Monday, May 5, 2008

Daily Report

• According to CNN, the U.S. Air Force grounded all T-38C training jets Thursday after the second fatal crash involving the aircraft in eight days. Two pilots died when their high-altitude supersonic plane went down during a routine training mission. (See item 8)

• WRAL 5 Raleigh reports two men were arrested Wednesday in North Carolina after their homemade bomb exploded prematurely, injuring both. The pair had made several bombs at their home, and one of them tried to throw one out the window of a minivan as they drove past two schools. (See item 22)

Information Technology

26. May 2, Computerworld – (National) Forrester: IT must prove need for disaster recovery tools. A Forrester Research Inc. survey of 250 disaster recovery professionals last October found that during the five year period, 27 percent of companies were forced to declare at least one disaster, which the researcher defines as an event that requires activation of a disaster recovery plan. “IT knows their [systems] are vulnerable and it keeps them up at night,” an analyst said. “They want to do something about it but it’s very hard to get funding for disaster recovery because you can’t necessarily use models like return on investment (ROI) and total cost of ownership (TCO).” She suggested that companies consider disaster recovery investment as a rolling upgrade that consistently augments existing infrastructure and application investments rather than a one-time event that can be delayed. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9081979&taxonomyId=17&intsrc=kc_top

27. May 2, Techworld – (National) Botnet attacks military systems. Security researchers at BitDefender have discovered a complex spamming scheme that hijacks users’ PCs in order to attempt to send junk mail via university and military systems. Researchers said the scheme, based on a backdoor called Edunet, was one of the most complicated and mysterious they have come across. The scam starts with junk emails that offer links to videos. When a user clicks on the link he is prompted to download a “media player.” The “media player” download is in fact the Edunet backdoor, which creates a botnet used to attempt to send spam via a list of mail servers, BitDefender said. One of the curiosities of Edunet is that these mail servers are mostly in the .edu and .mil domains. On these servers the botnet looks for open relays - a type of misconfiguration often used by spammers to disguise the real origins of the junk mail. So far, the scheme does not seem to have been very effective, since none of the targeted servers actually host open relays, BitDefender said. Source: http://www.pcworld.com/businesscenter/article/145416/botnet_attacks_military_systems.html

28. May 1, Computerworld – (International) Nigerian gets 18 months for cyberattack on NASA employee. A Nigerian man has been sentenced to 18 months in prison for wooing a NASA employee so he could sneak malware onto her work computer and steal passwords, banking information, and 25,000 screenshots. The man pleaded guilty and was sentenced to 18 months in prison by the Lagos State High Court in Nigeria late last month. He was initially charged with four counts but pleaded guilty to two counts of obtaining goods by false pretenses and forgery. The U.S. attorney for the District of Columbia said the man did not target the woman because she worked for the government. He tried to scam several hundred women and was successful with several. The man, posing as a Texan by using a phony picture and background information, courted the woman for several weeks before he sent an e-mail to her work address with an attachment that contained a phony photo of his phony persona. When she opened the attachment to see the picture, her system was automatically infected with a commercially available piece of spyware. The spyware, which did not spread to other computers on the NASA network, was first downloaded onto her computer on November 21, 2006. It harvested private e-mail, the woman’s passwords, her Social Security number, driver’s license information, and her home address before it was detected on December 7. During those few weeks, it also captured 25,000 screenshots of whatever she had on her screen at the time, according to a U.S. Department of Justice official, who worked on the investigation, but asked not to be identified. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9081838&taxonomyId=17&intsrc=kc_top

29. May 1, MessageLabs – (International) Web-based malware escalates while Storm calms down. Analysis performed by MessageLabs shows that during April, the Storm botnet has dramatically decreased to just five percent of its original size, while web-based malware has increased by 23.3 percent. The introduction of new malicious software removal tools, which are aimed at targeting and removing Storm infections, are deemed responsible for the sudden reduction in Storm-infected machines, now estimated at approximately 100,000 compromised computers. Previously estimated at two million, the decline in Storm’s botnet size is evident by the 57 per cent decrease in malware-laden emails distributed by the Storm botnet during April. At the same time, analysis of web-based malware identified that 36.1 percent of interceptions in April were new, an increase of 23.3 percent since March. MessageLabs also identified an average of 1,214 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 619 per day compared with the previous month. Source: http://www.marketwire.com/mw/release.do?id=850767

30. May 1, Engadget – (National) Researchers design “malicious circuits,” warn of potential risk. A group of researchers from University of Illinois at Urbana-Champaign are now warning that we may see a dramatic increase in hardware-delivered computer viruses. They have apparently managed to develop their own “malicious circuits,” which they say can interfere with a computer at a deeper level than a virus, completely bypassing traditional anti-virus software. To accomplish that slightly unsettling feat, the researchers created a replica of the open source Leon3 processor, and added about 1,000 malicious circuits not present in the original processor. Once they hooked that up to another computer they were apparently not only able to swipe passwords from memory, but install malware that would allow the operating system to be remotely controlled as well. Of course, they admit that sneaking such malicious circuits onto a chip is not easy, given that someone would either need to have access to a chip during its manufacturing process, or have the ability to manufacture their own. Source: http://www.engadget.com/2008/05/01/researchers-design-malicious-circuits-warn-of-potential-risk/

Communications Sector

Nothing to Report