Wednesday, January 5, 2011

Complete DHS Daily Report for January 5, 2011

Daily Report

Top Stories

• eWeek reports a botnet spamming out malware through a phony holiday message from the White House enabled operators to get hold of 2 gigabytes of data from government agencies, including the National Science Foundation. (See item 37)

37. January 3, eWeek – (International) Malware campaign cyber-espionage or cyber-crime? The crew behind the Kneber botnet that made headlines in 2010 may have surfaced again in a malware campaign targeting employees of various governments. The botnet, which pushes out the Zeus Trojan, was spotted around Christmas time spamming out malware through a phony holiday message from the White House. Those who received the card and either clicked on a link to an e-card or opened a malicious attachment were compromised. The fact Zeus was stealing data will come as no surprise to anyone familiar with the Trojan; but the idea that a piece of malware most commonly associated with swiping banking credentials was after documents raised some eyebrows. According to a security blogger, the botnet operators were able to get their hands on more than 2 gigabytes of PDFs, Microsoft Word, and Excel documents from dozens of victims, including an employee at the U.S. National Science Foundation’s Office of Cyberinfrastructure and an official with the Moroccan government’s Ministry of Industry, Commerce, and New Technologies. Source: http://www.eweek.com/c/a/Security/Malware-Campaign-Cyber-Espionage-or-Cybercrime-626011/

• According to the Rock Hill Herald, sophisticated thieves pilfered $100,000 of emergency response equipment from the South Carolina Forestry Commission’s main maintenance and storage area. (See item 45)

45. January 1, Rock Hill Herald – (South Carolina) Thieves steal S.C. Forestry Commission equipment. Sophisticated thieves pilfered some $100,000 of emergency response equipment from the South Carolina Forestry Commission’s main maintenance and storage area in Columbia sometime during the Christmas break. Missing items include critical equipment the agency needs for emergency response, a commission spokesman said. “Many of the items are things our Incident Management Team must have to respond to large-scale disasters, such as the bigger wildfires and hurricanes,” he said. Among the items taken were 13 Dell laptops, 2 all-terrain vehicles equipped for law enforcement and firefighting duties, various tools, and a Ford F350 diesel flatbed truck adorned with the agency’s logo. Source: http://www.heraldonline.com/2011/01/01/2721918/thieves-steal-sc-forestry-commission.html

Details

Banking and Finance Sector

14. January 4, Cliffview Pilot – (New Jersey) ‘Fedora robber’ in custody, tied to holdups in Hackensack, Fairview, Guttenberg. Union City, New Jersey police tracked a bank robbery suspect after he tried to hold up a TD Bank branch off 43rd Street less than 2 hours after making off with $1,000 from the Guttenberg Savings and Loan off 68th Street on December 14, investigators said. Both branches are on Bergenline Avenue. “Our investigation revealed he was also responsible for” robbing the Valley National Bank in Hackensack on September 9 and the Oritani Bank on Fairview Avenue on December 4, an agent told the Cliffview Pilot. The same weapon — the end of a blowtorch wrapped in a cloth — was used in both holdups, he said. No weapon was reportedly shown in the Hudson County robberies. The suspect served nearly 15 years for robbery after being sentenced in February 1989, records show. Investigators told the Web site he wore a white hat and was carrying the weapon when he took more than $10,000 from the Hackensack bank. Source: http://www.cliffviewpilot.com/hudson/1985-fedora-robber-in-custody-tied-to-holdups-in-hackensack-fairview-guttenberg-

15. January 3, LoanSafe.org – (National) Kansas man pleads guilty to role in embezzlement by bank president. A Jefferson County man has pleaded guilty to helping the former president of a bank in Meriden, Kansas, steal from the bank, a U.S. Attorney said January 3. The man pleaded guilty in U.S. District Court in Kansas City, Kansas, January 3 to one count of aiding and abetting theft by a bank officer. In his plea, the man admitted that in 2001 and 2002 he helped the former Meriden State Bank president embezzle bank funds. During that time, the former bank president convinced the bank’s board to construct a branch on Fairlawn Street in Topeka, Kansas. The two men concealed from the board the fact the former bank president would be serving as the undisclosed general contractor on the project. In order to receive approval for the project, the former bank president falsely represented to the Federal Deposit Insurance Corporation that no insider would be involved or benefit from construction of the branch. The man who assisted the former bank president in the scheme is set for sentencing March 21, 2011. He faces a maximum penalty of 30 years in federal prison, and a fine of up to $1 million. Source: http://www.loansafe.org/kansas-man-pleads-guilty-to-role-in-embezzlement-by-bank-president

