Friday, June 27, 2008
Daily Report
• The Associated Press reports that Saudi Arabian authorities have arrested this year 520 people with suspected ties to Al Qaeda. Some of those arrested and detained were plotting attacks against an oil installation and “security target.” (See item 1)
• The National Intelligence Council chairman warned that global climate change could sap the country’s military forces – while fueling new conflicts around the world. He also reported that a number of active coastal military installations in the U.S. are at risk for damage, including two dozen nuclear facilities and numerous. (See item 12)
Banking and Finance Sector
Nothing to report
Information Technology
35. June 26, IDG News Service – (International) Antispam group outlines defenses to block botnet spam. A major anti-spam organization is pushing a set of new best practices for ISPs (internet service providers) to stop increasing volumes of spam from botnets. The guidelines, from the Messaging Anti-Abuse Working Group (MAAWG), were drawn up at a meeting in Germany last week and deal with forwarded e-mail and e-mail that is sent from dynamic IP (Internet Protocol) addresses. Many people forward their e-mail from one address to another, a relay that goes through their ISPs mail server. But many ISPs use automated tools that could begin blocking further e-mail to an address if a large volume of e-mail has come through. Legitimate messages would be blocked, too. ISPs can fix this by separating the servers that receive e-mail and ones that then forward e-mail. That way, ISPs can filter out spam coming into the accounts before forwarding, taking a look at the messages, and spotting which ones came from dodgy domains, he said. MAAWG’s second recommendation deals with the long-standing problem of PCs that have been infected with malicious software that sends spam. The PCs are part of botnets, or networks of computers that have been compromised by hackers. After a PC is infected, it will often start sending spam through port 25 straight onto the Internet. That contrasts with legitimate e-mail, which usually goes through the ISP’s mail server first before being sent on. MAAWG’s primary suggestion for ISPs is to block all machines on dynamic IP addresses that are sending e-mail on port 25 outside their own network unless there are special, legitimate circumstances. But MAAWG said that idea may not be possible for some ISPs, and its guidelines offer another alternative: ISPs should share information about their dynamic address space. That would let other ISPs refine their spam filters. Source: http://www.pcworld.com/businesscenter/article/147586/antispam_group_outlines_defenses_to_block_botnet_spam.html
36. June 25, SC Magazine – (International) Szirbi botnet causes spam to triple in a week. Malicious spam has tripled in volume in a week, most of it caused by the Srizbi botnet, according to research by the Marshal TRACE team. In the beginning of June, three percent of total spam was malware. However by the following week, that amount jumped to 9.9 percent. Malcious spam usually contains a URL linking to a malware-serving website. Since February, Srizbi has been responsible for nearly half of all spam, overtaking the previous record holder — the Storm botnet. Srizbi is a pernicious botnet, not just due to its size, but also because it implements an extremely fast mail-sending engine, a senior anti-spam technologist at messaging security vendor MessageLabs said. With Srizbi, botnet authors “moved the engine into the Windows kernel” “This allows it to send more mail per hour than a regular botnet.” Most of the recent malicious spam is capitalizing on two popular ways of social networking. One is to spoof the Classmates.com site by sending messages saying there is an update on friend information. The other is to send a video link with a message stating, “Here’s a link of you doing something stupid.” “The botnet is very good at keeping out of sight,” he added. “It changes frequently, making it more difficult to detect with malware scanners.” Source: http://www.scmagazineus.com/Szirbi-botnet-causes-spam-to-triple-in-a-week/article/111720/
37. June 25, Blocksandfiles.com – (International) USB thumb drives fingered as Trojan carriers. The Japanese newspaper Yomiuri Shimbun reports a local Trend Micro survey that says USB-carried Trojans are on the rise. The most damaging Trojan is called MAL OTORUN1 along with its derivatives. There were 58 infections of this through flash drives in February, which rose to 138 in March, 110 in April, and 150 last month. Source: http://blocksandfiles.com/article/5729
