Friday, February 15, 2008
• The U.S. Department of Agriculture is proposing a big increase in spending to protect the U.S. food and agriculture system from terrorist threats and other disasters in fiscal year 2009, while seeking somewhat less money for avian influenza control efforts. (See item 16)
• Organized criminal hackers are waging a highly sophisticated war by exploiting vulnerabilities in end users’ web browsers using drive-by downloads, security experts warn. During the past 18 months, Google has found more than three million unique URLs on over 180,000 sites automatically installing malware. IBM reported that criminals are directly attacking web browsers in order to steal identities, gain access to online accounts, and conduct other illicit activities. (See item 23)
22. February 13, InfoWorld – (National) Attack code posted for Microsoft Works bug. Just one day after Microsoft issued a massive set of security patches for its software, hackers have begun posting code showing how to exploit one of the flaws. The proof- of concept code, posted Wednesday to the Milw0rm Web site, exploits a bug in the Microsoft Works file converter software that is part of Office 2003 and can be used to run unauthorized software on a victim’s computer. The flaw also affects Works 8 and Works Suite 2005. To fall prey to the attack, a victim would first have to open a malicious Works attachment. Hackers have uncovered many of these file-format bugs in recent years, and they are generally not used in widespread attacks. In fact, security vendor Symantec predicts that we will see fewer of these attacks in the months ahead as online criminals increasingly rely on browser bugs to do their dirty work. “The bad guys, they’re looking for different ways to trick people,” said the director of development with Symantec Security Response. “The popular method of choice is to exploit plug-ins in browsers right now.” Still, he expects criminals to try out this latest attack code. “It’s so simple,” he said. “All you have to do is get someone to open the document.” As of Wednesday, Symantec had not seen any signs of attackers taking advantage of any of the flaws that Microsoft fixed this week.
23. February 13, vnunet.com – (National) Organized crime exploiting browser vulnerabilities. Organized criminal hackers are waging a highly sophisticated war by exploiting vulnerabilities in end users’ web browsers using drive-by downloads, security experts warn. The extent of the threat was exposed in a recent Google Online Security Blog post and the 2007 Trend Statistics Report from IBM’s X-Force. “It has been 18 months since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. pages that attempt to exploit visitors by installing and running malware automatically,” the Google blog stated yesterday. “During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 sites automatically installing malware.” Google’s team also reported that around two percent of malicious websites are delivering malware via advertising. IBM reported recently that criminals are directly attacking web browsers in order to steal identities, gain access to online accounts, and conduct other illicit activities.
24. February 13, Agence France-Presse – (International) Phone viruses to spread as telecom, computer worlds merge, say experts. Viruses and hacking on mobile phones are still rare, but attacks are a looming danger as increasing numbers of people access the Internet and download files with their handsets, experts say. A survey released this week at the industry’s Mobile World Congress showed that only 2.1 percent of people had been struck by a virus themselves and only 11.6 percent knew someone who had been affected by one. The poll by IT security specialist McAfee – based on 2,000 people in Britain, the U.S., and Japan – showed that 86.3 percent had had no experience of mobile phone viruses. The survey did suggest however that the more developed the mobile market is, with high use of the Internet and downloads, the more likely people were to be hit by bugs. Virus attacks in Japan, the most developed mobile phone market in the world, were far more commonplace than elsewhere. The website www.mobilephoneviruses.com, which tracks incidents of mobile virus infections, lists a handful of examples such as Skulls, Velasco, and Commwarrior. The latter infected about 110,000 phones in Spain last year, attacking phones running Nokia’s Symbian operating system. It spread via MMS messages, text messages containing an audio, video, or picture file. “Viruses aren’t a huge issue now but they have the potential to be so in the future when Internet use is more widespread,” said a telecom analyst.
25. February 13, Marketwire – (National) Satellite broadband to serve nearly 1.3 million homes by 2012. Satellite-based broadband services – a good way to get broadband access to hard-to-reach rural areas – could be serving nearly 1.3 million U.S. households by the beginning of 2012, market research provider Pike & Fischer estimates. But that will represent only about 11 percent of total rural homes, P&F notes. In a new report, “The Satellite Broadband Market Opportunity,” P&F sites a few satellite companies making strides in the broadband market, including Hughes, WildBlue, and ViaSat. Those companies are narrowing the digital divide by delivering broadband services to rural locations not served by cable and DSL (digital subscriber lines). But the satellite companies face some significant challenges in gaining market traction, the Silver Spring, MD-based research house concludes. For example, the high costs of launching satellites will make it difficult for satellite broadband providers to keep pricing competitive while still achieving a suitable return on investment. In addition, satellite companies could simply encounter lower-than-expected demand for their services.