Daily Report Thursday, November 30, 2006

Daily Highlights


Kaiser Permanente Colorado began notifying approximately 38,000 members Tuesday, November 28, of a possible breach of their private health information including names, member ID numbers, date of birth, age, gender, and provider/physician information. (See item 6)
·
A study released Wednesday, November 29, concludes that billions of liters of untreated urban sewage and toxic effluents that flow into the Great Lakes each year are threatening a critical ecosystem that supplies drinking water to millions of people. (See item 21)
·
The Bureau of Alcohol, Tobacco, Firearms and Explosives is investigating the theft of two packages containing 110 pounds of explosives, stolen over the weekend from a construction site in Menifee, California. (See item 38)

Information Technology and Telecommunications Sector

33. November 29, New Zealand Herald — New Zealand broadband users face 100 attacks a day. New Zealand broadband computer users are being attacked by would−be intruders more than a hundred times a day, a study released Wednesday, November 29, says. The study by NetSafe and IBM New Zealand shows computers in New Zealand, connected to the Internet, were targeted more than a hundred times a day by a variety of worms, viruses, Trojans and hackers. The threats were monitored by intrusion detection software running on a computer equipped with an updated firewall and operating system that automatically downloads system updates and security patches. The first suspicious activity was detected within 20 seconds of being connected to the Internet. More than 4500 suspicious or malicious events were recorded when the computer was protected with an updated firewall for the first 27 days of the study. The number of attacks per day soared dramatically when the firewall was disabled for three 12 days at the end of the experiment, to approximately 538 per day.
Source: http://www.nzherald.co.nz/section/story.cfm?c_id=1&ObjectID= 10413035

34. November 28, eWeek — Apple mega−patch fixes 22 flaws. Apple Computer has shipped a monster security update to correct a total of 22 vulnerabilities in its Mac OS X operating system. The Cupertino, CA, company's patch batch includes a fix for a critical Wi−Fi flaw affecting eMac, iBook, iMac, PowerBook G3, PowerBook G4 and Power Mac G4 systems. The Wi−Fi flaw, first exposed at the beginning of the Month of Kernel Bugs project, was discovered and reported by Metasploit's HD Moore. Apple confirmed that the issue is a heap buffer overflow that exists in the AirPort wireless driver's handling of probe response frames.
Security Update: http://docs.info.apple.com/article.html?artnum=304829
Source: http://www.eweek.com/article2/0,1895,2064969,00.asp

35. November 28, Information Week — New bot exploits months−old Symantec bug. Symantec on Tuesday, November 28, warned of a new bot exploiting multiple months−old bugs, including one in its own anti−virus scanning engine, and said that it's collected evidence of an attack in progress. The bot, dubbed Spybot.acyr, includes exploits for seven different vulnerabilities, including five already patched flaws in Microsoft Windows and one within Symantec's enterprise anti−virus products. The Symantec bug was reported and patched in May. Of the five Microsoft vulnerabilities leveraged by Spybot.acyr, the oldest harks to 2003, while the most recent was disclosed in August 2006. All have been patched.
Source: http://www.informationweek.com/news/showArticle.jhtml?articleID=196513728&subSection=All+Stories

Daily Report Wednesday, November 29, 2006

Daily Highlights


KMBC−TV reports Community America Credit Union confirmed that on Friday, November 24, a hacker managed to redirect people from the company's Website to a phony site and that 180 accounts were accessed within minutes. (See item 7)
·
The Associated Press reports the Modesto, California, City−County Airport was evacuated Tuesday, November 28, and flights were canceled after the city received nine bomb threats by e−mail. (See item 11)

Information Technology and Telecommunications Sector

29. November 27, Reuters — E−mail gangs bombard Britain with spam. Criminal gangs using hijacked computers are behind a surge in unwanted e−mails peddling sex, drugs and stock tips in Britain. The number of "spam" messages has tripled since June and now accounts for as many as nine out of 10 e−mails sent worldwide, according to U.S. e−mail security company Postini. Postini has detected 7 billion spam e−mails worldwide in November compared to 2.5 billion in June. Spam in Britain has risen by 50 percent in the last two months alone, according to Internet security company SurfControl. The United States, China and Poland are the top sources of spam, data from security firm Marshal suggests. About 200 illegal gangs are behind 80 percent of unwanted e−mails, according to Spamhaus, a body that tracks the problem. Experts blame the rise in spam on computer programs that hijack millions of home computers to send e−mails.
Source: http://www.eweek.com/article2/0,1895,2064450,00.asp

30. November 27, Associated Press — EU says more than half e−mails are spam. Unsolicited e−mails continue to plague Europeans and account for between 50 and 80 percent of all messages sent to mail inboxes, the European Commission said Monday, November 27. A European Union (EU) report found that only two EU nations −− the Netherlands and Finland −− were making inroads in enforcing the 2002 law to crack down on spam. Dutch authorities were able to reduce spam by 85 percent by using fines to get businesses to fall in line with the EU rule. EU officials have said they will put forward new legislation next year to make it easier to prosecute spammers.
Source: http://news.yahoo.com/s/ap/20061128/ap_on_hi_te/eu_spam

31. November 27, ZDNet Asia — Hackers ride on Web application vulnerabilities. According to Watchfire, the most vulnerable area in the enterprise information ecosystem is Web applications. The company specializes in software and services to audit the security and regulatory compliance of Websites. Danny Allan, Watchfire's director of strategic research, noted that network perimeters bore the brunt of attacks in the past. Given that networks today are adequately protected by a range of security tools, Web applications are now not only easier to target, they are also linked to backend servers and databases containing a wealth of information. However, businesses are currently not spending enough to protect their Web applications, said Allan. Citing research by Gartner, he pointed out that 90 percent of IT security spending is on network protection and only 10 percent is spent on Web applications.
Source: http://www.zdnetasia.com/news/security/0,39044215,61969925,0 0.htm

Daily Report Tuesday, November 28, 2006

Daily Highlights


Mississippi State University engineers are working with the Oak Ridge National Laboratory on a homeland security project that seeks to devise a computer tracking and monitoring model to thwart terrorist threats on inland waterways by identifying barges and other vessels carrying potentially dangerous cargoes. (See item 8)
·
The Department of Health and Human Services along with other federal health officials, on Monday, November 27, announced National Influenza Vaccination Week by urging Americans who have not gotten flu vaccinations yet to get them before flu season peaks. (See item 11)

