IPA/ISEC Unauthorized Computer Access Incident Report

$$BK\J8$X(B$		TOP\|Aplication\|Contact us\|Sitemap
		Search

	IT Security Center	The Information-technology SEcurity Center (ISEC) is the center for promoting information security in Japan.

	Japanese
	Activities
	Information Service Activities

	Security Software Development Activities

	CRYPTREC

	IT SecurityAssurance


	Organization


	PGP key


	RFCs


	Mission Statement


	Links


	About IPA/ISEC

IPA TOP>IT Security Center Japanese TOP>IT Security Center English TOP>information

Unauthorized Computer Access Incident Report[Details]

backnumber

April 16, 2004
Information-technology Promotion Agency , Japan (IPA)
IT Security Center

This is a detail of Unauthorized Computer Access Incident Reports for March 2004 compiled by IPA.

1.Details of Unauthorized Computer Access Incident Report

(1) Shift in Number of Reports by Month

(2) Shift in Type of Unauthorized Computer Access by Month

Type	Oct.	Nov.	Dec.	Jan.	Feb.	Mar.
Intrusion	4	0	5	3	1	7
Access Prove (Attempt)	17	17	17	20	32	48
Infection with worm	0	0	0	0	0	0
Worm Probe	3	3	1	0	1	1
Unauthorized Mail Relay	2	0	1	2	0	1
Source Address Spoofing	3	1	2	1	0	0
DoS	0	0	0	1	0	0
Others	1	2	3	1	3	0
Total	30	23	29	28	37	57

(3) The Number of Reports Classified by Filers

Of 90% of total reports were submitted by individual users.

Filer	Number of report
Filer	2004 March		2004 February		2003 March
General Corporate Users	4	7.0%	4	10.8%	3	10.3%
Individual Users	51	89.5%	33	89.2%	22	75.9%
Education/ Research Institute	2	3.5%	0	0.0%	4	13.8%

(4) The Number of Reports Classified by Cause

The main cause of reported damages for this month is insufficient ID/password management.

Cause	Number of report
Cause	2004 March		2004 February		2003 March
Insufficient management of ID and password	3	37.5%	1	25.0%	1	12.5%
Using older versions or didn't apply patches	2	25.0%	1	25.0%	2	25.0%
Improper setting	1	12.5%	0	0.0%	0	0.0%
unknown and others	2	25.0%	2	50.0%	2	25.0%
No cause	0	0.0%	0	0.0%	3	37.5%

2.Network Monitoring Report in March

This is a statistics report obtained by monitoring access to each port of dedicated servers in IPA observation environment.

portscan

135(TCP):       This port might be accessed by attackers who exploit the known security holes in Microsoft Windows, or by W32/MSBlaster.

445(TCP):       This port might be accessed by attackers who exploit the known security holes in Microsoft Windows.

3127(TCP):     This port might be accessed in order to search the backdoor created by the computer infected with W32/Mydoom.

1025(TCP):     This port might be accessed by attackers who exploit the known security holes in Microsoft Windows.

6129(TCP):     This port might be accessed by attackers who exploit the known security holes in Dameware, a remote system management software.

2745(TCP):     This port might be accessed in order to search the backdoor opened in the computers infected with W32/Bagle.

3.Vulnerability Information published in March

IPA published the following information related to the vulnerability announced by other organizations.

Microsoft

- A Vulnerability in Windows Media Service could cause Denial of Service (MS04-008).

- A Vulnerability in Outlook could allow code execution (MS04-009).

- A Problem of ISAPI Extension in Windows Media Service could allow code execution (MS03-022 update).

CIAC

- A Vulnerability in Adobe Acrobat Reader 5.1 .

Symantec

- Vulnerabilities in Norton Internet Security and Norton Antispam.

ISS

- A Vulnerability in ICQ analysis in ISS products.

Apache

- A Release of security updates for Apache version 2.0 series.

Cisco

- A Vulnerability in Content Servers Switch in CSS 1000 series.

OpenSSL

- Multiple vulnerabilities in OpenSSL.

FreeBSD

- A Vulnerability in packet processing.

IBM

- A Vulnerability in IBM AIX rexecd could lead to privilege escalation.

Macromedia

- Vulnerabilities of Web Services in ColdFusion MX and JRun 4.0.

WinZip

- A Vulnerability in WinZip could cause buffer overflow.

For more information, visit the URL below.
[Vulnerability Related information in February, 2004] (in Japanese) http://www.ipa.go.jp/security/news/news0403.html

Unauthorized Computer Access Reporting Program

The Ministry of Economy, Trade and Industry announced "Unauthorized Computer Access Prevention Guidelines" to prevent the spread of unauthorized computer access in Japan. IPA was designated to receive the "Unauthorized Computer Access Report" directly from damaged users to investigate unauthorized computer access problem and to provide monthly statistics. This reporting system started in August 1996. Anyone who has encountered unauthorized computer access is supposed to send an unauthorized computer access report with necessary information to IPA to prevent further spread and damage of unauthorized computer access. IPA deals with each reporter (user) on an individual basis as a consultant, and also works as a public research institute for unauthorized computer access measures by analyzing problems showed on the damage report. Taking reporters' privacy into full consideration, IPA periodically publishes the result of their research and analysis on unauthorized computer access.

Unauthorized Computer Access Prevention Guidelines
- Enactment on August 8, 1996 (release No.362)
- Amendment on September 24, 1997 (release No. 534)
- Amendment on December 28, 2000 (release No. 950)
- Amendment on January 5, 2004 (release No. 3)

Contact
Information-technology Promotion Agency IT Security Center (IPA/ISEC)
Tel: +81- 3-5978-7508

Fax:+81- 3-5978-7518

E-mail:


Term of Use	Copyright(c) Information-technology Promotion Agency, Japan. All rights reserved 2005