16. January 3, Associated Press – (Washington) Minivan is tool, getaway vehicle in WA ATM theft. Vancouver, Washington police said a minivan driver used his vehicle as both a tool and a getaway car in the theft of an automatic teller machine from a bowling alley January 3. The Columbian reports a man drove a minivan drove through the glass doors of Allen’s Crosley Lanes at about 3 a.m. and crashed into the ATM. Surveillance footage of the robbery shows a person then jumping out of the van, grabbing the ATM, hoisting it into the vehicle and driving off. A sergeant said damage to the building was “in the thousands.” There was an unknown amount of cash in the ATM. Source: http://www.seattlepi.com/local/6420ap_wa_atm_robbery.html

17. January 3, SecurityInfoWatch.com – (National) FBI: Organized retail crime costs U.S. $30B a year. According to an article published the week of January 3 by the FBI, organized retail crime, which includes merchandise theft, as well as credit card fraud, gift card fraud, and price tag switching, costs the United States about $30 billion per year. The agency said the stores targeted by perpetrators of organized retail crime range from small specialty shops to major department stores. The groups responsible for these crimes include South American theft groups, Mexican criminal groups, as well as Cuban criminal groups from South Florida, and Asian street gangs from California. A Special Agent of the FBI’s Violent Crimes/Major Offenders Unit in Washington, D.C. called organized retail crime a “gateway crime” often used to fund other criminal endeavors. The FBI said it is working with the retail industry to help address the problem, and noted it recently helped to develop the Law Enforcement Retail Partnership Network (LERPnet), which is a database that can be used by retailers to report and share incidents of retail theft and other retail crimes. Source: http://www.securityinfowatch.com/fbi-organized-retail-crime-costs-us-30b-a-year

Information Technology

46. January 4, IDG News Service – (International) Microsoft blames server problem for Hotmail outage. Microsoft said it has fixed a problem with its Windows Live Hotmail service that temporarily deleted the e-mail of more than 17,000 users. The trouble began December 30 when the e-mail in 17,355 accounts disappeared. A Microsoft executive wrote January 3 the company had identified the technical glitch and restored e-mail to the affected accounts by the night of January 2. “Customers impacted temporarily lost the contents of their mailbox through the course of mailbox load balancing between servers,” a corporate vice president with Windows Live Engineering wrote on a company blog. Source: http://www.computerworld.com/s/article/9203120/Microsoft_blames_server_problem_for_Hotmail_outage

47. January 4, ITProPortal – (International) PlayStation 3 root key made public. A hacker has finally managed to completely crack Sony’s PlayStation 3 console, allowing users to run custom firmware and pirated games without restrictions. The hacker decrypted the “root key” used to authorize software on the platform that prevented users from installing unauthorized software on the PS3, and has posted it for every one to use. Kotaku reported the hack could also be connected to hacking group fail0verflow that develops “homebrew” software for PS3s. With the root key cracked, users and hackers will now also be able to play pirated games, circumventing Sony’s built-in security measures. In using the hack, users risk voiding the device’s warranty. Experts believe Sony will not be able to change the master root key without risking making most legitimate programs on the platform completely inaccessible. Experts also claim the latest PS3 hack is unlikely to be be unaffected by future software updates. Source: http://www.itproportal.com/2011/01/04/playstation-3-root-key-made-public/

48. January 4, Softpedia – (International) Adware and Java trojans dominated the web threat landscape in December. According to statistics from Kaspersky Lab, adware programs and Java-based downloaders were the most common threats encountered on the Web during December 2010. The most frequently encountered one was AdWare.Win32.HotBar.dh, which tried to infect a number of 203,975 distinct users. It includes HotBar, Zango, and ClickPotato and was the most prominent threat overall, including all categories. The other two samples are AdWare.Win32.FunWeb.di and AdWare.Win32.FunWeb.fq. The second most common threat was Trojan-Downloader.Java.OpenConnection.cf, a dropper that uses the OpenConnection method of an URL class to download malware on the computer. The third place was filled by rogue IFrames injected into compromised Web sites. Source: http://news.softpedia.com/news/Adware-and-Java-Trojans-Dominated-the-Web-Threat-Landscape-in-December-176033.shtml

