Daily Report Tuesday, November 7, 2006

Daily Highlights

A report by the Financial Action Task Force highlights the risks of criminal exploitation of new payment methods, many of which have taken hold on the Internet in recent years; the biggest new online payment brokers are eBay's PayPal, and Neteller. (See item 5)
The Associated Press reports rail passengers in Buffalo, New York, will undergo explosives screening beginning Tuesday, November 7, as part of a program being tested by the Transportation Security Administration. (See item 9)
Fraud investigators say that the U.S. Postal Service’s “change of address” system may be leaving people vulnerable to identity theft with thieves filling out a change of address card and thereby accessing private mail including critical credit card bills. (See item 13)

Information Technology and Telecommunications Sector

30. November 06, Secunia — Microsoft XMLHTTP ActiveX control code execution vulnerability. A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious Website using Internet Explorer. NOTE: The vulnerability is already being actively exploited. Solution: Microsoft has recommended various workarounds including setting the kill−bit for the affected ActiveX control. See the vendor's advisory for details: http://www.microsoft.com/technet/security/advisory/927892.ms px
Source: http://secunia.com/advisories/22687/

31. November 06, VNUNet — Malicious Trojan poses as McAfee alert. Security experts have intercepted a mass mailing purporting to come from McAfee, but which actually spreads a Trojan horse. Kaspersky Labs described the mass mailing as "unusual" because the messages attempt to spoof the e−mail address mcafee@europe.com. The Lafool.v infection is hidden in a Word document called "McAfee Inc. Reports.doc." The file is 80,635 bytes in size, and allegedly contains a report about the propagation of malicious programs on the Internet. However, the document actually contains a macro written in Visual Basic for Applications. Lafool.v extracts a new modification of LdPinch, a well−known Trojan password stealing program, from itself and launches it for execution, Kaspersky Labs warned.
Source: http://www.vnunet.com/vnunet/news/2168037/malicious−trojan−p oses−mcafee

32. November 06, Sophos — Sophos reveals top 12 spam producing countries. Sophos has published its latest report on the top twelve spam relaying countries over the third quarter of 2006. Sophos experts believe that a possible reason for America's increasing lead in relayed spam when compared to its closest rival, China, is the emergence of over 300 strains of the mass−spammed Stratio worm. The worm, also known as Stration or Warezov, uses a trick dependent on the victim being able to speak English in its attempt to convert innocent PCs into members of a spam botnet. The top twelve spam relaying countries in July−September 2006 are as follows: 1) United States: 21.6 percent; 2) China (including Hong Kong): 13.4 percent; 3) France: 6.3 percent; 3) South Korea: 6.3 percent; 5) Spain: 5.8 percent; 6) Poland: 4.8 percent; 7) Brazil: 4.7 percent; 8) Italy: 4.3 percent; 9) Germany: 3.0 percent; 10) Taiwan: 2.0 percent; 11) Israel 1.8 percent; 12) Japan: 1.7 percent.
Source: http://www.sophos.com/pressoffice/news/articles/2006/11/dirt ydozq306.html