Tuesday, September 14, 2010

Complete DHS Daily Report for September 14, 2010

Daily Report

Top Stories

• According to WTAE 4 Pittsburgh, the Pennsylvania governor’s press secretary confirmed September 9 that there have been five acts of vandalism over the last two weeks at Marcellus Shale drilling sites. Two of those incidents involved firearms. (See item 5)

5. September 9, WTAE 4 Pittsburgh – (Pennsylvania) Pa. Homeland Security document talks of possible ‘environmental extremists’. An intelligence bulletin from the Pennsylvania Office of Homeland Security is circulating on the Internet, and it quotes the FBI as saying that “environmental extremists” are likely to become an increasing threat to energy companies. The governor’s press secretary confirmed to Channel 4 Action News on September 9 that the document is real. “Five acts of vandalism over the last two weeks,” he said. “Two of those involved firearms — firing of shotguns that put holes in equipment at Marcellus Shale drilling sites” in Venango County. The director of the Marcellus Shale Coalition released the following statement on September 9: “...as the issue of responsible Marcellus development has evolved from a technical consideration to a political one, we’ve started to see an uptick in the volume and intensity of activism — some of which appears to be directed at preventing our industry from safely delivering these resources to Pennsylvanians. From our point of view, as long as those activities remain generally civil and within the confines of a spirited public debate, there’s absolutely no reason for concern. But to the extent they go in the other direction, and potentially devolve in a manner that undermines our ability to keep our folks safe, then we will have a problem.” Source: http://www.thepittsburghchannel.com/r/24945359/detail.html

• Reuters reports that Denmark has raised its terror attack preparedness after a man set off a small explosion in a Copenhagen hotel September 10. (See item 55)

55. September 11, Reuters – (International) Denmark raises terror preparedness after hotel blast. Denmark raised its terror attack preparedness September 11 after a man set off a small explosion in a Copenhagen hotel September 10. After the explosion, police surrounded the suspect in Orsted Park and security personnel removed a bag wrapped around his waist with remote controlled cutting pliers. The man has injuries to his face and arm from the blast, police said. No one else was hurt. A police spokesman said Friday the bag probably did not contain explosives as it had not exploded when shot at. The suspect, who remains in hospital, was not cooperating with police. He said the suspect appeared to be European or North African and around 40 years old and spoke excellent English. Police found a gun at the Hotel Jorgensen in central Copenhagen where the blast occurred in a toilet. Daily newspaper Ekstrabladet, citing police sources, said police had found a map with the address of daily Jyllands-Posten’s headquarters in the city of Arhus circled among the man’s belongings. Jyllands-Posten’s publication in 2005 of cartoons of the Prophet Mohammad provoked protests in the Middle East, Africa and Asia in which at least 50 people died. A Copenhagen court ruled Saturday the man would be detained in custody until October 4 on suspicion of aiming to put others’ lives at risk, a police spokesman said. Source: http://www.reuters.com/article/idUSTRE68A1AE20100911


Banking and Finance Sector

18. September 11, BankInfoSecurity.com – (Florida) Fla. bank closed. Regulators closed one Florida bank on September 10, raising the number of failed institutions to 134 so far in 2010. Horizon Bank in Bradenton, Florida was closed by the Florida Office of Financial Regulation, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. Bank of the Ozarks in Little Rock, Arkansas will assume the deposits of the failed bank. The failed bank had $187.8 million in deposits, and its four branches will reopen as branches of Bank of the Ozarks. The FDIC estimates that the cost to the Deposit Insurance Fund will be $58.9 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2909