49. January 4, H Security – (International) Unpatched hole in ImgBurn disk burning application. According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user’s system. The security issue in the freeware program is reportedly caused by the application loading libraries (dwmapi.dll) in an “insecure manner,” which can then lead to the execution of arbitrary code. The problem has been confirmed to affect version 2.5.4.0 of ImgBurn, the latest release from December 12; however, previous versions are also likely to be vulnerable. For an attack to be successful, a victim must first open a specially crafted file. As such, users are advised to avoid opening untrusted files. Source: http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html

50. January 3, Softpedia – (International) Recent spam campaign points to new Storm botnet. While analyzing a recent spam campaign, security researchers found what seems to be a new version of the Storm or Waledac botnets. According to the Shadowserver Foundation, a recent junk e-mail campaign distributed links that led to a new Waledac or Storm variant. The e-mails come with a subject announcing a holiday e-card, while their body message direct users to links to view the alleged greeting. These links lead to HTML pages hosted on compromised Web sites, which in turn execute a meta redirect towards one of multiple domain names controlled by the attackers. The domains are using fast flux hosting — they respond to multiple IP addresses and are difficult to shut down. The landing pages on these domains display a message reading “Can’t view the greeting? Download Flash Player!” If the visitor does not click on the link to download the alleged Flash Player installer within 5 seconds they are redirected to a secondary page which serves several exploits for outdated software installed on their computer. If they do click on the link, a file called install_flash_player.exe is downloaded. If executed, this file opens an Internet Explorer connection to the same exploit page. In both scenarios, successful exploitation downloads the new Storm variant. Source: http://news.softpedia.com/news/Recent-Spam-Campaign-Suggest-New-Storm-Botnet-175866.shtml

51. January 3, The H – (International) Hole in VLC Media Player. Virtual Security Research has identified a vulnerability in VLC Media Player. In versions up to and including 1.1.5 of the VLC Media Player, specially crafted files can be used to inject code that will trigger a buffer overflow in the demultiplexer used for Real Media format files. Potential victims need to explicitly open such a specially crafted file. Users have been advised not to open files from unknown sources until the media player has been patched. As an alternative, the Real demuxer plug-in (libreal_plugin.*) can be removed from the VLC plugin directory. VLC Media Player 1.1.6 is said to be immune to the problem, but the Videolan developers have not yet released this version for Windows. Source: http://www.h-online.com/open/news/item/Hole-in-VLC-Media-Player-1162498.html

Communications Sector

52. January 3, Aviation Week – (International) Intelsat mulls options in wake of zombie sat. An Intelsat spacecraft that wreaked havoc around the world since it went out of control last spring has been shut down, removing an interference hazard that had threatened communications satellite operators worldwide. Intelsat said the spacecraft, Galaxy 15, temporarily lost Earth lock December 17, causing it to lose enough power to shut down its primary C- and L-band payload. On December 23, the battery completely drained and the baseband equipment command unit reset automatically, as it was designed to do. The spacecraft then began accepting commands and sending telemetry again, allowing engineers to place it in safe mode. The satellite — which industry has dubbed Zombie Sat — is now Sun-pointed and thermally balanced with batteries fully recharged and no longer poses a threat to neighboring satellites or customer services, the operator said. Over the coming weeks, engineers will run diagnostic tests, upload new command software patches that have been pre-tested on other orbital satellites, and attempt to immobilize the satellite, which has been drifting eastward since it went out of control April 5. They will then seek to move the satellite to one of Intelsat’s orbital locations so it can be thoroughly tested to determine the viability of the payload and the functionalities of the spacecraft. Source: http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=space&id=news/awx/2010/12/27/awx_12_27_2010_p0-279254.xml&headline=Intelsat Mulls Options In Wake Of Zombie Sat

53. January 3, Los Angeles Times – (National) Jam prisoners’ cellphone calls? New federal report explores possibilities. The Presidential Administration does not want dangerous prison inmates to make calls or send text messages from contraband cellphones because of the possibility they could direct new crimes. But federal officials also do not want to go so far in trying to jam those communications that they create problems for nearby public safety workers or average citizens, according to a new government report. A possible solution: more limited technologies that would let prison officials block calls only from unapproved devices, the report said. In late 2009, Congress directed government officials — including the Federal Communications Commission, the Federal Bureau of Prisons, and the National Telecommunications and Information Administration — to look into technologies that could prevent the use of cellphones by inmates. A law enacted in August bans cellphones from federal prisons, but it does not apply to state facilities. In California state prisons, for example, inmates are not supposed to have cellphones, but there is no law that makes possessing one a crime, or that imposes penalties on visitors who smuggle them in. This year, California will test one technology, called managed access, with which officials can block calls that do not come from a list of phones approved to transmit through nearby towers. The system enabled Mississippi state officials to block more than 216,000 unauthorized calls and text messages in its first month in operation last summer. Source: http://latimesblogs.latimes.com/technology/2011/01/prison-cellphone-charles-manson-jam-government-fcc-report.html