38. June 25, ComputerWorld – (International) Cleaning Chinese malware sites a ‘bigger challenge’ than in U.S., says researcher. More than half the sites spreading malicious code are hosted on Chinese networks, an anti-malware group said Wednesday. Of the over 213,000 malware-hosting sites analyzed last month by Stopbadware.org — a joint effort of researchers at Harvard University, Oxford University and several corporations, including Google Inc. and Sun Microsystems Inc. — 52% were hosted by servers running Chinese IP addresses. Of the top 10 networks serving malicious code, six are Chinese. The U.S. hosts 21% of the malware sites, giving it the dubious honor of second place. Stopbadware.org, which uses data collected by Google’s crawlers, would not speculate on what proportion of the sites, Chinese or otherwise, are deliberately hosting malicious code and what fraction are actually legitimate sites that have been hacked. But the dramatic year-to-year growth in the number of sites serving up malware is likely due to a boom in site hacking. The problem has become so acute, said Microsoft Corp. Tuesday, that it and Hewlett-Packard Co. joined forces to launch free tools that site developers and administrators can use to search for vulnerable code and block incoming attacks Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9103378&taxonomyId=17&intsrc=kc_top
Communications Sector
39. June 26, Xinhua – (International) African countries meet over submarine fiber optic cables. Ten African countries are meeting in Lome, Togo, to explore and work out ways to promote and enhance access to the deployment and use of fiber optic technologies across parts of West and Central Africa, according to official sources. The meeting, which began on Wednesday, will deliberate on ways to spur the implementation of the Agreement for Construction and Maintenance as well as contracts for the supply of the system, approved and signed by the governments of the ten countries. The ten countries, all member states of the Interim Committee for the Management Project of Fiber Optic Submarine Cables (WAFS), are scheduled to meet for two days in a bid to address the issue of communications in the sub-region, according to a statement issued by the organizers of the event. The WAFS project is intended to lay a series submarine fiber optic cables along the West African coast while passing through ten members, including Togo, Benin, Cameroon, Angola, the Republic of Congo, Gabon , Equatorial Guinea, the Democratic Republic of Congo, Botswana, and South Africa. These cables will be interconnected with other fiber optic cables, which are already existent in the West African sub-region. They will be used to provide broadband internet services in each of these countries. Source: http://news.xinhuanet.com/english/2008-06/26/content_8444681.htm
40. June 26, New York Times – (New York) More delays for cameras in subways. Aging fiber-optic cable in Brooklyn and Queens has become the latest obstacle to a planned high-tech system of surveillance cameras meant to safeguard the subway and commuter railroads, according to Metropolitan Transportation Authority officials. The system, which is expected to cost at least $450 million, is a crucial component of a larger program to thwart terrorist attacks on the region’s transportation network, but it has met repeatedly with technical problems and delays. On Wednesday, the authority’s board authorized the replacement of 84,000 feet of old fiber-optic cable, which was installed in the late 1980s. The replacement will cost $5 million and is being done as part of a separate project to build out the subway’s data network. According to a board document, tests on the cable showed that it had “many broken fibers unsuitable to carry the high bandwidth required” to transmit large amounts of data, which hindered the surveillance camera project. The document did not say how long it would take to replace the cable. Source: http://www.nytimes.com/2008/06/26/nyregion/26security.html?ref=nyregion
41. June 25, Network World – (National) Avaya, Cisco and Nortel face VoIP vulnerabilities. Voice-over-IP (VoIP) customers of Avaya, Cisco, and Nortel should look Wednesday for patches that correct newly found vulnerabilities that, if exploited, can result in remote code execution, unauthorized access, denial of service, and information harvesting. The vulnerabilities were found by VoIPshield Laboratories, the research division of VoIPshield Systems Inc., and reported earlier to the three vendors to give them time to develop patches for the flaws, said the president and chief executive officer of VoIPshield. He would not reveal more details because his company and the affected VoIP vendors agreed to a simultaneous announcement. Details of the vulnerabilities and the vendor responses are scheduled to be released Wednesday at noon Eastern Standard Time. The vulnerabilities affect voice servers -- VoIP PBXes -- and softphone software that runs on laptops and desktops. VoIPshield ranks most of the vulnerabilities found as either critical or high, the two most severe rankings on its four-step scale. Avaya, Cisco, and Nortel were chosen for vulnerability testing because they represent the bulk of IP PBX sales in North America. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9103318&taxonomyId=17&intsrc=kc_top
No comments:
Post a Comment