Information Technology and Telecommunications Sector

20. November 27, Associated Press — Fan hacks singer’s cell phone data using national lab computer. A woman is accused of using a computer at a national laboratory to hack into a cell phone company's Website to get a number for Chester Bennington, lead singer of the rock group Linkin Park. According to an affidavit filed by the Department of Defense Inspector General, Devon Townsend, 27, obtained copies of Bennington's cell phone bill, the phone numbers he called and digital pictures taken with the phone. Investigators said she also hacked into the e−mail of Bennington's wife, Talinda Bennington, and at one point called her and threatened her. Townsend is accused of using a computer at her former workplace, Sandia National Laboratories, to access Bennington's cell phone information. Lab spokesperson Michael Padilla said Wednesday, November 22, that Townsend no longer worked there. Townsend's attorney, Ray Twohig, said that investigators were still analyzing his client's computer and that it remains to be seen what exact violations will be alleged. Townsend's computer wasn't connected to classified data, Padilla said.
Source: http://www.cnn.com/2006/SHOWBIZ/Music/11/27/people.linkinpar k.ap/index.html

21. November 27, New York Times — Web tool said to offer way past the government censor. At the University of Toronto a team of political scientists, software engineers and computer−hacking activists, or “hactivists,” have created the latest, and some say most advanced tool yet in allowing Internet users to circumvent government censorship of the Web. The program, called psiphon (pronounced “SY−fon”), will be released on December 1 in response to growing Internet censorship that is pushing citizens in restrictive countries to pursue more elaborate and sophisticated programs to gain access to Western news sites, blogs and other censored material. Psiphon is downloaded by a person in an uncensored country (psiphon.civisec.org), turning that person’s computer into an access point. Someone in a restricted−access country can then log into that computer through an encrypted connection and using it as a proxy, gain access to censored sites. The program’s designers say there is no evidence on the user’s computer of having viewed censored material once they erase their Internet history after each use. The software is part of a broader effort to live up to the initial hopes human rights activists had that the Internet would provide unprecedented freedom of expression for those living in restrictive countries.
Source: http://www.nytimes.com/2006/11/27/technology/27censorship.ht ml?ref=technology

22. November 27, Computerworld — Department of Defense report to detail dangers of foreign software. A U.S. Department of Defense (DoD) task force early next year plans to warn the Pentagon of a growing threat to national security from adversaries who could insert malicious code in software developed overseas. The Defense Science Board (DSB), a military/civilian think tank within the DoD, will issue a report that calls for a variety of prevention and detection measures but stops short of recommending that all software procured by the military be written in the U.S., said the head of the task force that has been studying the so−called foreign influence issue. The possibility that programmers might hide Trojan horses, trapdoors and other malware inside the code they write is hardly a new concern. But the DSB will say in its report that three forces — the greater complexity of systems, their increased connectivity and the globalization of the software industry — have combined to make the malware threat increasingly acute for the DOD. Robert Lucky, the chairman of the DSB task force, said this month that all the code the DoD procures is at risk, from business software to so−called mission software that supports war−fighting efforts.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=274599&intsrc=news_ts_head

Daily Report Monday, November 27, 2006

Daily Highlights


Bouncers at some New Jersey bars and nightclubs are using a high−tech identification device to obtain a customer's age as well as personal information on a driver's license such as name, address, and license number as well as physical descriptions such as height, weight, and eye color. (See item 11)
·
The Associated Press reports the Bloomington Police Department's bomb squad removed what appeared to be an improvised explosive device from the trunk of a rental car Sunday, November 26, at the Minneapolis−St. Paul International Airport. (See item 12)
·
Bloomberg reports two of New York City's commuter railroads will have delays for the next two weeks because a particularly bad season of so−called slippery rail −− caused by wet leaves falling on the rails −− has damaged the wheels of more than 360 rail cars. (See item 13)

Information Technology and Telecommunications Sector

29. November 24, Sophos — New Trojan tricks users with offer of free explicit images. Sophos has warned of a new spam campaign that claims to offer free explicit images and videos, in an attempt to trick users into downloading a malicious Trojan horse. According to Sophos, a Weblink to the Psyme−DL Trojan is being widely circulated within e−mails using a variety of subject lines, invariably containing the words "free" and "porn." The e−mails each contain a single sentence and a link to the malicious file.
Source: http://www.sophos.com/pressoffice/news/articles/2006/11/porn spam.html

30. November 24, Security Focus — IAdware Trojan aims for Macs. On Thursday, November 23, antivirus firm F−Secure published a brief analysis of a proof−of−concept adware program for the Mac OS X that could theoretically hook into any application to run attacker−specified code. The program, dubbed IAdware by F−Secure, could be silently installed in a user's account 10
without requiring administrator rights. The IAdware proof−of−concept code did nothing malicious, but merely opened up a browser each time an application was opened, F−Secure stated.
Source: http://www.securityfocus.com/brief/366

31. November 24, VNUNet — IP Multimedia Subsystem full of gaps: Yankee Group. The IP Multimedia Subsystem (IMS) architecture is suffering from "gaping holes and inadequacies" which are limiting increased adoption and implementation of the communications standard, research has warned. These gaps in the architecture must be addressed by vendors and carriers that have invested in IMS as a unifying communications technology, according to a recently published Yankee Group report. The study noted that the growing interest of carriers in adopting IMS or next−generation architectures is met by increasing challenges. However, it acknowledges that all major carriers and vendors now have IMS in their road maps because it is being recognized as the unifying architecture.
Source: http://www.vnunet.com/vnunet/news/2169423/ims−plagued−gaping −holes
Daily Report Friday, November 24, 2006

Daily Highlights


In the first nuclear−related evacuation since the Three Mile Island accident of 1979, a Tennessee school district sent all 1,800 pupils home on Tuesday morning, November 21, because operators at a nearby nuclear reactor believed they might have had a leak of radioactive cooling water inside the plant. (See item 2)
·
The Associated Press reports a chemical plant near Boston exploded early Wednesday, November 22, sparking a massive fire and blowing debris for blocks that damaged nearly 90 homes but caused only minor injuries. (See item 5)
·
The Department of Homeland Security and the Department of State have announced the official requirement for citizens of the United States, Canada, Mexico, and Bermuda to present a passport to enter the United States when arriving by air from any part of the Western Hemisphere beginning January 23, 2007. (See item 16)
·
WHO−TV reports nearly 1,000 Iowans have gotten ill in the last several weeks due to norovirus, which has occurred in a wide variety of settings such as social receptions, long−term care facilities, a gaming facility, business functions, restaurants, and schools (See item 27)

