Tuesday, March 26, 2013   

Complete DHS Daily Report for March 26, 2013

Daily Report

Top Stories

 • Several streets were closed and buildings evacuated in downtown Louisville when an electrical fire caused at least four underground explosions. – Louisville Courier-Journal

12. March 23, Louisville Courier-Journal – (Kentucky) Underground fire causes downtown explosions, leave crater in Seventh Street. Several blocks and streets were evacuated and closed for a number of hours in downtown Louisville when an electrical fire caused at least four underground explosions. The city's police headquarters was also evacuated. Source: http://www.courier-journal.com/article/20130323/NEWS01/303230045/Underground-explosions-close-several-blocks-downtown-Louisville

 • The cause of a diesel fuel spill near Willard Bay State Park remains under investigation after emergency crews removed more than 21,000 gallons of contaminant. – Associated Press

16. March 24, Associated Press – (Utah) Chevron fuel spill in Utah much worse than thought. The cause of a diesel fuel spill near Willard Bay State Park remains under investigation as estimates were revised from 6,000 gallons of spilled fuel to possibly 27,000 gallons. As of March 22, emergency crews have removed more than 21,000 gallons and estimate up to 6,500 gallons may remain. Source: http://www.sfgate.com/news/texas/article/Chevron-fuel-spill-in-Utah-much-worse-than-thought-4380552.php

 • Forty four individuals were indicted in a health care fraud scheme for allegedly helping bribe physicians and medical professionals in exchange for prescriptions for patients. – Softpedia

19. March 25, Softpedia – (National) US authorities indict 44 for role in healthcare fraud scheme. Forty four individuals were indicted in a health care fraud scheme for allegedly helping bribe physicians and medical professionals in exchange for prescriptions for patients with private insurance, Medicaid, and Medicare. Pharmacies along with healthcare agency owners were aiding by facilitating the submissions to fake claims to the insurers. Source: http://news.softpedia.com/news/US-Authorities-Indict-44-People-for-Role-in-Healthcare-Fraud-Scheme-339887.shtml

 • AhnLab stated that the malware that spread through South Korean banking and communications Web sites was distributed via compromised patch management systems. – The Register See item 26 below in the Information Technology Sector

Details

Banking and Finance Sector

5. March 23, Softpedia – (International) Three UK men jailed for stealing millions of euros worth of carbon credits. Authorities in the United Kingdom sentenced three members of a hacking ring that compromised the Web sites of several financial institutions and illegally transferred about $10 million worth of carbon credits. Source: http://news.softpedia.com/news/Three-UK-Men-Jailed-for-Stealing-Millions-of-Euros-Worth-of-Carbon-Credits-339777.shtml

6. March 23, WABC 7 New York City – (New York) 4 arrested in alleged debit card scheme. Four individuals were arrested in New York City for allegedly stealing more than $300,000 using fraudulent debit cards. Source: http://abclocal.go.com/wabc/story?section=news/local/new_york&id=9038333

7. March 23, Jersey Journal – (New Jersey) Former Kearny councilman charged in $13M mortgage fraud scam. The FBI arrested and charged a former Kearney councilman for involvement in an alleged mortgage fraud scheme that used straw buyers to obtain $13 million. Source: http://www.nj.com/jjournal-news/index.ssf/2013/03/former_kearny_councilman_charg.html

8. March 22, SC Magazine – (International) VSkimmer trojan steals card data on point-of-sale systems. A new trojan called VSkimmer is capable of infecting Windows systems and stealing financial information from any point of sale (PoS) devices attached to infected systems. VSkimmer appears to be similar to the Dexter PoS malware and to spread via USB devices. Source: http://www.scmagazine.com/vskimmer-trojan-steals-card-data-on-point-of-sale-systems/article/285725/

9. March 22, WAFF 48 Huntsville – (Alabama; Tennessee) 'Ball Cap Bandit' goes before judge. The suspect known as the "Ball Cap Bandit" was arrested and held on suspicion of involvement in at least eight bank robberies in Tennessee and northern Alabama. Source: http://www.waff.com/story/21768363/ball-cap-bandit-goes-before-judge

Information Technology Sector

26. March 25, The Register – (International) South Korea data-wipe malware spread by patching system. South Korean antivirus firm AhnLab stated that the malware that spread through banking and communications Web sites in that country was distributed via compromised patch management systems and delivered to targets as if it were a legitimate software update. Source: http://www.theregister.co.uk/2013/03/25/sk_data_wiping_malware_latest/

27. March 25, Threatpost – (International) XSS flaw in WordPress plugin allows injection of malicious code. A vulnerability in the WP Banners Lite plugin for WordPress can allow attackers to inject malicious HTML or Javascript on vulnerable Web sites. Source: http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513

28. March 25, Infosecurity – (International) Phishers can disguise links with Javascript. A researcher disclosed a Javascript method that can be used to show a different URL when a user hovers over a link in a phishing email, disguising the malicious link's destination to appear legitimate. Source: http://www.infosecurity-magazine.com/view/31430/phishers-can-disguise-their-links-with-javascript

29. March 22, Threatpost – (International) Command and control used in Sanny APT attacks shut down. Security firm FireEye and South Korean authorities shut down a compromised message board that was hosting a command and control channel for the Sanny malware campaign. Source: http://threatpost.com/en_us/blogs/command-and-control-used-sanny-apt-attacks-shut-down-032213

30. March 22, Threatpost – (International) Apple takes tool offline after new security hole surfaces. Apple took down its iForgot password reset tool after a vulnerability was discovered that could allow unauthorized access to user accounts. Source: http://threatpost.com/en_us/blogs/apple-takes-tool-offline-after-new-security-hole-surfaces-032213

31. March 22, Symantec – (International) New Tidserv variant downloads 50 MB Chromium embedded framework. A new variant of the Tidserv malware was observed to utilize the legitimate Chromium Embedded Framework (CEF), downloading the framework onto infected systems. Source: http://www.symantec.com/connect/blogs/new-tidserv-variant-downloads-50-mb-chromium-embedded-framework

Communications Sector

32. March 23, Allentown Morning Call– (Pennsylvania) Police: Men stole $10,000 worth of Verizon utility line. Two men were charged in Montgomery County with theft, receiving stolen property, and conspiracy for a December 2012 theft of $10,000 worth of copper utility cable after they were spotted by a Verizon utility worker. Source: http://www.mcall.com/news/local/police/mc-m-franconia-cable-theft-20130323,0,3160740.story

33. March 22, TV News Check– (Arizona) KPHO goes dark during March Madness. KPHO Phoenix, a CBS affiliate, suffered a transmitter failure which caused the TV station to be off the air for more than 24 hours. Source: http://www.tvnewscheck.com/article/66359/kpho-goes-dark-during-march-madness



Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.