19. September 10, DarkReading – (International) A cybercriminal’s shopping list. According to cybercrime market data scheduled to be published by EMC’s RSA Security unit on September 13, the cost of behaving badly online is becoming more affordable than ever. For example, fraudsters can obtain credit card (CVV2) data for around $1.50 to $3. Social Security numbers and dates of birth can be obtained for about the same price. “Full” data sets — including the consumer’s online banking credentials (e.g., username and password), mailing address, card number, CVV2 code, card’s expiration date, data of birth, and SSN — go for $5 to $20. Online banking accounts can be purchased for $50 to $1,000 per account, depending on the account type and balance. A distributed denial of service (DDoS) attack service costs about $50 for each 24 hours when launched at a single target. “Bulletproof” hosting services — the hosting of malicious content on law enforcement-resistant platforms — can be leased for as little as $87 to $179 a month. A Zeus Trojan kit goes for $3,000 to $4,000. “Various fraud products and services are sold in the underground for not more than $50, but can be associated with the loss of thousands of dollars in the end,” RSA says in its report. Source: http://www.darkreading.com/authentication/security/privacy/showArticle.jhtml?articleID=227400186&subSection=Privacy

20. September 10, WBTV 3 Charlotte – (North Carolina) ATM “skimmers” scam ring hitting Charlotte area hard. Authorities say a sophisticated ring of scam artists based in Florida is targeting the Charlotte, North Carolina area, stealing local victims’ ATM numbers along with thousands of dollars from their accounts. WBTV first informed viewers about a man and woman going around using “skimmers” at local ATMs several weeks ago. Now the U.S. Secret service says another couple has targeted the area as well. A Secret Service agent, who is based in Charlotte, says both couples may be part of the Florida-based ring, which has targeted cities up and down the East Coast. Over the past month Charlotte area has been hit repeatedly; the second couple stole customers’ numbers at two Charlotte banks over the weekend. The scammers place a skimmer on an ATM machine, and also appear to be using a small camera to record customers as they enter their pin numbers on the ATM. Source: http://www.wbtv.com/Global/story.asp?S=13129965

Information Technology

47. September 13, The Register – (International) Windows malware dwarfs other viral threats. The vast majority of malware targets Windows PCs, according to a new survey by German anti-virus firm G-Data. G-Data reckons 99.4 percent of all new malware of the first half of 2010 targeted Microsoft’s operating system. Just 0.6 percent of the 1,017,208 new malware programs discovered in 1H2010 targeted other systems, such as Apple Mac boxes and servers running Unix. G-Data reckons the rate of virus production in 1H10 is 50 percent up from the same period last year. It predicts 2010 as a whole will witness two million malware samples. Social networks and their members have become a major target for Windows-based malware attacks. As in previous years, Trojan horses dominate the top five malware categories, with a share of 42.6 percent of malware samples. Source: http://www.theregister.co.uk/2010/09/13/malware_threat_lanscape/

48. September 13, Computerworld – (International) Microsoft helps Adobe block PDF zero-day exploit. Microsoft has urged Windows users to block ongoing attacks against Adobe’s popular PDF viewer by deploying one of Microsoft’s enterprise tools. Adobe echoed Microsoft’s advice, saying the Enhanced Migration Experience Toolkit (EMET) would stymie attacks targeting Reader and Acrobat. The newest PDF exploit defeated Windows’ data execution prevention (DEP) by leveraging a dynamic link library (DLL), used by Adobe in both programs. Usually, ASLR prevents DEP bypassing, but according to researchers and Microsoft, the “icucnv36.dll” library does not have ASLR enabled. That gave attackers a way to sidestep both defenses. Two engineers with with the Microsoft Security Response Center showed how to use EMET to switch on ASLR for Reader and Acrobat in Windows Vista, Windows 7, Server 2008, and Server 2008 R2, blocking the current exploit. A different tactic is needed to protect Windows XP and Server 2003 systems, which do not support what Microsoft called “mandatory ASLR.” Both Microsoft and Adobe admitted that they had had little time to test the impact of the EMET-based workaround. Source: http://www.computerworld.com/s/article/9184878/Microsoft_helps_Adobe_block_PDF_zero_day_exploit

