Daily Report Tuesday, November 7, 2006

Daily Highlights


A report by the Financial Action Task Force highlights the risks of criminal exploitation of new payment methods, many of which have taken hold on the Internet in recent years; the biggest new online payment brokers are eBay's PayPal, and Neteller. (See item 5)
·
The Associated Press reports rail passengers in Buffalo, New York, will undergo explosives screening beginning Tuesday, November 7, as part of a program being tested by the Transportation Security Administration. (See item 9)
·
Fraud investigators say that the U.S. Postal Service’s “change of address” system may be leaving people vulnerable to identity theft with thieves filling out a change of address card and thereby accessing private mail including critical credit card bills. (See item 13)

Information Technology and Telecommunications Sector

30. November 06, Secunia — Microsoft XMLHTTP ActiveX control code execution vulnerability. A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious Website using Internet Explorer. NOTE: The vulnerability is already being actively exploited. Solution: Microsoft has recommended various workarounds including setting the kill−bit for the affected ActiveX control. See the vendor's advisory for details: http://www.microsoft.com/technet/security/advisory/927892.ms px
Source: http://secunia.com/advisories/22687/

31. November 06, VNUNet — Malicious Trojan poses as McAfee alert. Security experts have intercepted a mass mailing purporting to come from McAfee, but which actually spreads a Trojan horse. Kaspersky Labs described the mass mailing as "unusual" because the messages attempt to spoof the e−mail address mcafee@europe.com. The Lafool.v infection is hidden in a Word document called "McAfee Inc. Reports.doc." The file is 80,635 bytes in size, and allegedly contains a report about the propagation of malicious programs on the Internet. However, the document actually contains a macro written in Visual Basic for Applications. Lafool.v extracts a new modification of LdPinch, a well−known Trojan password stealing program, from itself and launches it for execution, Kaspersky Labs warned.
Source: http://www.vnunet.com/vnunet/news/2168037/malicious−trojan−p oses−mcafee

32. November 06, Sophos — Sophos reveals top 12 spam producing countries. Sophos has published its latest report on the top twelve spam relaying countries over the third quarter of 2006. Sophos experts believe that a possible reason for America's increasing lead in relayed spam when compared to its closest rival, China, is the emergence of over 300 strains of the mass−spammed Stratio worm. The worm, also known as Stration or Warezov, uses a trick dependent on the victim being able to speak English in its attempt to convert innocent PCs into members of a spam botnet. The top twelve spam relaying countries in July−September 2006 are as follows: 1) United States: 21.6 percent; 2) China (including Hong Kong): 13.4 percent; 3) France: 6.3 percent; 3) South Korea: 6.3 percent; 5) Spain: 5.8 percent; 6) Poland: 4.8 percent; 7) Brazil: 4.7 percent; 8) Italy: 4.3 percent; 9) Germany: 3.0 percent; 10) Taiwan: 2.0 percent; 11) Israel 1.8 percent; 12) Japan: 1.7 percent.
Source: http://www.sophos.com/pressoffice/news/articles/2006/11/dirt ydozq306.html