Information Technology and Telecommunications Sector

34. November 22, eWeek — Exploit code published for Apple OS X glitch. Researchers have published exploit code that targets an unpatched kernel vulnerability in Apple's OS X desktop software. An independent vulnerability analyst working as part of the "Month of Kernel Bugs" campaign released the details necessary to attack the hole in OS X on Wednesday, November 22, revealing the manner in which hackers could target the glitch, which affects the way Apple's software handles disk image files. The researcher, identified only by the screen name "LMH," issued the exploit via a post on the Kernel Fun Website. "Mac OS X fails to properly handle corrupted image structures, leading to an exploitable denial−of−service condition," LMH wrote in his latest blog. "Although it hasn't been checked further, memory corruption is present under certain conditions." The researcher said that the demonstration exploit offered on the site would be unlikely to allow arbitrary code execution if applied by attackers, however, the analyst indicated that the flaw could be taken advantage of by malware writers by targeting the manner in which Cupertino, CA−based Apple's Safari browser downloads online image files.
Source:
http://www.eweek.com/article2/0,1895,2062806,00.asp

35. November 22, IDG News Service — Thieves steal chips worth millions. A gang of thieves stole computer chips reportedly worth millions of U.S. dollars in a Monday, November 20, raid on the Penang International Airport Free Commercial Zone in Batu Muang, Malaysia. Malaysian police are investigating the theft. The gang of 20 thieves subdued 17 security guards using weapons and chloroform before stealing 585 cartons and 18 pallets of microchips and motherboards manufactured by a multinational company in Bayan Lepas, Malaysia. The stolen goods were estimated to be worth $12.7 million, making the theft the largest ever in Malaysia. Source: http://www.infoworld.com/article/06/11/22/HNchipthieves_1.ht ml

36. November 22, CNET News — Firefox, IE vulnerable to fake login pages. Mozilla's Firefox 2 and Microsoft's Internet Explorer 7 are vulnerable to a flaw that could allow attackers to steal passwords. Dubbed a reverse cross−site request, or RCSR, vulnerability by its discoverer, Robert Chapin, the flaw lets hackers compromise users' passwords and usernames by presenting them with a fake login form. Firefox Password Manager will automatically enter any saved passwords and usernames into the form. The data is then automatically sent to an attacker's computer without the user's knowledge, according to the Chapin Information Services site. An exploit for this flaw has already been seen on social−networking site MySpace.com, and it could affect anyone using a blog or forum that allows user−generated HTML code to be added, according to Chapin. According to Chapin, an RCSR attack is much more likely to succeed than a cross−site scripting attack because neither Internet Explorer nor Firefox is designed to check the destination of form data before the user submits them. The browser doesn't sound an alarm because the exploit is conducted at the trusted Website.
Source: http://news.com.com/Firefox%2C+IE+vulnerable+to+fake+login+pages/2100−1002_3−6137844.html?tag=nefd.top
Daily Report Wednesday, November 22, 2006

Daily Highlights

The National Transportation Safety Board is recommending that federal regulators require new standards and tests for the engines on the Bombardier CRJ−model jets to ensure that the failure that contributed to a fatal 2004 crash does not occur again. (See item 10)
·
The Associated Press reports that starting this week inspectors from the Transportation Security Administration and other police agencies will begin sweeping Amtrak stations in Rhode Island, using bomb−sniffing dogs, undercover agents, and uniformed officers. (See item 12)
·
A University of New Hampshire scientist is leading an international team of researchers trying to understand how bird flu spreads among wild birds and poultry, combining satellite images showing rice farming cycles and wetlands with other research on epidemics, wild bird migration, and poultry farming practices. (See item 27)


Information Technology and Telecommunications Sector

32. November 21, VNUNet — California court rules on Web defamation. The California Supreme Court has ruled that Internet service providers and bloggers cannot be sued for third−party comments posted on their sites. In the case of Barrett versus Rosenthal the court found that only the originator of the content could be sued, but that third parties who repost the material should be immune from prosecution. The ruling has profound implications for the future of Internet content. "We acknowledge that recognizing broad immunity for defamatory republications on the Internet has some troubling consequences," said the court. "Until Congress chooses to revise the settled law in this area, however, plaintiffs who contend they were defamed in an Internet posting may only seek recovery from the original source of the statement."
Source: http://www.vnunet.com/vnunet/news/2169219/california−court−r ules−web

33. November 21, Sophos — Don't let the Christmas spam fill your e−mail stocking, Sophos warns. Sophos has identified a new marketing trick being used by spammers in their attempt to get a hold of legitimate e−mail addresses and user information in the run−up to the holiday season: they are offering to send your child a letter directly from Santa. The unsolicited e−mail campaign, which includes subject lines like "Letter From Santa For Your Child" and "Santa Letter from the North Pole," offers a personalized letter addressed to your child. The e−mail also requests you to get in touch if you received the e−mail in error.
Source: http://www.sophos.com/pressoffice/news/articles/2006/11/sant aspam.html

34. November 20, CNET News — Wi−Fi standards face patent threat. A federal judge in Tyler, TX, ruled last week that an Australian government agency holds the rights to patents on the underlying technology used in two Wi−Fi standards and a third proposed standard. The decision −− if it survives what many assume will be a lengthy appeals process −− could have a wide−ranging impact on wireless equipment makers and consumer electronics manufacturers. Judge Leonard Davis ruled that a patent granted in 1996 to the Commonwealth Scientific and Industrial Research Organization, Australia's national science agency, is valid. The court also ruled that Buffalo Technology, a small maker of Wi−Fi routing gear, had violated this patent. The ruling is certainly a blow for Austin, TX−based Buffalo Technology, but the decision could have a huge impact on the entire Wi−Fi industry. "One reason that Wi−Fi has proliferated as it has is because it's reached a point where it's incredibly cheap, so it's easy to just stick a Wi−Fi chip in a consumer electronics device," said Stan Schatt, a vice president at ABI Research. "But if the cost of the technology goes up to pay for the license, even a little bit, it could throw off the economics."
Source: http://news.com.com/Wi−Fi+standards+face+patent+threat/2100−7351_3−6137372.html?tag=nefd.lede
Daily Report Tuesday, November 21, 2006

Daily Highlights


USA TODAY reports the Associated Mail and Parcel Centers estimates that each year thousands of packages with potentially hazardous materials are loaded onto cargo planes all over the U.S. (See item 21)
·
The U.S. Centers for Disease Control and Prevention reports that Chikungunya, a severe and sometimes deadly infectious disease that has devastated the islands of the Indian Ocean, has arrived in the United States: several states have reported cases of travelers returning from visits to Asia and East Africa sick with the mosquito−borne virus. (See item 29)