Tuesday, January 4, 2011

Complete DHS Daily Report for January 4, 2011

Daily Report

Top Stories

• The New York Daily News reports more than 900 Long Island, New York homes were evacuated, and major highways were shut for hours, January 1, after a propane deliveryman found a leaky valve in a 30,000-gallon tank he was filling. (See item 1)

1. January 2, New York Daily News – (New York) 900 people flee area as propane fumes from leaky tank spark evacuations on Long Island. More than 900 Long Island, New York homes were evacuated January 1 after a propane deliveryman found a leaky valve in a 30,000-gallon tank he was filling, officials said. The gas leak posed a serious enough threat to send 200 Shirley residents to an emergency shelter at William Floyd High School in Mastic. Families rushed from their homes around 2 a.m. Mastic firefighters were first to arrive on the scene near a Kohl’s department store in Shirley. They estimated 7,000 to 9,000 gallons of gas had escaped from the tank, filling the area with an ominous fog. No injuries were reported as a result of the leak, officials said. The broken valve connected to the underground tank was frozen and sealed around 3 p.m., officials said. Police shut down sections of the Sunrise Highway, Montauk Highway and other busy thoroughfares in the area, clogging holiday traffic for miles. Long Island Rail Road service was suspended between Speonk and Patchogue for hours. Fearing a spark would set off an explosion, Suffolk police and fire officials banned cars in the area, and themselves rode bicycles during the emergency effort. It was not immediately clear who owned the tank, a spokesman said. Source: http://www.nydailynews.com/ny_local/2011/01/02/2011-01-02_hundreds_flee_propane_fog_900_evacuate_as_fumes_spew_from_li_tank.html?r=news

• According to WCAU 10 Philadelphia, unidentified fumes at St. Cyril’s Church of Jerusalem in Warwick, Pennsylvania sent 16 parishioners and emergency responders to hospitals January 2. (See item 65)

65. January 2, WCAU 10 Philadelphia – (Pennsylvania) Bucks County church evacuated due to fumes. Unidentified fumes at St. Cyril’s Church of Jerusalem in Warwick, Pennsylvania, sickened 16 parishioners and emergency responders January 2. Bucks County officials are calling this a “mass casualty” incident. A call was placed to emergency services around 9:40 a.m. reporting people fainting at the church on Almshouse Road. Police, fire officials, and haz-mat teams quickly responded to the scene. Members of the first response crew that entered the church were also sickened by the fumes. The county labeled the event “code yellow,” requiring additional emergency workers. The church had been filling up with people who had come for the 10 a.m. service. There were about 300 people inside the church at the time of the incident. While emergency responders went to work, churchgoers held mass outside on the church parking lot. The cause of the illness has not yet been determined. Those who fell ill underwent blood test, and were taken to Doylestown and Abington hospitals. There were no fatalities. Source: http://www.nbcphiladelphia.com/news/local-beat/PHI-Hazmat-Called-to-Church-112771744.html

Details

Banking and Finance Sector

16. January 3, BankInfoSecurity.com – (National) Top 9 security threats of 2011. Mobile banking and social networks are expected to pose new security threats in the payments space in 2011. But security experts said those threats would not displace the Zeus botnet, malware attacks, and phishing threats, which for years have plagued banking institutions. Fraud attempts will escalate, not diminish, as new threats and channels blossom in 2011. As 2010 came to a close, Information Security Media Group caught up with a handful of leading industry experts to get their takes on the top security threats of 2011. The top 9 threats of 2011 include:(1) Mobile Banking Risks, (2) Social Networking Risks, (3) Malware, Botnets, and DDoS attacks, (4) Phising, (5) ACH Fraud that leads to Corporate Account takeovers, (6) Cloud Computing Risks, (7) Insider Threats, (8) First Party Fraud, and (9) Skimming Attacks. Source: http://www.bankinfosecurity.com/articles.php?art_id=3228

