not use the Common Desktop Environment and seem to be unaffected by the
Previous Tech Alerts: 01/15/02 Trojan.StartPage Alters Web Browsers 01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability 12/20/01 Holiday Themed Computer Virus Unleashed
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.