Tuesday, April 17, 2007

Daily Highlights

The Associated Press reports a fierce storm drenched the Northeast with record rainfall and wind causing hundreds of thousands to lose electricity; the National Guard was sent to help with rescue and evacuation efforts in the suburbs north of New York City. (See item 2)
The Richmond Times Dispatch reports Virginia Tech in Blacksburg became the scene of the deadliest campus shooting in U.S. history when at least 33 people were killed Monday, April 16; at least 28 more were being treated at area hospitals. (See item 29)

Information Technology and Telecommunications Sector

31. April 16, IDG News Service — New worm targets Skype. A worm targeting Skype Ltd.'s Voice over Internet Protocol application is harvesting e−mail addresses and directing users to a range of sites hosting other malicious software, security vendors said Monday, April 16. Once a machine is infected, the worm sends a malicious link via instant messages to other users in person's Skype contact list, according to F−Secure's blog. The link leads to an executable file that downloads a Trojan horse capable of downloading other malicious software, F−Secure said. It then shows a photo of a "lightly dressed" woman. The link also directs users to at least eight Websites with information about Africa. It's not clear what type of scam or harm those pages intend, but some of the sites have advertising on them, indicating that it might be a click−fraud scam, said Graham Cluley, senior technology consultant for Sophos. F−Secure calls the worm "IM−Worm:W32/Pykse.A," and Sophos named it "Mal/Pykse−A."
Source: http://news.yahoo.com/s/pcworld/20070416/tc_pcworld/130757;_ylt=Aumu_8.D0MJkq.rkanl4WtYjtBAF

32. April 16, ComputerWorld — Exploit goes public for Windows DNS Server bug. A public exploit appeared just two days after Microsoft Corp. acknowledged a critical vulnerability in its server software, a change one security company said "greatly increases" the chances of a broad attack. The zero−day bug in the Domain Name System (DNS) Server Service in Windows 2000 Server (SP4) and Windows Server 2003 (SP1 and SP2) was confirmed by Microsoft late on Thursday. On Friday, the company said the current beta of Longhorn Server, the next−generation server software expected to ship later this year, was also affected. Symantec Corp. warned Saturday, April 14, that the Metasploit Project had released a public exploit for the vulnerability. "The release of this exploit greatly increases the chance of widespread exploitation of this issue before a patch is made available," warned Symantec. Metasploit is a security testing tool largely guided by developer and researcher HD Moore and is frequently first out the gate with exploits of Windows vulnerabilities.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9016686&intsrc=hm_list

33. April 16, ComputerWorld — Clear evidence of a two−phase attack plan, say researchers. The group behind last week's massive Storm Trojan spam blast set up Windows users with a one−two punch by switching tactics in mid−run, making the second stage's subject headings more believable, researchers said Monday, April 16. "There was a very distinct transition point" between the two stages, said Adam Swidler, senior manager of solutions marketing at Postini Inc. "It was a concerted effort to trick users." The huge wave of worm−infected spam e−mails sent out starting early Thursday had receded by about 2 a.m. Pacific Time Friday. "It petered out around then, and spam went back to its average daily and hourly rates," said Swidler.
Although most of the attention was paid to the attack's second phase −− when spammed messages arrived with subject headings such as "Worm Alert!" and "Virus Activity Detected!" −− the assault began with less alarming mail marked "Our Love Nest," "A Token of My Love" and other romantic phrases. The switch, speculated Swidler, was by design.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9016685&intsrc=hm_list

34. April 13, TechWorld (UK) — WiFi bug found in Linux. A bug has been found in a major Linux WiFi driver that can allow an attacker to take control of a laptop −− even when it is not on a WiFi network. There have not been many Linux WiFi device drivers, and this is apparently the first remotely executable WiFi bug. It affects the widely used MadWiFi Linux kernel device driver for Atheros−based WiFi chipsets, according to Laurent Butti, a researcher from France Telecom Orange, who found the flaw and released the information in a presentation at last month's Black Hat conference in Amsterdam. "You may be vulnerable if you do not manually patch your MadWiFi driver," said Butti. Before making it public, he shared the flaw with the MadWiFi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.
Source: http://www.techworld.com/mobility/news/index.cfm?newsID=8546&pagtype=samechan

35. April 12, eWeek — Federal government makes improvements in information security. A House committee gave the federal government a grade of C−minus for 2006 as part of the committee's annual assessment of how well information is protected on government computers. The annual report by the House Government Oversight and Reform Committee is meant to judge compliance with the Federal Information Security Management Act (FISMA). The committee has given the government overall grades of D, D−plus and D−plus in 2003, 2004 and 2005, respectively. The Department of Justice (DOJ) and the Department of Housing and Urban Development (HUD) showed the most improvement from 2005 to 2006. The DOJ jumped from a D to an A−minus, while HUD climbed from D−plus to A−plus. HUD, for the first time, developed a full inventory of its information security apparatus, which the committee counted as a major plus in the grading. NASA fell from a B−minus to a D−minus, and the Department of Education dropped from a C−minus to an F, according to the committee. The Department of Homeland Security received a D for 2006, marking the first time it did not receive an F since ratings began in 2003.
FISMA report: http://www.whitehouse.gov/omb/inforeg/reports/2006_fisma_rep ort.pdf
Source: http://www.eweek.com/article2/0,1895,2113592,00.asp