Another case of mi2g sending out FUD filled mail. When challenged by Space
Rogue of Hacker News Network / l0pht, mi2g did not respond. No surprise.

---------- Forwarded message ----------
From: contact 
X-Sender: contact@br0ke.l0pht.com
To: "f5y3@mi2g.com" 
Date: Tue, 2 Nov 1999 10:49:47 -0500
Subject: Re: private and confidential


Have you found and isolated this code? Are you dealing with more than one
version? Has it been submitted to the proper authorities? Have you taken
any other action other than contacting CERT? Has CERT responded?  Do you
have othe information available on this virus/tojan/malicous code?

This email tells me nothing.  If this is a real threat more action should
be taken other than sending an email to CERT.

If the Sunday Times reporter erred in his reporting either he made bad
conclusions or he was given incorrect information.

And the use of this term "one-time Hacker Activated Code" means what
exactly?

Space Rogue
Editor in Chief
The Hacker News Network

contact@hackernews.com
http://www.hackernews.com

> Dear Sir
>
> Re:  London Sunday Times Article / nvirB
>
> Please note that what we found with the two client cases was not a generic
> virus but customised one-time hacker activated code (HAC) modules.
> Various
> emergency response teams including www.cert.org have been informed around
> the world.
>
> Sunday Times were not correct in calling the Hacker Activated Code a
> virus.
> I enclose the document sent to www.cert.org for your perusal.
>
> Best wishes
>
>
>
>
> Robert Young
> mi2g e-risk solutions
>
> London, UK, 09:30 GMT 28th October 1999 - mi2g software (www.mi2g.com) has
> had two serious cases in October of clients being attacked by one-time
> Hacker Activated Code (HAC) modules that bring the clock forward to
> different dates in January 2000.  The computers attacked have been
> primarily running Windows NT, 98 & 95 and MS Office applications.  Some of
> the other computers on the network have been Linux and Solaris.
>
> The time forwarding is being achieved by the one-time HAC modules within
> the attacked computer networks by setting an individual workstation or
> local network's clock forward, whilst disabling its synchronisation
> ability
> with the central time server.
>
> One of the immediate effects on Y2k non-compliant computers and
> peripherals
> has been serious mal-function. Even for those systems that are Y2k
> compliant the forward clock setting has caused between 25% to 40% of
> software licenses, passwords, user accounts and files to fail.
>
> The head of the SIPS? team has made the following comments:
>
> Not just financial risks but serious safety issues are involved. For
> example, major airline and air control networks are prone to malevolent
> access and not all of them around the world are fully Y2K compliant at
> present.
>
> If a malevolent employee, virus writer or hacker ends up forwarding the
> system clock by say three months to 28th January 2000 using these one-time
> HAC modules or other mechanisms, this appears to trigger:
>
> 1.  Immediate shut down for Y2k non-compliant systems;
> 2.  Partial operability for Y2k ready systems that have monthly or
> bimonthly expiry dates linked with software licenses, passwords, user
> accounts and files.
>
> At present, system clocks investigated are especially vulnerable and need
> to be guarded.  As Y2k clock tampering one-time HAC modules (Hacker
> Activated Code) continue to proliferate, time forwarding of a network's
> internal clocks is a high risk especially for non-compliant Y2k businesses
> as this accelerates the Millennium Bug forward straightaway.


main page ATTRITION feedback