Information Technology and Telecommunications Sector

36. November 20, IDG News Service — Check Point adds encryption with Pointsec buy. Check Point Software Technologies plans to acquire Pointsec Mobile Technologies in an effort to extend its security offering to laptops and other remote access devices. Check Point made the $586 million offer for Protect Data, the owner of Pointsec, on Monday, November 20. With the Pointsec acquisition, Check Point hopes to extend its security offering to include corporate data, the company said.
Source: http://www.infoworld.com/article/06/11/20/HNcheckpointpoints ecbuy_1.html

37. November 20, IDG News Service — U.S. government clears Alcatel−Lucent merger. President George Bush has accepted a recommendation that he not suspend or prohibit the planned merger of Alcatel and Lucent Technologies on security grounds after an agency that oversees foreign investment said the deal should be allowed, apparently clearing it to go forward. The companies announced in April they would merge, creating a giant communications equipment vendor that would be based in Paris. The deal faced scrutiny on both sides of the Atlantic, partly because both companies have sensitive government contracts related to national security. Approval by the U.S. Committee on Foreign Investment, an inter−agency panel led by the Secretary of the Treasury, was to be the last hurdle to the deal, according to the companies.
Source: http://www.infoworld.com/article/06/11/20/HNalcatellucentcle ars_1.html

38. November 20, Agence France−Presse — European cities launch IT and telecoms research network. About 20 European cities have launched a network for information sharing, research and testing in the fields of mobile and information technology. The "Living Labs Europe" project enables companies, research institutes and investors to share information on technical and commercial testing of new technologies and mobile services. The European Union, which lags behind the United States and Japan in terms of funding for research and development, aims to become the world's most competitive and dynamic knowledge−based economy by 2010.
Source: http://news.yahoo.com/s/afp/20061120/tc_afp/eutelecomitresea rchranddsector
Daily Report Monday, November 20, 2006

Daily Highlights


The Los Angeles Times reports the two largest known tunnels on the border that link Nogales, Mexico, with Nogales, Arizona, remain an ongoing tactical problem for authorities to monitor. (See item 14)

The Washington Post reports a new plan to improve information sharing about terrorism establishes a Washington−based threat assessment group that includes federal, state, and local officials, and restructures the way intelligence and other information is handled. (See item 30)

The Associated Press reports three people were shot during what appeared to be a gangland−style confrontation in the food court of the Westfield mall in Annapolis, Maryland. (See item 40)

Information Technology and Telecommunications Sector

35. November 16, eWeek — Exploits surface for MS Patch Day flaws. Proof−of−concept exploit code offering step−by−step instructions to attack worm holes in Microsoft Windows have started appearing on the Internet, prompting a new round of "patch−now−or−else" warnings from computer security experts. The exploits, publicly released on the Milw0rm Website and privately available to partners of penetrating testing firm Immunity, target a pair of critical vulnerabilities patched by Microsoft on Tuesday, November 14. The Milw0rm exploit, released by a hacker called "cocoruder," takes aim at the high−severity bug covered in the MS06−070 bulletin and can be used to launch a network worm against unpatched Windows 2000 systems. Amol Sarwate, manager of the vulnerability research lab at Qualys, is strongly urging businesses running Windows 2000 to test and deploy the MS06−070 patch because of the ease in which a hacker could launch an exploit.
Milw0rm Website: http://www.milw0rm.com/
Source: http://www.eweek.com/article2/0,1895,2060481,00.asp

36. November 16, Network World — Researchers seek disruption−tolerant nets. Researchers are creating mobile networks that can sustain communications even in the face of broken links and long delays. The quest for such disruption−tolerant networks (DTNs), is being driven by military, scientific and emergency−response wireless networks, which typically lack the connectivity, stability and predictability of conventional wired networks. Instead, researchers say, the hallmarks of a DTN are the very problems that quickly bring a conventional wireless network to its knees: frequent and unpredictable disconnects, changing nearby nodes and very long delays. The trade−off: it takes a lot longer to send and receive data over a DTN.
Source: http://www.networkworld.com/news/2006/111606−dtn.html

37. November 16, IDG News Service — Gartner meeting sees big network role. IT professionals and Gartner Inc. analysts are looking beyond networks to the whole enterprise this week at the research company's Enterprise Networking Summit in Las Vegas. Everything system and application administrators want to do affects networks, especially now that voice and other forms of communication are moving onto IP data networks, participants said Tuesday, November 14. That trend toward unified communications, along with richer Web−based applications and a proliferation of consumer−oriented devices, is among the key issues emerging for enterprise networks in the next few years, Gartner analyst David Willis said in a keynote address. Another looming trend is virtualization of IT resources, which Cisco Systems Inc., Microsoft Corp. and IBM all want to dominate, he said. Together, it spells more chaos on networks, which have always been chaotic, he said. Don't rush into IP telephony, Gartner analyst Jeff Snyder warned attendees in a breakout session. They should have a good reason, such as replacing aging phone systems or building a distributed contact center, before moving in that direction, he said. But network experts will take on a bigger role in overall corporate strategy as the new technology comes in, he added.
Source: http://www.computerworld.com/action/article.do?command=viewA
rticleBasic&articleId=9005143&intsrc=news_ts_head
Daily Report Friday, November 17, 2006

Daily Highlights


The Associated Press reports that more than two−dozen people were arrested in New York on Wednesday, November 15, in connection with a billion−dollar−a−year gambling ring orchestrated through a Website called Playwithal.com. (See item 10)
·
The Associated Press reports a man was arrested at Detroit Metropolitan Airport after officials found him carrying more than $78,000 in cash and a laptop computer containing information about nuclear materials and cyanide. (See item 15)
·
The House of Representatives has approved the Animal Enterprise Terrorism Act of 2006, which strengthens the ability of the Department of Justice to prosecute animal rights terrorists who do damage to property or threaten individuals associated with an animal enterprise. (See item 23)

Information Technology and Telecommunications Sector

37. November 16, eWeek — 'Pump−and−Dump' spam surge linked to Russian bot herders. The recent surge in e−mail spam hawking penny stocks is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers. Internet security researchers and law enforcement authorities have traced the operation to a well−organized hacking gang controlling a 70,000−strong peer−to−peer botnet seeded with the SpamThru Trojan. According to Joe Stewart, senior security researcher at SecureWorks, the gang functions with a level of sophistication rarely seen in the hacking underworld. For starters, the Trojan comes with its own anti−virus scanner that removes competing malware files from the hijacked machine. Once a Windows machine is infected, it becomes a peer in a peer−to−peer botnet controlled by a central server. If the control server is disabled by botnet hunters, the spammer simply has to control a single peer to retain control of all the bots and send instructions on the location of a new control server. The bots are segmented into different server ports, determined by the variant of the Trojan installed, and further segmented into peer groups of no more than 512 bots. This allows the hackers to keep the overhead involved in exchanging information about other peers to a minimum, Stewart explained.
Source: http://www.eweek.com/article2/0,1895,2060235,00.asp