17. January 1, Minnneapolis Star Tribune – (Minnesota) Cyber crime trail leads to Winona State students. A U.S. Department of Homeland Security investigation dubbed “Operation eMule” has led federal agents to a pair of 22-year-old foreign-exchange students in Winona, Minnesota, who are suspected to be part of a sophisticated cyber crime ring based in Vietnam that has been misusing the identities of countless Americans to bilk online retailers out of millions of dollars. Numerous major companies have been stung in the scam, including eBay, PayPal, Amazon, Apple, Dell, and Verizon Wireless, according to federal court documents. Authorities said the operation is built around stolen identities used to open accounts with eBay, PayPal, and U.S. banks. Through those accounts, the fraudsters sell popular, expensive merchandise at discounted prices. The sellers fill the orders by purchasing the goods from other vendors using stolen financial accounts. When the identity-theft victims protest the charges, the merchants end up holding the bag. The two Winona State University students controlled more than 180 eBay accounts and more than 360 PayPal accounts opened using stolen identities, according to documents unsealed December 29 by a federal magistrate judge in St. Paul. Source: http://www.startribune.com/local/112754219.html?elr=KArks7PYDiaK7DU2EkP7K_V_GD7EaPc:iLP8iUiD3aPc:_Yyc:aU7DYaGEP7vDEh7P:DiUs

18. January 1, Los Angeles Times and KTLA 5 San Diego – (California) Suspect in six robberies is arrested at San Ysidro border crossing. A 41-year-old man from Fresno, California suspected of committing half a dozen robberies throughout California was arrested on New Year’s Eve trying to enter the United States at the San Ysidro border crossing, the FBI announced January 1. The suspect, a U.S. citizen, was booked into jail in downtown San Diego. He is charged with the robbery of a payday loan business in San Diego December 20, and a bank in San Diego. He is also suspected of robbing banks in Fresno, Tulare, and Thousand Oaks, and robbing a pedestrian outside a hotel/casino in Lemoore, about 30 miles south of Fresno, the FBI said. The name “Dapper Bandit,” bestowed by the FBI, comes from the appearance of the robber during the bank jobs: black golf hat, gray or black sports jacket, and black high-collared shirt. He is accused of threatening tellers with a black semi-automatic pistol. Source: http://latimesblogs.latimes.com/lanow/2011/01/dapper-bandit-suspect-arrested-san-ysidro.html

19. January 1, Raleigh News & Observer – (North Carolina) Female Raleigh bank theft suspect might be serial robber. A woman who robbed a Wachovia bank in West Raleigh, North Carolina, December 30 may be a serial robber who has hit other banks along the East Coast, authorities reported. Police are still searching for the heavy-set woman who passed a note to a bank teller at a Wachovia branch at 4530 Western Blvd. just before 11:30 a.m. and made off with an undisclosed amount of cash. According to the Web site ncbankrobbers.com, federal authorities in North Carolina and South Carolina think the woman is responsible for robberies that occurred in Wilmington and Myrtle Beach, South Carolina, in October. FBI agents in North Carolina reported a woman, wearing a long dark wig and carrying an oversize purse, robbed New Bridge bank in Wilmington October 12. FBI agents in South Carolina think the same woman robbed Conway National Bank in Myrtle Beach October 11. Police have described her as a heavy-set woman in her mid- to late 20s. She was last seen in Raleigh wearing a green hooded sweatshirt, black skullcap, light-colored pants, and dark sunglasses with gold trim. Source: http://www.newsobserver.com/2011/01/01/892752/police-suspect-woman-in-series.html

20. December 31, NBC San Diego – (California) FBI ID’s suspect in 4 bank robberies. A bank robbery suspect, 42, was charged the week of December 27 with two counts of bank robbery in a federal complaint, authorities said in a news release issued December 31. Those incidents took place April 20 at the Chase Bank in the 5800 block of Balboa Avenue in San Diego, California and April 26 at the same bank. The FBI said December 31 “the same unknown male bank robber allegedly” robbed the US Bank at 6325 Adobe Road, in Twentynine Palms, California May 24, and the Bank of America in the 57150 block of Twentynine Palms Highway in Yucca Valley July 22. Investigators said the San Bernardino County Sheriff’s Department received information in June identifying the man in connection to the U.S. Bank robbery in Twentynine Palms. A warrant was issued, and, the week of December 27, San Diego police and the FBI said they connected the suspect to the robberies in San Diego in April. The suspect is 5 feet 9 inches tall and weighs 240 pounds. The FBI is offering a reward of up to $1,000 for information leading to the suspect’s arrest and conviction. Source: http://www.nbcsandiego.com/news/local-beat/FBI-IDs-Man-Connected-to-4-Bank-Robberies-112721379.html

