Friday, December 28, 2007

Daily Report

• The New York Daily News reported that a special task force deemed all of the state’s 49 deck truss bridges safe to traverse despite finding cracked beams, deteriorating concrete and missing bolts on 20 of the inspected spans. The study by the state Bridge Task Force found flaws in four key spans in New York City, including decaying steel beams and crumbling decks on the Brooklyn Bridge. Officials said none of the flaws pose an immediate threat and all are fixable. (See items 8)

• According to City Pages, despite an overall decrease in the number of tuberculosis infections nationwide in recent years, Minnesota’s rate increased 9 percent between 2005 and 2006. Many cases involve drug-resistant TB. Officials say 82 to 85 percent of TB in Minnesota is diagnosed in foreign-born people, and local doctors are reluctant to sound the alarm too loudly for fear of stirring up anti-immigrant backlash. (See item 16)

Information Technology

20. December 27, Computerworld – (National) Storm switches tactics third time, adds rootkit. The ongoing Storm Trojan attack that began Monday has morphed again, security researchers said today, changing the malicious file’s name, shifting to new malware hosting servers, and adding a rootkit to cloak the bot code from anti-virus software. Spam messages attempting to dupe users into installing the bot-making Trojan now include links or, different URLs than in the second-wave attack that began Christmas Day. According to analysts at the SANS Institute’s Internet Storm Center (ISC) and U.K.-based Prevx Ltd., the name of the file users are asked to download has also changed from Tuesday's “happy2008.exe.” The file being shilled today is tagged to “happynewyear.exe.” More important is the behind-the scenes addition of a rootkit to the versions of Storm now being seeded to infected machines, said researchers. Several researchers have posted analyses of Storms cloaking attempt. “[Storm now has] better hiding skills, no visible running processes, nastiness all hidden from the API (can you say rootkit?),” said one. Fortunately, said another, the rootkit is relatively old, and thus detectable by at least some security software. Neither is the move by Storm’s makers to hide its components and operations from anti-virus programs a new thing: the Trojan began using rootkits months ago. According to WHOIS look-ups, both the and domains were registered with a Russian domain registrar named RUcenter only yesterday; the listed contact for the two domains is based in Los Angeles, but the contact phone number gave only a constant busy signal. Since the newest Storm attack began on Monday with spam touting Christmas-themed strippers, the code has repacked hundreds of times, a trick malware authors use to deceive signature-based antivirus software. Prevx, said its researcher, has already detected more than 400 variants of the version now in circulation.

21. December 26, Computerworld – (National) Pump-and-dump scam spam switches on video. Pump-and-dump stock scammers have begun spiking their spam with highquality video clips -- the latest move in a long-running scheme that in the past has relied on image files, PDF documents and even robotic audio to dupe consumers, a security company said today. Symantec Corp. said on Monday that it had snared samples of pump-and-dump spam that linked to a high-definition video stream hyping a uranium exploration firm’s stock. “The online video streaming is about 30 seconds long, with very crisp and clear sound, and the video quality is very impressive,” noted a Symantec analyst, on the security vendor’s blog. Some of the video clips even include phony “financial analysts” who talk up the stock with a just-as-bogus “host” of a no-name stock-tip program. The spam’s copy appears to tout the stock of Wave Uranium Holding, a Las Vegas-based company that says it has uranium claims in Arizona and other mining rights in Utah. Wave Uranium’s stock is traded on the Over The Counter Bulletin Board exchange, which deals with low-priced, low-volume shares. Other spam caught in Symantec’s honeypots took a different approach that used previously poisoned video search engines. “This e-mail directs the user to key words (tags) from the spam sample message,” said the researcher. “The tags are then inserted into popular video search engines and usually come up with many video records uploaded with the same or similar description of the penny stock that spammers wish to promote.” Among the tags touted in the spam were “hot stock,” “madcap” and “pinksheet.” Pump-and-dump scams have plagued consumers’ in-boxes all year, with messages that have included image files, synthesized speech, PDF documents and Microsoft Excel spreadsheets to evade antispam filters. The schemes can be extremely profitable. In September, for instance, federal authorities announced that a group of stock scammers had pleaded guilty to multiple fraud counts only after they had bilked investors of over $20 million.

Communications Sector

22. December 26, Chicago Tribune – (National) TV group sees dark time if white space opened up. When a Dallas TV station started transmitting digital signals a decade ago, five dozen wireless heart monitors at Baylor University quit working. Baylor got different monitors, and no patients were harmed, but it is a story that the executive vice president of the National Association of Broadcasters still tells to argue against allowing electronic devices to operate on vacant TV channels. “That was an unforeseen circumstance,” he said. “It shows how predictions of the way things will work don’t always come true in the real world.” The nation’s TV broadcasters are fighting Google, Microsoft and other high-tech firms that want to use vacant TV channels to carry highspeed data for a new generation of gadgets. Called “white space,” over-the-air channels like 6 and 8 in Chicago are left vacant to prevent signals broadcast on Channels 5, 7 and 9 from interfering with one another. But new digital technology and smart radios that sense whether broadcast channels are being used should enable low-power devices to use vacant channels without hurting TV reception, Internet-oriented executives argue. Utilizing white-space channels will provide consumers with more affordable ways to access the Internet and encourage innovators to make nifty new wireless gizmos, said the director of government relations for the Information Technology Industry Council. This would be especially useful in rural areas where high-speed Internet connections are scarce and vacant TV channels plentiful, he said. Once America’s TV broadcasters switch from analog to all-digital transmissions in February 2009, white-space channels should be open to unlicensed portable devices, he said. Broadcaster arguments that smart radios cannot use white space without causing TV interference are off the mark, said the vice president of the New America Foundation. For example, one segment of radio spectrum controlled by the Department of Defense for radar transmissions is open to sharing with unlicensed devices in much the same way proposed for TV white space, he said. This month, the UK approved a digital TV white-space sharing plan similar to the one at the FCC.