38. November 15, IDG News Service — Pirated Vista may be useless, Microsoft says. Microsoft said supposedly pirated copies of its new Vista computer operating system "will be of limited value" to those who use them. Microsoft responded Tuesday, November 14, to reports that some Websites have been circulating pirated copies of Vista and the Office 2007 applications suite. But Microsoft said in a prepared statement that those pirated copies of the OS won't work for long. "The copies available for download are not final code and users should avoid unauthorized copies which could be incomplete or tampered. This unauthorized download relies on the use of pre−RTM [release−to−manufacture] activation keys that will be blocked using Microsoft’s Software Protection Platform. Consequently, these downloads will be of limited value," the statement said.
Source: http://www.infoworld.com/article/06/11/15/HNpiratedvistausel ess_1.html

39. November 15, CNET News — Google, Yahoo, Microsoft adopt same Web index tool. Search engine rivals Google, Yahoo and Microsoft are teaming up to make it easier for Website owners to make sure their sites get included in the Web indexes. The companies are adopting Google's Sitemaps protocol, available since June 2005, which enables Website owners to manually feed their pages to Google and to check whether their sites have been crawled. Website owners have had to follow similar processes at each of the other major search engines separately. Now Website owners will be able to go to one place for alerting all three major search engines to their Webpages, something they have been requesting for some time, said Tim Mayer, director of product management at Yahoo Search.
Source: http://news.com.com/Google,+Yahoo,+Microsoft+adopt+same+Web+
index+tool/2100−1025_3−6136041.html

Daily Report Thursday, November 16, 2006

Daily Highlights


WZZM−13 reports there is more concern after the security breach and identity theft problems at Wesco gas stations across West Michigan, and thousands of Fifth Third Bank customers will have their debit cards re−issued as a precautionary measure. (See item 6)
·
The Anderson Independent−Mail reports that after an outbreak of whooping cough at a school in Anderson, South Carolina, health officials warn that one vaccination in a person’s lifetime is not enough to guard against the disease. (See item 29)
·
The Department of Homeland Security and the Advertising Council have unveiled new public service advertisements to support the Ready Campaign, a national public service advertising campaign designed to educate and empower Americans to prepare for and respond to emergencies. (See item 32)

Information Technology and Telecommunications Sector

36. November 15, VNUNet — Windows use could boost mobile malware. A security expert has warned that the increasing use of Microsoft code in mobile applications could lead to a rise in mobile malware activity. Kevin Hogan, senior manager at Symantec Security Response said that, while very little malware activity is aimed at mobile phones, the situation could change as Microsoft's influence grows. Hogan cited two large Japanese telecoms companies which are actively evaluating Windows CE devices. "If Windows CE is taken up in a big way in a large market we may see some increased malware activity," he warned. "There is not a lot of functionality built in that will stop attacks on that platform, so there could be a problem if it takes off."
Source: http://www.vnunet.com/vnunet/news/2168653/windows−boost−mobi le−malware

37. November 15, SearchSecurity — SANS: VoIP, zero−day threats surge. Since attacks are no longer tied solely to a set of software flaws, the SANS Institute has renamed its annual Top 20 vulnerabilities list this year to the "Top 20 Internet Security Attack Targets." Among this year's top 20 are six major attack trends: 1) A surge in zero−day attacks that go beyond Internet Explorer to target other Microsoft software; 2) A rapid growth in attacks exploiting vulnerabilities in ubiquitous Microsoft Office products such as PowerPoint and Excel; 3) A continued growth in targeted attacks; 4) Increased phishing attacks against military and government contractor sites; 5) A surge in Voice over Internet Protocol (VoIP) attacks in which attackers can intercept and sell company meeting minutes, inject misleading messages or create massive outages in the old phone network; 6) Ever−increasing attacks against Web application flaws.
SANS Institute's Top 20 vulnerabilities list: http://www.sans.org/top20/?ref=1487
Source: http://searchsecurity.techtarget.com/originalContent/0,28914
2,sid14_gci1230095,00.html


38. November 14, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA06−318A: Microsoft security updates for Windows, Internet Explorer, and Adobe Flash. Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Systems affected: Microsoft Windows, Microsoft Internet Explorer, and Adobe Flash. Further information is available in the US−CERT Vulnerability Notes Database: http://www.kb.cert.org/vuls/byid?searchview&query=ms06−nov
Solution: Microsoft has provided updates for these vulnerabilities in the November 2006 Security Bulletin. The Security Bulletin describes any known issues related to the updates. Note any known issues described in the Bulletin and test for any potentially adverse affects in your environment. Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms06−nov.mspx
System administrators may wish to consider using Windows Server Update Services: http://www.microsoft.com/windowsserversystem/updateservices/ default.mspx
Source: http://www.us−cert.gov/cas/techalerts/TA06−318A.html


Daily Report Wednesday, November 15, 2006

Daily Highlights

The Paducah Sun reports nationwide, transmission systems and power plants aren't being built fast enough to meet America's increasing demand for electricity, potentially threatening the risk of supply disruptions. (See item 4)
·
The Ithaca Journal reports security concerns have changed how schools are built, and in an increasing number of schools, security drives decisions about everything from where to place
the principal's office to what kinds of locks and windows are selected. (See item 32)

Information Technology and Telecommunications Sector

35. November 14, eWeek — Microsoft forms interoperability vendor alliance. Microsoft has formed a new group, the Interoperability Vendor Alliance, to enhance interoperability between Microsoft and non−Microsoft systems across workflows and operational processes. The initial members of the vendor alliance are SugarCRM, Citrix Systems, Kernel Networks, Network Appliance and Siemens Networks, but membership will be open to others that want to join. The initial areas of focus will include common interoperability challenges like cross−platform systems management, single sign−on, data presentation, portal integration, storage and identity management.
Source: http://www.eweek.com/article2/0,1895,2058133,00.asp

36. November 14, IDG News Service — Motorola to acquire Netopia for $208 million. Motorola plans to acquire Netopia, the maker of Digital Subscriber Line user equipment, for $208
million, the companies announced on Tuesday, November 14. With Netopia's products, Motorola plans to offer a full suite of connected home products, including media hubs, voice gateways and Internet Protocol set tops. The acquisition will also help Motorola pursue IPTV opportunities.
Source: http://www.infoworld.com/article/06/11/14/HNmotorolanetopia_ 1.html