21. January 1, United Press International – (Texas) Bail set for Texas bank holdup suspects. Bail was set at $13 million each January 1 for two men accused in a failed holdup of a Houston, Texas-area bank, while additional suspects were sought, police said. A spokesman with the Pearland Police Department said the two suspects were each charged with 13 counts of aggravated robbery, the Houston Chronicle reported. The number of counts corresponded to the number of people they are accused of having taken hostage December 31 at a Chase Bank branch, the newspaper said. The botched robbery turned into a nearly 5-hour hostage situation before the two suspects were taken into custody. Authorities were looking for at least two additional suspects seen fleeing the scene but were not certain exactly how many people were involved in the holdup, ABC News reported. “We are working with the FBI and a task force in order to apprehend the suspects,” the spokesman told ABCNews.com. A bank employee was assaulted and shots were fired during the episode, but no one was seriously injured and no money was taken from the bank branch, the Chronicle said. Source: http://www.upi.com/Top_News/US/2011/01/01/Bail-set-for-Texas-bank-holdup-suspects/UPI-11471293931021/

Information Technology

55. January 3, Computerworld – (International) Chinese hackers dig into new IE bug, says Google researcher. An accidental leak may have confirmed Chinese hackers’ suspicions that Internet Explorer has a critical unpatched vulnerability, a security researcher said January 1. The bug was one of about 100 found by a noted browser vulnerability researcher and Google security engineer using a new “fuzzing” tool. The vulnerabilities were in IE, Firefox, Chrome, Safari, and Opera. According to the researcher’s account, a developer working on WebKit — the open-source browser engine that powers Apple’s Safari and Google’s Chrome — “accidentally leaked” the location of the then-unreleased fuzzing tool. Google’s search engine then added that location to its index. “On December 30, I received ... search queries from an IP address in China, which matched keywords mentioned in one of the indexed cross_fuzz files,” the researcher said. Those searches were looking for information on a pair of functions in “Mshtml.dll,” IE’s browser engine, that he said were unique to the vulnerability, and that had “absolutely no other mentions on the Internet at that time.” The person or persons searching for the functions then downloaded all the available cross_fuzz files. Source: http://www.computerworld.com/s/article/9202959/Chinese_hackers_dig_into_new_IE_bug_says_Google_researcher

56. December 31, H Security – (International) 27C3: danger lurks in PDF documents. At the 27th Chaos Communication Congress (27C3) in Berlin, Germany a security researcher from the U.S. company FireEye noted security problems in connection with Adobe’s PDF standard. A PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. Also, it is reportedly possible to write PDFs that display different content in different operating systems, browsers, or PDF readers – or even depending on a computer’s language settings. The researcher said other risks are generated through the support of inherently insecure script languages such as JavaScript, formats such as XML, RFID tags and digital rights management (DRM) technologies. Source: http://www.h-online.com/security/news/item/27C3-danger-lurks-in-PDF-documents-1162166.html

57. December 30, Softpedia – (International) Windows phone marketplace hack demoed. A whitehat hacker has cracked the digital rights management system enforced by Microsoft on Windows Phone 7 and demonstrated a simple method that allows users to install any application from the Windows Phone Marketplace for free. The Windows Phone Marketplace is Microsoft’s online store for Windows Phone 7 applications and allows users to browse, try and install free or commercial apps. During the week of December 26, a user posted on the XDA forums a guide covering is needed to crack the protection of the Windows Phone Marketplace. Most of the steps in that guide were already doable to some extent except one — removing the XAP (app installer format) signature. WPCentral reports a developer created a simple application, which allow people to download and crack any XAP file from the official marketplace. The tool was demoed in a video, but has not been publicly released. Source: http://news.softpedia.com/news/Windows-Phone-Marketplace-Hack-Demoed-175566.shtml

