IPA/ISEC Unauthorized Computer Access Report

$$BK\J8$X(B$		TOP\|Aplication\|Contact us\|Sitemap
		Search

	IT Security Center	The Information-technology SEcurity Center (ISEC) is the center for promoting information security in Japan.

	Japanese
	Activities
	Information Service Activities

	Security Software Development Activities

	CRYPTREC

	IT SecurityAssurance


	Organization


	PGP key


	RFCs


	Mission Statement


	Links


	About IPA/ISEC

IPA TOP>IT Security Center Japanese TOP>IT Security Center English TOP>information

Unauthorized Computer Access Incident Report[Details]

backnumber

November 12, 2004
IT Security Center
Information-technology Promotion Agency , Japan (IPA)

This is a detail of Unauthorized Computer Access Incident Reports for October 2004 compiled by IPA.

1.Details of Unauthorized Computer Access Incident Report

(1) Shift in Number of Reports by Month

(2) Shift in Type of Unauthorized Computer Access by Month

Type	May	June	July	Aug.	Sep.	Oct.
Intrusion	3	1	4	8	2	2
Access Probe (Attempt)	88	47	36	48	26	50
Infection with worm	0	0	0	0	0	0
Worm Probe	2	1	1	1	0	0
Unauthorized Mail Relay	0	0	0	0	0	0
Source Address Spoofing	1	1	3	2	0	1
DoS	0	2	0	0	0	0
Others	2	0	1	1	0	0
Total	96	52	45	60	28	53

(3) The Number of Reports Classified by Filers

The largest number of reports is from individual users that reach to 92.4 % .

Filer	Number of reports
Filer	2004 October		2004 September (Previous month)		2003 October (The same month a year ago)
General Corporate Users	3	5.7%	1	3.6%	13	43.3%
Individual Users	49	92.4%	26	92.8%	15	50.0%
Education/ Research Institute	1	1.9%	1	3.6%	2	6.7%

(4) The Number of Reports Classified by Cause

The causes for break down reported in October were 1 for insufficient ID/Password management and another 1 for insufficient settings. .

Cause	Number of reports
Cause	2004 October		2004 September (Previous month)		2003 October (The same month a year ago)
Insufficient management of ID and password	0	0.0%	1	50.0%	1	10.0%
Using older versions or didn't apply patches	2	66.7%	0	0.0%	0	0.0%
Improper setting	0	0.0%	1	50.0%	5	50.0%
unknown and others	0	0.0%	0	0.0%	1	10.0%
No cause	1	33.3%	0	0.0%	3	30.0%

2.Network Monitoring Report in October

This is a statistics report obtained by monitoring access to each port of dedicated servers in IPA observation environment.

portscan

135(TCP):       This supposed to be an access to target Microsoft Windows' security holes that will be exploited mainly by W32/MSBlaster or W32/Gaobot worms.

445(TCP):       This supposed to be an access to target Microsoft Windows' security holes that will be exploited mainly by W32/Sasser or W32/Gaobot worms..

4899 (TCP):     This might be an access to target the security holes or vulnerable settings of the remote controllable Radmin software. It also supposed to be an access that tries to interface to the backdoor which is created in the computers infected by W32/MSBlaster worm.

139 (TCP):     This supposed to be an access to target Microsoft Windows' security hole that will be exploited by W32/Gaobot worm, etc.

3.Vulnerability Information published in October

IPA published the following information related to the vulnerability announced by other organizations.

Microsoft:

-   Vulnerability in RPC Runtime Library Could Allow Information Disclose and Denial of Service (MS04-029)

-   Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (MS04-030)

-   Vulnerability in NetDDE Could Allow Remote Code Execution (MS04-031)

-   Security Update for Microsoft Windows (MS04-032)

-   Vulnerability in Microsoft Excel Could Allow Remote Code Execution (MS04-033)

-   Vulnerability in Compressed (Zipped) Folders Could Allow Code Execution (MS04-034)

-   Vulnerability in SMTP Could Allow Remote Code Execution (MS04-035)

-   Vulnerability in NNTP Could Allow Code Execution (MS04-036)

-   Vulnerability in Windows Shell Could Allow Remote Code Execution (MS04-037)

-   Cumulative Security Update for Internet Explorer (MS04-038)

Apple:

- Multiple vulnerabilities in Mac OS X

- Multiple vulnerabilities in QuickTime

RealNetworks:

- Vulnerability in RealOne Player, Real Player

For more information, visit the URL below.
[Vulnerability Related information in October, 2004] (in Japanese) http://www.ipa.go.jp/security/news/news0410.html

Unauthorized Computer Access Reporting Program

The Ministry of Economy, Trade and Industry announced "Unauthorized Computer Access Prevention Guidelines" to prevent the spread of unauthorized computer access in Japan. IPA was designated to receive the "Unauthorized Computer Access Report" directly from damaged users to investigate unauthorized computer access problem and to provide monthly statistics. This reporting system started in August 1996. Anyone who has encountered unauthorized computer access is supposed to send an unauthorized computer access report with necessary information to IPA to prevent further spread and damage of unauthorized computer access. IPA deals with each reporter (user) on an individual basis as a consultant, and also works as a public research institute for unauthorized computer access measures by analyzing problems showed on the damage report. Taking reporters' privacy into full consideration, IPA periodically publishes the result of their research and analysis on unauthorized computer access.

Unauthorized Computer Access Prevention Guidelines
- Enactment on August 8, 1996 (release No.362)
- Amendment on September 24, 1997 (release No. 534)
- Amendment on December 28, 2000 (release No. 950)
- Amendment on January 5, 2004 (release No. 3)

Contact
IT Security Center, Information-technology Promotion Agency (IPA/ISEC)
Tel: +81- 3-5978-7527

Fax:+81- 3-5978-7518

E-mail:


Term of Use	Copyright(c) Information-technology Promotion Agency, Japan. All rights reserved 2005