Information-technology Promotion Agency, Japan
本文へ
 IPA

TOP|Aplication|Contact us|Sitemap
Information-technology Promotion Agency, Japan -japanese charactor-






IT Security Center

The Information-technology SEcurity Center (ISEC) is the center for promoting information security in Japan.







Japanese




Activities




Information Service Activities






Security Software Development Activities






CRYPTREC






IT SecurityAssurance







Organization







PGP key







RFCs







Mission Statement







Links







About IPA/ISEC







IPA TOP>IT Security Center Japanese TOP>IT Security Center English TOP>information



Unauthorized Computer Access Incident Report[Details]


backnumber


October 18, 2004
  IT Security Center
Information-technology Promotion Agency , Japan (IPA)




This is a  detail of Unauthorized Computer Access Incident Reports for September 2004 compiled by IPA.




1.Details of Unauthorized Computer Access Incident Report

 

(1) Shift in Number of Reports by Month

UCA report by month


(2) Shift in Type of Unauthorized Computer Access by Month


Type

Apr.

May

June

July

Aug.

Sep.

Intrusion

3

3

1

4

8

2

Access Probe (Attempt)

49

88

47

36

48

26

Infection with worm

0

0

0

0

0

0

Worm Probe

0

2

1

1

1

0

Unauthorized Mail Relay

0

0

0

0

0

0

Source Address Spoofing

1

1

1

3

2

0

DoS

1

0

2

0

0

0

Others

1

2

0

1

1

0

Total

55

96

52

45

60

28


(3) The Number of Reports Classified by Filers

The largest number of reports is from individual users that reach to 92.8 % .

Filer

Number of reports

2004 September

 

2004 August

 

2003 September

 

General Corporate Users

1

3.6%

2

3.3%

6

15.4%

Individual Users

26

92.8%

56

93.4%

32

82.0%

Education/ Research Institute

1

3.6%

2

3.3%

1

2.6%


(4) The Number of Reports Classified by Cause

The causes for break down reported in September were 1 for insufficient ID/Password management and another 1 for insufficient settings. .

Cause

Number of reports

2004 September

 

2004 August

 

2003 September

 

Insufficient management of ID and password

1

50.0%

1

9.1%

0

0.0%

Using older versions or didn't apply patches

0

0.0%

1

9.1%

0

0.0%

Improper setting

1

50.0%

0

0.0%

1

20.0%

unknown and others

0

0.0%

7

63.6%

2

40.0%

No cause

0

0.0%

2

18.2%

2

40.0%

   


2.Network Monitoring Report in September

This is a statistics report obtained by monitoring access to each port of dedicated servers in IPA observation environment.


portscan

445(TCP):       This supposed to be an access to target Microsoft Windows' security holes that will be exploited mainly by W32/Sasser or W32/Gaobot worms..

135(TCP):       This supposed to be an access to target Microsoft Windows' security holes that will be exploited mainly by W32/MSBlaster or W32/Gaobot worms.   

4899 (TCP):     This might be an access to target the security holes or vulnerable settings of the remote controllable Radmin software. It also supposed to be an access that tries to interface to the backdoor which is created in the computers infected by W32/MSBlaster worm.  

2745(TCP):     This supposed to be an access to the backdoor which is created in the computers infected by W32/Bagle virus.

139 (TCP):     This supposed to be an access to target Microsoft Windows' security hole that will be exploited by W32/Gaobot worm, etc. 
 

3.Vulnerability Information published in September

IPA published the following information related to the vulnerability announced by other organizations.  

Microsoft:

-   Vulnerability in WordPerfect Converter Could Allow Code Execution (MS04-027)
 
-   Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (MS04-028)

Apple:

-    Multiple vulnerabilities in Mac OS X

Apache:

-    Release for Apache 2.0.51

Oracle:

-   Security Updates for Oracle Products

MIT:

-    Multiple vulnerabilities in MIT Kerberos 5

Winzip:

-    Multiple Vulnerability in Winzip

Mozilla:

-   Multiple vulnerabilities in Mozilla and its related products

Macromedia:

-    Releases for cumulative security patches in relation to JRun and ColdFusion MX

RealNetworks:

-    Multiple vulnerabilities in RealOne Player and Real Player, etc.

For more information, visit the URL below.
[Vulnerability Related information in September, 2004] (in Japanese) http://www.ipa.go.jp/security/news/news0409.html

Unauthorized Computer Access Reporting Program

The Ministry of Economy, Trade and Industry announced "Unauthorized Computer Access Prevention Guidelines" to prevent the spread of unauthorized computer access in Japan. IPA was designated to receive the "Unauthorized Computer Access Report" directly from damaged users to investigate unauthorized computer access problem and to provide monthly statistics. This reporting system started in August 1996. Anyone who has encountered unauthorized computer access is supposed to send an unauthorized computer access report with necessary information to IPA to prevent further spread and damage of unauthorized computer access. IPA deals with each reporter (user) on an individual basis as a consultant, and also works as a public research institute for unauthorized computer access measures by analyzing problems showed on the damage report. Taking reporters' privacy into full consideration, IPA periodically publishes the result of their research and analysis on unauthorized computer access.

Unauthorized Computer Access Prevention Guidelines
- Enactment on August 8, 1996 (release No.362)
- Amendment on September 24, 1997 (release No. 534)
- Amendment on December 28, 2000 (release No. 950)
- Amendment on January 5, 2004 (release No. 3)


Contact
IT Security Center, Information-technology Promotion Agency (IPA/ISEC)
Tel: +81- 3-5978-7527

Fax:+81- 3-5978-7518

E-mail:





Term of Use


Copyright(c) Information-technology Promotion Agency, Japan. All rights reserved 2005