58. December 30, Computerworld – (International) Microsoft warns of Word attacks. Hackers are exploiting a vulnerability in Microsoft Word to plant malware on Windows PCs, Microsoft said December 28. The bug in Microsoft Word 2002, 2003, 2007, and 2010 was patched November 9 as part of Microsoft’s monthly security update. Word 2008 and 2011 for the Mac have also been patched, but Microsoft has not yet issued a fix for the same flaw in the older Word 2004. The circulating attacks affect only Windows versions of the suite, however. According to the Microsoft Malware Protection Center (MMPC), the group that investigates attack code and issues signature updates for the company’s antivirus software, the first in-the-wild exploits were detected the week of December 19. When Microsoft shipped the Word patch in November, it rated the bug as “1” on its exploitability index, meaning it believed a working attack would pop up within 30 days. The attack uses a malicious RTF (Rich Text Format) file to generate a stack overflow in Word on Windows, said an MMPC researcher. Following a successful exploit, the attack code downloads and runs a Trojan horse on the compromised computer. Source: http://www.computerworld.com/s/article/9202819/Microsoft_warns_of_Word_attacks

59. December 30, Help Net Security – (International) The significant decline of spam. In October 2010, Commtouch reported an 18 percent drop in global spam levels (comparing September and October). This was largely attributed to the closure of Spamit around the end of September. Spamit is the organization allegedly behind a fair percentage of the worlds pharmacy spam. Analysis of the spam trends to date reveals a further drop in the amounts of spam sent during Q4 2010. December’s daily average was around 30 percent less than September’s. The average spam level for the quarter was 83 percent down from 88 percent in Q3 2010. The beginning of December saw a low of nearly 74 percent. The nature of the spam attacks has also clearly changed. The pre-October graph shows large fluctuations in the amounts of spam sent. In Q4 2010 there were generally lower fluctuations — aside from two large outbreaks in mid-October and mid-December. The large amounts of pre-Christmas spam are something of a tradition, but the outbreak was smaller than most of the large outbreaks in 2010. In the past, spam levels have decreased only to return to even higher levels within short periods. Source: http://www.net-security.org/secworld.php?id=10381

Communications Sector

60. January 3, BBC News – (International) New year mobile bug strikes French texters. Hundreds of French mobile phone users said a bug prompted them to send dozens of unintended new year messages. French mobile operators have already revealed that 930 million texts were sent on New Year’s Eve (December 31) and New Year’s Day (January 1). Now it has emerged that individual Orange customers unwittingly sent as many as 130 text or picture messages — potentially at a high extra cost. Orange has blamed a “network operator failure” for the bug, saying it affected only a few hundred people. Dozens of customers complained the problem led to them being charged hundreds of euros extra. Multimedia (MMS) messages tend to be charged at a higher rate than text only (SMS) messages. One user wrote on an Orange user forum that he had been billed for 300 picture messages. Another complained his family and friends had received the same MMS text 15 times. Orange, which is owned by France Telecom, pledged that no-one would be overcharged. A spokesman for the company said that one “of the network operators had had technical problems during the night” and refused to name the operator in question. However, other operators insisted they had not encountered any difficulties. Source: http://www.bbc.co.uk/news/world-europe-12107920

61. January 2, eWeek – (International) Google Android Trojan, FBI raid linked to Operation Payback lead security news. During the final week of 2010, researchers at Lookout Mobile Security uncovered a sophisticated Trojan in the wild dubbed “Geinimi” going after Android devices in China. According to Lookout, the Trojan displays “botnet-like capabilities” and is being grafted onto repackaged versions of legitimate applications distributed in third-party Chinese Android app stores. The firm advised Android users to only download apps from trusted sources, and to always check the permissions an application requests. Source: http://www.eweek.com/c/a/Security/Google-Android-Trojan-FBI-Raid-Linked-to-Operation-Payback-Lead-News-406931/

62. December 31, Telemanagement – (International) Hackers breach Motorola phones. Researchers at the Chaos Computer Club Congress (CCC) in Berlin, Germany demonstrated a relatively easy hack of a Motorola mobile device by acquiring its ID and grabbing text and voice messages as they pass between a handset and a base station. The researchers’ work builds on earlier research that found holes in many parts of GSM technology, the most widely used in the world today. The pair spent a year putting together the various parts of their simple system. Much of the capabilities are not new, but the clincher was the ability to record data off the air, as well as the fact that the inexpensive Motorola phones can have their onboard software swapped for an open source alternative. This was made possible when a description of the firmware leaked to the Internet. Source: http://www.tele-management.ca/content/23539-hackers_breach_motorola_phones

For another story, see item 57 above in the Information Technology Sector