Evidence Mounts of pro-Serbian internet Attack on NATO
London, UK, 17th April 1999 - mi2g Cyber Warfare Advisory Number
2- "Over the last two weeks, a stream
of emails carrying viruses have been received by some businesses, public organisations
and academic institutes in a number of NATO member and non-member countries",
said a spokesman for London based mi2g, an internet
software company specialising in Knowledge Management.
The contents of the messages are normally highly politicised attacks on NATO's
unfair aggression and defending Serbian rights using poor English language
and propaganda cartoons. The damage to the addressee is usually incorporated
in several viruses contained within an attachment, which may be plain language
or anti-NATO cartoon.
The messages have been arriving from a range of Eastern European countries.
Typically 25 different strains of viruses have been detected so far by using
commercial off-the-shelf anti-viral software. This is not a guarantee for
the most advanced forms of virus, which may be time triggered at a pre-set
future date or may remain undetected simply because there is no knowledge
of their presence as yet.
In particular, there is evidence of recipients in the following countries
UK - International Newspaper Publisher with world circulation; Academic Institutes
with News Media affiliations; Major Internet Access and Service Providers
USA - E-commerce on-line trading companies; Leading Daily Newspaper in a
Business City; Internet Service and Access Providers on the West Coast; Intermedia
Communications Company on the East Coast; Major network community for female
Denmark - On-line reference and academic networks
Germany - Major Berlin based Newspaper publisher
Italy - Major Milan based Electronics Institute
Switzerland - Major University IT Department
In particular, companies in such sectors as communications, telecoms, healthcare,
power generation and distribution, financial services, municipal services
may be at risk and should now check their email and web sites for any evidence
suggesting the reception of internet communications from unknown sources.
Such communications could contain embedded viruses designed to become active
at a preset future date or stimulated by a particular signal.
If there is evidence of any of the following:
1. Messages from unknown senders
2. Unsolicited Word Attachments with a political content
3. Very poor English language usage
4. Cartoon graphics with an anti-NATO slant
In such cases the addressee would be well advised to seek professional IT