37. November 13, Federal Computer Week — Feds more confident in agency security. Federal decision−makers seem to be more confident about their agencies’ security than they were two years ago, according to a survey released Monday, November 13, by Cisco Systems. The new survey found that decision−makers, especially those in the defense sector, were spending more time on mandated security requirements than they did last year. They report, however, that funding remains the biggest barrier to improving security capabilities. Another change this year is that most respondents now give more importance to linking budgets to program performance, the report states. The survey, a follow−up to one conducted in November 2005, polled federal information technology decision−makers from more than 45 civilian and military agencies involved in network security solutions. Nearly half the respondents said they believe software automation tools will address most of their agencies’ security issues in the future. Moreover, a large majority said the automation tools will handle network intrusion detection, firewalls and server security.
Cisco news release: http://newsroom.cisco.com/dlls/2006/prod_111306c.html
Source: http://www.fcw.com/article96809−11−13−06−Web

Daily Report Tuesday, November 14, 2006

Daily Highlights


California wind company operators say that within the past year, trespassing and burglaries have increased at the 50,000−acre Altamont Wind Resource Area with thieves cutting and stealing the copper electrical cables used to operate the 5,400 windmills east of Livermore. (See item 1)
·
The U.S. Coast Guard began a pilot program on Monday, November 13, that will collect biometric information from illegal migrants interdicted while attempting entry into U.S. territory through the body of water between the Dominican Republic and Puerto Rico known as the Mona Passage. (See item 10)


Information Technology and Telecommunications Sector

35. November 13, Information Week — Mobile devices provide more opportunities for mischief and theft. Smartphones and similar devices increasingly are being used by business professionals to store information, tap into customer accounts, and exchange data with the office. The expanded use of mobile devices has caught the interest of criminals and malicious hackers, and several proof−of−concept mobile viruses have emerged in recent months. The growth of Microsoft Windows Mobile 5.0 in the device market also creates new security concerns. Windows Mobile 5.0, released to manufacturers in May, offers more and easier ways to exchange information with back−end servers than previous versions, and it's the first Windows operating system to appear on popular Palm devices. Trojan.Wesber, a proof−of−concept virus for Windows Mobile discovered in September, sends messages from a mobile device via the Short Message Service wireless protocol without the device user's consent, similar to the Redbrowser Trojan reported earlier this year. MSIL.Cxover.A, discovered in March, searches for a device connected to a wireless network, then attempts to establish an ActiveSync connection to the device. If successful, the worm copies itself as a file and disconnects the ActiveSync connection. While there haven't been any public reports of data breaches or other incidents resulting from these viruses, they demonstrate hacker interest in mobile devices.
Source: http://www.informationweek.com/story/showArticle.jhtml?artic leID=193700286

36. November 11, eWeek — Alarm raised for critical Broadcom Wi−Fi driver flaw. Computer security analysts are raising the alarm for a critical vulnerability in the Broadcom wireless driver embedded in PCs from HP, Dell, Gateway and eMachines. The vulnerability, which was exposed as part of the Month of Kernel Bug project, is a stack−based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver that could be exploited by attackers to take complete control of a Wi−Fi−enabled laptop. The vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field and can lead to arbitrary kernel−mode code execution. The volunteer Zero Day Emergency Response Team warns that the flaw could be exploited wirelessly if a vulnerable machine is within range of the attacker.
Source: http://www.eweek.com/article2/0,1895,2056023,00.asp

37. November 10, CNET News — UK outlaws denial−of−service attacks. A UK law has been passed that makes it an offense to launch denial−of−service attacks, which experts had previously called "a legal gray area." Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, November 8, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer. The maximum penalty for such cybercrimes has also been increased from five years to 10 years.
Source: http://news.com.com/U.K.+outlaws+denial−of−service+attacks/2100−7348_3−6134472.html
Daily Report Monday, November 13, 2006

Daily Highlights


Federal Computer Week reports that the Nuclear Regulatory Commission has issued a final rule on reporting requirements for various transactions involving radioactive materials that will involve establishing secure, Web−based access to a new National Source Tracking System. (See item 1)
·
The Associated Press reports that Department of Homeland Security Secretary Michael Chertoff marked Veterans Day by helping christen U.S. Coast Guard Cutter Bertholf, the first of a new class of ships called National Security Cutters. (See item 12)

Information Technology and Telecommunications Sector

32. November 08, Age (Australia) — SpamThru and Warezov responsible for rise in spam: MessageLabs report. The number of e−mail viruses targeting Australians is on the rise, with Australia last month experiencing the biggest growth in attacks of any country. One in 84.1 e−mails or 1.2 percent of e−mail traffic contains a virus, up from 0.4 percent of e−mail traffic the month before, MessageLabs' Intelligence Report for October 2006 said. The global ratio was 1 percent of e−mail traffic. This ranks Australia 12th out of all countries, where it was "previously at the bottom of the list," the report said. India remains the hardest hit country, with one in 16 e−mails containing a virus. It was followed by Ireland, Germany, Singapore and Spain. Responsible for much of the rise in viruses is a spam−sending Trojan dubbed "SpamThru," which MessageLabs said had increased global spam levels to almost three out of every four e−mails. The developers of SpamThru have so far managed to avoid detection by traditional anti−virus software, by releasing new strains of the Trojan at regular intervals, MessageLabs said. Another virus, Warezov, is also identified by MessageLabs as a contributing factor to the increase in spam. Like SpamThru, it hijacks the computers of unsuspecting users and turns them into spam distributors.
MessageLabs report: http://www.messagelabs.com/publishedcontent/publish/threat_w
atch_dotcom_en/intelligence_reports/october_2006/DA_173834.h tml

Source: http://www.theage.com.au/articles/2006/11/08/1162661735244.h tml

33. November 08, Security Focus — Microsoft Excel file rebuilding remote code execution vulnerability. Microsoft Excel is prone to a remote code execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vector.
For a complete list of vulnerable products: http://www.securityfocus.com/bid/18938/info
Solution: Microsoft has released a security advisory addressing this issue. For more information: http://www.securityfocus.com/bid/18938/references
Source: http://www.securityfocus.com/bid/18938/discuss

34. November 08, Security Focus — Symantec Automated Support Assistant ActiveX control buffer overflow vulnerability. An ActiveX control shipped with Symantec Automated Support Assistant and some other Symantec products is prone to a stack−based buffer overflow vulnerability. This vulnerability requires a certain amount of user−interaction for an attack to occur, such as visiting a malicious Website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged−in user. These products are shipped with the affected ActiveX control: Symantec Automated Support Assistant; Symantec Norton AntiVirus; Symantec Norton Internet Security; Symantec Norton System Works. Note that the Symantec Automated Support Assistant is used by support to identify problems running any Symantec consumer−based products. Therefore, the affected control may be present on computers running other consumer products and versions as well. Symantec Corporate and Enterprise products are not affected, because they do not install the affected control.
For a complete list of vulnerable products: http://www.securityfocus.com/bid/20348/info

