Wednesday, April 30, 2008

Daily Report

• According to the Terre Haute Tribune-Star, a faulty flange resulted in synthetic gas exploding and killing two workers Monday at SG Solutions, a coal gasification plant north of Terre Haute, Indiana. (See item 1)

• The Associated Press reports several Web sites of Radio Free Europe have been attacked. The assault began Saturday and continues in the form of a denial-of-service attack that floods servers with fake traffic so legitimate visitors cannot get through, the network said, suggesting the Belarus government could be responsible. (See item 31)

Information Technology

30. April 29, IDG News Service – (International) Microsoft botnet-hunting tool helps bust hackers. Botnet fighters have another tool in their arsenal, thanks to Microsoft. The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows. Although Microsoft is reluctant to give out details on its botnet buster – the company said that even revealing its name could give cyber criminals a clue on how to thwart it – company executives discussed it at a closed door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft’s users, said an attorney with Microsoft’s World Wide Internet Safety Programs. “I think of it ... as botnet intelligence,” he said. Microsoft security experts analyze samples of malicious code to capture a snapshot of what is happening on the botnet network, which can then be used by law enforcers, he said. Botnets have been on Microsoft’s radar for about four years, ever since the company identified them as a significant emerging threat. In fact, the software vendor has held seven closed-door botnet conferences for law enforcement officials over the years, including an inaugural event in Lyon, France, hosted by Interpol, the Microsoft attorney said. Microsoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year. Source:

31. April 28, Associated Press – (International) Radio Free Europe says it’s under attack. Several Web sites of the U.S.-funded Radio Free Europe/Radio Liberty have been attacked, the broadcaster said Monday, suggesting the Belarus government could be responsible. In the form of a denial-of-service attack that floods servers with fake traffic so legitimate visitors cannot get through, the assault began Saturday and continues, the network said in a statement. The broadcaster said it is trying to restore its Web sites. The attack is aimed mainly the site of Radio Free Europe’s Belarus service, but Web sites serving Iran, Russia, Azerbaijan, Tajikistan, Kosovo, Macedonia, Bosnia, and Croatia also have been affected. The network’s president compared the attack to communist countries jamming U.S.-backed broadcasts during the Cold War. “Dictators are still trying to prevent the kind of unfiltered news and information that (Radio Free Europe) provides from reaching their people,” he said. “They did not succeed in the last century and they will not succeed now.” Radio Free Europe/Radio Liberty is a private, nonprofit corporation that receives funding from the U.S. government. The head of the radio’s Belarus service said the attack began on the 22nd anniversary of the Chernobyl nuclear catastrophe in Ukraine. He said a similar attack took place the same day one year ago but lasted only hours and did not hit services in other languages. Source:

32. April 28, Dark Reading – (International) ‘Long-Term’ phishing attack underway. The notorious Rock Phish gang has added a new twist to its phishing exploits that does not require its victim to visit a malicious Website – instead, it just loads a malicious keylogging Trojan onto the victim’s machine that steals information or credentials. Both Trend Microand F-Secure over the past few days spotted new iterations of the attack, which was first reported by RSA last week. The latest tack is phishing emails posing as Comerica Bank and Colonial Bank that ask banking customers to renew their digital certificates. When they click on the link for more information on the phony renewal process, it downloads the nasty Trojan onto their desktops. “In a way, it’s so blatant that it reminds me of the worms of ‘04 and ‘05… such as Bagel. They would come via email, and you’d receive an executable file” in them, said a threat research project manager for Trend Micro. The danger of the so-called Zeus Trojan is that it can execute what he calls a “long-term” phishing attack on the victim. “It can stay there and log credentials, personal information, and steal personal information. Basically anything you type,” he says. The version Trend has been studying has the ability to receive downloaded updates to itself, he says. “So now the phishers don’t need to ask for passwords anymore, they can just take them.” Source:

Communications Sector

33. April 28, Dark Reading – (National) Wireless vulnerabilities present enterprise-wide threats, expert says. Wireless vulnerabilities in corporate environments are creating as great a threat now as the Internet did in its early days, the CEO of AirPatrol said Monday at the Computer Security Institute’s CSI CX conference, which is being held concurrently with Interop in Las Vegas, adding that “the rapid growth of wireless networking has increased the threat.” In an effort to save money and reduce infrastructure, many companies are moving toward a wireless infrastructure, which puts their networks at a greater risk than ever, he said, adding that “many of the old vulnerabilities that existed in the wireless environment still have not been resolved.” Source: