Department of Homeland Security Daily Open Source Infrastructure Report

Monday, December 8, 2008

Complete DHS Daily Report for December 8, 2008

Daily Report


 According to IDG News Service, researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. (See item 6)

See item 7 in the Details below under Banking and Finance Sector

 Reuters reports that Facebook’s 120 million users are being targeted by a virus dubbed “Koobface” that uses the social network’s messaging system to infect PCs. (See item 20)

See item 20 in the Details below under Information Technology.


Banking and Finance Sector

4. December 5, Ecommerce Journal – (National) Beware of PayPal malicious worms. PayPal, an online payment system, has been found sending fake e-mails, looking similar to its log-in page. Security experts state that fake e-mails are hard to recognize unless the recipients, PayPayl’s customers in this case, take a close look at them. The difference that those emails make is that they contain a .ZIP attachment in comparison to usual PayPal e-mail messages that would ask the recipients to go through a link included and enter personal information. The text of the new e-mail informs recipients about some hacking actions having affected their PayPal accounts, and asks them to open the .ZIP file that is “a report, sent in order to provide assistance of the company on the hacking.” Consequently, opening the file the recipient’s system gets attacked by a malicious worm, identified by security firm Trend Micro as It follows routines that resemble the infamous Peer-to-Peer (P2P) file-sharing application called Kazaa. Another threat caused by the company is a link to, which is included in official e-mails sent to its customers for confirming recent payments. The news reported that PayPal has called this link an official address to avail the service. Recipients would have to configure their systems to read the email, as HTML failed to recognize the authenticity of the link. A spokesman for eBay, the parent company of PayPal, wrote in an email that the confusion happened due to an internal error in PayPal that was already corrected on November 18, 2008. Source:

5. December 4, – (National) Programs quietly easing credit crunch. CNN Money reports that two new government programs aimed at easing short-term liquidity concerns for financial institutions have started to take hold. The first, the Federal Reserve’s Commercial Paper Funding Facility, allows companies to sell highly rated 3-month debt to the government in exchange for ultra-low interest rates. A Fed report released Thursday showed that the key market for business lending has expanded for the sixth straight week. That second program, the Temporary Liquidity Guarantee Program, allows the FDIC to guarantee the payment of newly issued unsecured bank debt with greater than a one-month maturity, in exchange for a nominal fee. The FDIC will guarantee a bank’s issuance of debt, usually in the form of corporate bonds, for up to 125 percent of a bank’s total debt outstanding as of September 30 that was scheduled to mature on or before June 30, 2009. In just its second week, the FDIC’s guarantee program has attracted numerous participants, including Citigroup General Electric’s finance division GE Capital, JPMorgan Chase, Wells Fargo, Bank of America, and Goldman Sachs, which only two months ago applied for “bank holding company” status so it could receive government aid for banks. Source: 0414

6. December 4, IDG News Service – (International) Firefox users targeted by rare piece of malware. Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. The malware, which BitDefender dubbed “Trojan.PWS.ChromeInject.A” sits in Firefox’s add-ons folder, said the head of BitDefender’s lab. The malware runs when Firefox is started and uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia. Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, the head of BitDefender’s lab said. Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting a vulnerability in a browser, or by being duped into downloading it. When it runs on a PC, it registers itself in Firefox’s system files as “Greasemonkey,” a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox. Source:

7. December 4, Associated Press – (California) Feds charge Silicon Valley financier with fraud. Federal prosecutors say the former co-owner of the NHL’s Nashville Predators faces a maximum of 25 years in prison if convicted of defrauding investors of more than $100 million. The U.S. Attorney’s office Thursday filed a single criminal charge of fraud against the Silicon Valley venture capitalist. On the same day, the Securities and Exchange Commission filed a lawsuit against him seeking to recoup the investors’ money. Federal authorities say he claimed to have bank accounts showing vast holdings that did not belong to him. He is accused of using those bank statements to secure loans. Source:

Information Technology

20. December 4, Reuters – (International) Destructive Koobface virus turns up on Facebook. Facebook’s 120 million users are being targeted by a virus dubbed “Koobface” that uses the social network’s messaging system to infect PCs, and then tries to gather sensitive information such as credit card numbers. It is the latest attack by hackers increasingly looking to prey on users of social networking sites. Koobface spreads by sending notes to friends of someone whose PC has been infected. The messages, with subject headers like, “You look just awesome in this new movie,” direct recipients to a website where they are asked to download what it claims is an update of Adobe Systems Inc.’s Flash player. If they download the software, users end up with an infected computer, which then takes users to contaminated sites when they try to use search engines from Google, Yahoo, MSN, and, according McAfee. McAfee warned in a blog entry on Wednesday that its researchers had discovered that Koobface was making the rounds on Facebook. Privately held Facebook has told members to delete contaminated e-mails and has posted directions at on how to clean infected computers. Source:

21. December 5, VNUNet – (International) Security attacks reach 2.5 billion per day. In response to a massive rise in Web-based threats, IBM has announced a number of new initiatives which it claims will improve enterprise security. The company said that its Internet Security Systems (ISS) business had sprung into action after its X-Force division identified two “startling” developments: a 30 percent increase in network and Web-based security incidents over the past 120 days; and a 40 percent increase in the number of its clients accessing IBM virtual security operations centers. IBM said that based on data from its 3,700 managed security services customers worldwide, the number of security events had risen from 1.8 billion to 2.5 billion per day over the past four months, and noted that a significant proportion of clients logging in to the security center had not done so in the previous six months. In response to these incidents, IBM’s ISS division plans to introduce new identity and access management services which will help companies govern access to sensitive data and applications. Source:

Communications Sector

22. December 5, IDG News Service – (National) U.S. broadband Internet satellite scheduled for launch in 2011. A California satellite technology provider has signed a deal to put a planned broadband Internet satellite into orbit above the United States in the first half of 2011. The ViaSat-1 satellite will be launched on board an Arianespace rocket from the European space port in Kourou, French Guiana, according to the terms of the deal that was announced on Thursday. The satellite will have an overall throughput of 100G bits per second (bps), which should enable it to support 2M bps service to about 2 million subscribers when operational. It is expected to be the highest capacity satellite in the world at time of launch, and that should mean the price of transmitting each bit of data is about a tenth that of current services. Source: