Daily Report Wednesday, November 8, 2006

Daily Highlights

The Associated Press reports a United Airlines plane's wing clipped the tail of another jetliner on Tuesday, November 7, as they taxied toward takeoff at Chicago's O'Hare International Airport. (See item 14)

The United Nations' World Health Organization is launching an international taskforce to combat counterfeit medical products, a market that brings in tens of billions of dollars annually as it promotes drug resistant strains of disease, can worsen medical conditions, and may kill its patients. (See item 23)

USA TODAY reports the federal government is working with prisons in dozens of states to improve intelligence gathering and monitoring of inmates in a stepped−up campaign to curb homegrown terrorism behind bars. (See item 39)

Information Technology and Telecommunications Sector

29. November 07, Sydney Morning Herald (Australia) — Chile arrests four accused of hacking foreign governments' Websites. Chilean police arrested four suspected computer hackers accused of being part of an international group that has broken into thousands of government Websites around the globe in recent years. Police chief Gerardo Raventos said Monday, November 6, that the group was responsible for "infiltrating" more than 8,000 sites, including some run by the governments of Argentina, Bolivia, Colombia, Peru, Turkey, the United States and Venezuela. Raventos said the suspects even hacked into the NASA Website. The suspects were members of an international hackers group identified as the "Byond" team, and had been under investigation for eight months with the cooperation of authorities in the United States, Israel and several South American countries, Raventos said.
Source: http://www.smh.com.au/news/breaking−news/chile−arrests−4−acc
used−of−hacking−foreign−governments39−web−sites/2006/11/07/1 162661645862.html

30. November 07, Tech Web — OS bug project is security wake−up call: Gartner. A new hacker project that promises to disclose one operating system kernel vulnerability daily hasn't yet come up with any serious bugs, a security company said Tuesday, November 7, but Gartner warned enterprises that the plan constitutes a security wake−up call. Last week, security researcher HD Moore, co−creator of the Metasploit Framework penetration testing tool, began posting one kernel bug each day. In July, Moore ran a similar crusade, dubbed "Month of Browser Bugs" that released more than a score of new browser vulnerabilities, including some for Internet Explorer that were later patched by Microsoft. According to Symantec, Moore's "Month of Kernel Bugs" has not yet put forward any major flaws. So far, Moore and others have posted six vulnerabilities. Although Symantec took a wait−and−see position, research firm Gartner said that the danger level was higher. "[This] is a serious wake−up call about the vulnerability of the most fundamental element of the operating system," said analyst Rich Mogull in a research note posted online. "Begin preparing now for more, and more damaging, attacks against the OS kernel...The incorporation of kernel exploits is a very early indication that the complex exploitation of kernel flaws will be simplified," added Mogull.
Source: http://www.techweb.com/wire/security/193600339;jsessionid=PY

31. November 07, Tech Web — 'Stration' worm spawns sneak attacks. Anti−virus vendors completely missed the fact that the most massive worm attack in months has a secondary payload that has sent millions of pharmaceutical spam messages, a security intelligence company revealed Tuesday, November 7. The Stration worm, also known as Warezov, has been topic number one for anti−virus firms for almost three months, but until recently they hadn't figured out that the malware kicks into second gear about six hours after it's installed. Then, said VeriSign iDefense, it begins sending massive amounts of spam touting Viagra, Xanax, and Propecia prescription medicines. "Lots of AV vendors have been saying that Stration doesn't have a payload," said Mike La Pilla, an iDefense analyst. "But it does. It just takes six hours. Then it contacts a different domain, downloads a spamming Trojan, and starts sending mail." If a user launches the file attached to the original e−mail, a small Trojan downloader executes, searches out the domain of a remote server, and downloads the Stration/Warezov worm. Stration, in turn, then replicates by grabbing e−mail addresses off the compromised system. Only later does it seek out a second domain for the spam bot.
Source: http://www.techweb.com/wire/security/193600350;jsessionid=PY