Solution: Symantec has released fixes to address this issue. Fixes can be automatically applied
through Symantec LiveUpdate. Users who may have downloaded or installed the Symantec Automated Support Assistant should visit the following location to obtain a fixed version: https://www−secure.symantec.com/techsupp/asa/install.
A tool to remove vulnerable versions of the ActiveX control is available from the following location: http://www.symantec.com/home_homeoffice/security_response/re movaltools.jsp
Source: http://www.securityfocus.com/bid/20348/references
Veterans Day is tomorrow, Saturday, November 11th, 2006

However, today, November 10th is a holiday for many and thus there is not any Daily Report from DHS.

Please, take a few moments to honor our veterans. Attend a local ceremony if possible. Also, view the following web site:

Veterans.com


Daily Report Thursday, November 9, 2006

Daily Highlights


The Social Security Administration on Tuesday, November 7, warned of a new e−mail scam in which recipients are asked to update their personal information or risk having their Social Security "account" suspended indefinitely by November 11. (See item 12)

The Associated Press reports biologists at Mississippi State University are studying safer vaccines for whooping cough, which can sometimes lead to brain damage or death. (See item 24)

Information Technology and Telecommunications Sector

30. November 08, Security Focus — Mozilla multiple products remote vulnerabilities. The Mozilla Foundation has released thirteen security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to execute arbitrary machine code in the context of the vulnerable application; crash affected applications; run arbitrary script code with elevated privileges; gain access to potentially sensitive information; and carry out cross−domain scripting attacks. Other attacks may also be possible. These issues are fixed in: − Mozilla Firefox version 1.5.0.5, Mozilla Thunderbird version 1.5.0.5, and Mozilla SeaMonkey version 1.0.3. Solution: http://www.securityfocus.com/bid/19181/solution
Source: http://www.securityfocus.com/bid/19181/discuss

31. November 08, Security Focus — Adobe Flash Player multiple remote code execution vulnerabilities. Adobe Flash Player is prone to multiple remote code−execution vulnerabilities because it fails to properly sanitize user−supplied input. An attacker could exploit this issue by creating a media file containing large, dynamically generated string data and submitting it to be processed by the media player. These issues allow remote attackers to execute arbitrary machine code in the context of the user running the application. Other attacks are also possible. Adobe Flash Player 8.0.24.0 and prior, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX, and 2004Adobe Flex 1.5 are affected. Solution: http://www.securityfocus.com/bid/19980/solution
Source: http://www.securityfocus.com/bid/19980/discuss

32. November 08, Security Focus — America Online ICQ ActiveX Control remote code execution vulnerability. The America Online ICQ ActiveX Control is prone to a remote code−execution vulnerability. An attacker could exploit this issue simply by sending a message to a victim ICQ user. Exploiting this issue could allow an attacker to execute arbitrary code. The ICQPhone.SipxPhoneManager ActiveX control with a CLSID of 54BDE6EC−F42F−4500−AC46−905177444300 is affected.
Solution: The vendor has released a fix to resolve this issue. This fix is automatically applied when connecting to the America Online ICQ service.
Source: http://www.securityfocus.com/bid/20930/discuss
Daily Report Wednesday, November 8, 2006

Daily Highlights

The Associated Press reports a United Airlines plane's wing clipped the tail of another jetliner on Tuesday, November 7, as they taxied toward takeoff at Chicago's O'Hare International Airport. (See item 14)

The United Nations' World Health Organization is launching an international taskforce to combat counterfeit medical products, a market that brings in tens of billions of dollars annually as it promotes drug resistant strains of disease, can worsen medical conditions, and may kill its patients. (See item 23)

USA TODAY reports the federal government is working with prisons in dozens of states to improve intelligence gathering and monitoring of inmates in a stepped−up campaign to curb homegrown terrorism behind bars. (See item 39)


Information Technology and Telecommunications Sector

29. November 07, Sydney Morning Herald (Australia) — Chile arrests four accused of hacking foreign governments' Websites. Chilean police arrested four suspected computer hackers accused of being part of an international group that has broken into thousands of government Websites around the globe in recent years. Police chief Gerardo Raventos said Monday, November 6, that the group was responsible for "infiltrating" more than 8,000 sites, including some run by the governments of Argentina, Bolivia, Colombia, Peru, Turkey, the United States and Venezuela. Raventos said the suspects even hacked into the NASA Website. The suspects were members of an international hackers group identified as the "Byond" team, and had been under investigation for eight months with the cooperation of authorities in the United States, Israel and several South American countries, Raventos said.
Source: http://www.smh.com.au/news/breaking−news/chile−arrests−4−acc
used−of−hacking−foreign−governments39−web−sites/2006/11/07/1 162661645862.html


30. November 07, Tech Web — OS bug project is security wake−up call: Gartner. A new hacker project that promises to disclose one operating system kernel vulnerability daily hasn't yet come up with any serious bugs, a security company said Tuesday, November 7, but Gartner warned enterprises that the plan constitutes a security wake−up call. Last week, security researcher HD Moore, co−creator of the Metasploit Framework penetration testing tool, began posting one kernel bug each day. In July, Moore ran a similar crusade, dubbed "Month of Browser Bugs" that released more than a score of new browser vulnerabilities, including some for Internet Explorer that were later patched by Microsoft. According to Symantec, Moore's "Month of Kernel Bugs" has not yet put forward any major flaws. So far, Moore and others have posted six vulnerabilities. Although Symantec took a wait−and−see position, research firm Gartner said that the danger level was higher. "[This] is a serious wake−up call about the vulnerability of the most fundamental element of the operating system," said analyst Rich Mogull in a research note posted online. "Begin preparing now for more, and more damaging, attacks against the OS kernel...The incorporation of kernel exploits is a very early indication that the complex exploitation of kernel flaws will be simplified," added Mogull.
Source: http://www.techweb.com/wire/security/193600339;jsessionid=PY
DARNGSP1GT4QSNDLPCKHSCJUNN2JVN