49. September 13, SC Magazine UK – (International) Google’s Instant search facility leads to malicious results being offered. Last week saw the release of the latest technology from Google to allow for faster searches .Google called Instant “a new search enhancement that shows results as you type.” Effectively it removes the search button with results displayed alongside the text box. The technical director of Panda Security said that there was security concerns when it comes to cyber criminals using Google results as a way to spread malware following the top search terms that people are using in Google searches in order to create fake Web sites. “As users type searches into the real-time engine the opportunity for cyber criminals to infect users through black hat search engine optimisation (SEO) campaigns is increased and Google are potentially putting millions of users at risk. Users should exercise caution when clicking on unknown links and URLs.” A detection by Websense found that there were malicious search suggestions appearing as soon as the technology was announced. It said that a search for “anti-virus” produced an “Instant” result for Antivir Solution Pro, a well-known rogueware infection that was amongst the suggested search terms. Source: http://www.scmagazineuk.com/googles-instant-search-facility-leads-to-malicious-results-being-offered/article/178771/

50. September 12, IDG News Service – (International) Anti-US hacker takes credit for ‘Here you have’ worm. A hacker who claims he was behind a fast-spreading e-mail worm that crippled corporate networks last week said that the worm was designed, in part, as a propaganda tool. The hacker, known as Iraq Resistance, responded to inquiries sent to an e-mail address associated with the “Here you have” worm, which during a brief period early September 9 accounted for about 10 percent of the spam on the Internet. He (or she) revealed no details about his identity, but said, “The creation of this is just a tool to reach my voice to people maybe... or maybe other things.” Security experts agree that the worm could have caused more damage. However, it did include some very malicious components, such as password logging software and a backdoor program that could have been used to allow its creator to control infected machines. But because the software was not terribly sophisticated, it was quickly shut down as Web servers that it used to infect machines and issue new commands were taken offline last week. Source: http://www.networkworld.com/news/2010/091310-anti-us-hacker-takes-credit-for.html?page=1

51. September 10, PC World – (International) ‘Here you have’ virus deletes security software on Windows. On September 9, a new worm hit the Internet, and it has been spreading by emailing the address books of infected users, according to McAfee Labs. By masquerading as a benign PDF, the worm looks something like this when it shows up in the user’s inbox: Subject: Here you have (or “Just for you”) Body: This is The Document I told you about, you can find it Here. [link]. The URL does not actually take the user to a PDF, but instead to an executable with the extension .scr. While the domain linked to in these infected e-mails is no longer live, infected computers can still be spreading virus messages. When the virus is run, it installs itself as CSRSS.EXE in the Windows directory, then e-mails the contents of the user’s address book. It also spreads through mapped drives, remote machines, and removable media. The virus then attempts to download files and delete security software, including virus protection. Source: http://www.networkworld.com/news/2010/091010-here-you-have-virus-deletes.html?hpg1=bn

Communications Sector

52. September 10, WHNS 21 Greenville – (North Carolina) Phone lines restored in Weaverville. Frontier Communications said they repaired a fiber line that provides phone service to homes in part of Weaverville, North Carolina. A spokesman for Frontier said crews working to install a water line accidentally crushed their fiber line September 10. The communications company said customers might experience one more interruption in service that evening, but it should only last for thirty minutes. Source: http://www.foxcarolina.com/news/24957174/detail.html

53. September 10, Tampa Tribune – (National) Tampa reports fewest wireless problems among cities studied. Wireless customers in the Tampa, Florida, area report fewer problems than any of 27 U.S. markets studied, according to a J.D. Power and Associates study released September 9. The number of problems per 100 calls was five in Tampa, compared with 19 for the area with the most problems, Charlotte, North Carolina. The 2010 Wireless Call Quality Performance Study is based on responses from 26,595 wireless customers nationwide, according to a written announcement. The survey was done January to June. J.D. Power said three companies tied for best service in the Southeast: Verizon Wireless, Sprint Nextel and T-Mobile. The report focused on wireless customers most likely to switch providers. It found that the rates of problems increased compared with the previous six months and were worse among smart phone users than for traditional mobile handsets. Those who said they definitely would switch providers in the next six months reported four times more problems than those who said they definitely would not switch providers. Call quality was measured on seven factors. One factor, dropped calls, was driving the switching rate more than any other, the report states. The study also found that fewer calls were made or received via wireless because customers used their devices more often for text messaging, which increasingly is the preferred method for communication. Source: http://www2.tbo.com/content/2010/sep/10/sp-tampa-reports-fewest-wireless-problems-among-ci/