31. November 07, Tech Web — 'Stration' worm spawns sneak attacks. Anti−virus vendors completely missed the fact that the most massive worm attack in months has a secondary payload that has sent millions of pharmaceutical spam messages, a security intelligence company revealed Tuesday, November 7. The Stration worm, also known as Warezov, has been topic number one for anti−virus firms for almost three months, but until recently they hadn't figured out that the malware kicks into second gear about six hours after it's installed. Then, said VeriSign iDefense, it begins sending massive amounts of spam touting Viagra, Xanax, and Propecia prescription medicines. "Lots of AV vendors have been saying that Stration doesn't have a payload," said Mike La Pilla, an iDefense analyst. "But it does. It just takes six hours. Then it contacts a different domain, downloads a spamming Trojan, and starts sending mail." If a user launches the file attached to the original e−mail, a small Trojan downloader executes, searches out the domain of a remote server, and downloads the Stration/Warezov worm. Stration, in turn, then replicates by grabbing e−mail addresses off the compromised system. Only later does it seek out a second domain for the spam bot.
Source: http://www.techweb.com/wire/security/193600350;jsessionid=PY
DARNGSP1GT4QSNDLPCKHSCJUNN2JVN

Daily Report Tuesday, November 7, 2006

Daily Highlights


A report by the Financial Action Task Force highlights the risks of criminal exploitation of new payment methods, many of which have taken hold on the Internet in recent years; the biggest new online payment brokers are eBay's PayPal, and Neteller. (See item 5)
·
The Associated Press reports rail passengers in Buffalo, New York, will undergo explosives screening beginning Tuesday, November 7, as part of a program being tested by the Transportation Security Administration. (See item 9)
·
Fraud investigators say that the U.S. Postal Service’s “change of address” system may be leaving people vulnerable to identity theft with thieves filling out a change of address card and thereby accessing private mail including critical credit card bills. (See item 13)

Information Technology and Telecommunications Sector

30. November 06, Secunia — Microsoft XMLHTTP ActiveX control code execution vulnerability. A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious Website using Internet Explorer. NOTE: The vulnerability is already being actively exploited. Solution: Microsoft has recommended various workarounds including setting the kill−bit for the affected ActiveX control. See the vendor's advisory for details: http://www.microsoft.com/technet/security/advisory/927892.ms px
Source: http://secunia.com/advisories/22687/

31. November 06, VNUNet — Malicious Trojan poses as McAfee alert. Security experts have intercepted a mass mailing purporting to come from McAfee, but which actually spreads a Trojan horse. Kaspersky Labs described the mass mailing as "unusual" because the messages attempt to spoof the e−mail address mcafee@europe.com. The Lafool.v infection is hidden in a Word document called "McAfee Inc. Reports.doc." The file is 80,635 bytes in size, and allegedly contains a report about the propagation of malicious programs on the Internet. However, the document actually contains a macro written in Visual Basic for Applications. Lafool.v extracts a new modification of LdPinch, a well−known Trojan password stealing program, from itself and launches it for execution, Kaspersky Labs warned.
Source: http://www.vnunet.com/vnunet/news/2168037/malicious−trojan−p oses−mcafee

32. November 06, Sophos — Sophos reveals top 12 spam producing countries. Sophos has published its latest report on the top twelve spam relaying countries over the third quarter of 2006. Sophos experts believe that a possible reason for America's increasing lead in relayed spam when compared to its closest rival, China, is the emergence of over 300 strains of the mass−spammed Stratio worm. The worm, also known as Stration or Warezov, uses a trick dependent on the victim being able to speak English in its attempt to convert innocent PCs into members of a spam botnet. The top twelve spam relaying countries in July−September 2006 are as follows: 1) United States: 21.6 percent; 2) China (including Hong Kong): 13.4 percent; 3) France: 6.3 percent; 3) South Korea: 6.3 percent; 5) Spain: 5.8 percent; 6) Poland: 4.8 percent; 7) Brazil: 4.7 percent; 8) Italy: 4.3 percent; 9) Germany: 3.0 percent; 10) Taiwan: 2.0 percent; 11) Israel 1.8 percent; 12) Japan: 1.7 percent.
Source: http://www.sophos.com/pressoffice/news/articles/2006/11/dirt ydozq306.html
Daily Report Monday, November 6, 2006

Daily Highlights


The Seattle Times reports Starbucks said on Friday, November 3, that personal data on 60,000
present and former employees and contractors was on two laptop computers missing from its
Seattle headquarters. (See item 8)

The FBI has arrested more than a dozen people in the U.S. and other countries in an
international identity theft operation −− called Operation Cardkeeper −− that involves the
trading of social security numbers, the sale of stolen credit card account information, and
phishing. (See item 10)

Information Technology and Telecommunications Sector

35. November 03, IDG News Service — Security threat changing, says Symantec CEO. The
threat posed to computer users and companies by hackers is shifting from attacks on the computers to attacks on electronic transactions, according to the head of one of the world's largest security software vendors. John Thompson, chairman and CEO of Symantec, said the change has been taking place over the last few years but has recently been accelerating. "The attacks that we see today are more targeted and more silent and their objective is to create true financial harm as opposed to visibility for the attackers," he said. The head of Symantec's Asia Pacific business, Bill Robbins, explained in an interview that this changing threat would mean businesses will have to spend more time and energy on making sure that data is not just secure but also recording which users are accessing and manipulating information stored in corporate databases.
Source: http://www.infoworld.com/article/06/11/03/HNchangingsecurity threat_1.html

36. November 03, IDG News Service — FTC settles with adware company. Adware distributor Zango will give up $3 million in "ill−gotten gains" for deceptive downloads that displayed billions of unwanted pop−up ads in a settlement with the U.S. Federal Trade Commission (FTC). The settlement, announced Friday, November 3, bars Zango from loading software onto consumers' computers without their consent, the FTC said. The settlement also requires Zango, formerly known as 180solutions, to provide a way for consumers to remove the adware. FTC settlement: http://www.ftc.gov/os/caselist/0523130/0523130agree061103.pd f
Source: http://www.infoworld.com/article/06/11/03/HNftcadware_1.html

37. November 03, VNUNet — Hackers use Wikipedia to spread malware. Hackers are using online encyclopedia Wikipedia to spread malware, according to a security firm. Sophos discovered that hackers had created an article on the German edition of Wikipedia containing false information about a new version of the Blaster worm, along with a link to a fix. However, the fix is actually a piece of malicious code designed to infect visitors' PCs. Wikipedia is built from user contributions, allowing anyone to create or edit the content of a page. The hackers sent spam messages to German computer users, which purported to come from Wikipedia, and directed recipients to the fraudulent information. As the e−mails linked to a legitimate Website, they were able to bypass some anti−spam solutions.
Source: http://www.vnunet.com/vnunet/news/2167949/hackers−wikipedia− dupe−users