Daily Report Thursday, January 25, 2007

Daily Highlights

Reuters reports utilities in five western U.S. states are in the process of setting up the Northern Tier Transmission Group, which is designed to facilitate coordination of big power lines in the area. (See item 1)
The Washington Post reports as the number of armed pilots aboard U.S. jetliners has expanded, pilots complain about a lack of supervision and the difficulty in finding time to participate in training courses; federal security officials are launching a refresher training program next month to address this. (See item 14)

Information Technology and Telecommunications Sector

32. January 24, IDG News Service — Apple patches security flaw in QuickTime. Apple Inc. has patched a vulnerability in its QuickTime media player that could give a hacker control over a computer. The problem concerns a buffer overflow that can occur when QuickTime processes a Real Time Streaming Protocol Uniform Resource Locator (RTSP URL), which directs the player to a streaming file and allows a user to play and pause it. A hacker could create a malicious RTSP URL embedded in a Webpage that would open a door for other harmful code to run on a machine, Apple said. The patch comes more than three weeks after researchers who are part of the Month of Apple Bugs project published exploit code.
QuickTime patch: http://www.apple.com/support/downloads/
Source: http://www.infoworld.com/article/07/01/24/HNquicktimepatch_1 .html

33. January 24, Sophos — Storm worm turns to love in major new attack. Sophos is warning of a major new malicious attack occurring against Internet users. New variants of the Dorf malware family (earlier incarnations of which purported to be breaking news of deaths caused by European storms) are now using disguises associated with love and greeting cards. Subject lines used in the spam campaign are many and varied. Some of them include "You're so Far Away," "I Dream of you," "Old Together," "Dream Date Coupon," "Together You and I," "A Bouquet of Love," "So in Love," "Cuddle Up," and "Vacation Love." Attached to the e.mails are files called flash postcard.exe or greetingcard.exe, which contain the worm. Opening the attached files on a PC activates the worm, which then sends itself to other e.mail addresses found on the now infected computer. Sophos analysts believe that the worm code is designed to attempt to download further malicious code from the Internet designed to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/dorf love.html

34. January 24, Sophos — Couple sued for sending five million spam cell phone messages. Sophos has warned of the rising nuisance of spam sent to mobile phones as two people from Florida have been charged with flooding cell phones with spam messages advertising time shares. Illinois Attorney General Lisa Madigan has filed a suit against Neela Pundit and Charles Rossop for sending five million unsolicited text messages to cell phone owners across the country. More than 200 consumers complained in Illinois alone after receiving the advertisements in October and November 2006 which read: "We have someone interested in buying or renting your Time Share." The advertisement encouraged recipients to visit two Internet Websites.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/smss pam.html

35. January 23, Information Week — One hacker kit accounts for 71 percent of attacks. A multi.exploit hack pack was responsible for nearly three.fourths of all Web.based attacks during December, a security company said Tuesday, January 23. Tagged with the moniker "Q406 Roll.up," the attack kit was behind 70.9 percent of last month's attacks, reported Atlanta, GA.based Exploit Prevention Labs. Up to a dozen different exploits make up the kit, which includes several exploits derived from the proof.of.concept code that researcher HD Moore published in July 2006 during his "Month of Browser Bugs" project. It's difficult to tell the exact number of exploits in the package, said Exploit Prevention's chief technology officer, Roger Thompson, because the kit is heavily encrypted. The most common exploits found in the kit are setSlice, VML, XML, and (IE COM) Createcomobject Code. "The dominance of this package reinforces the fact that the development and release of exploits frequently parallels legitimate software businesses," Thompson said in a statement.
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=196902970

36. January 23, eWeek — Compatibility concerns hinder Vista upgrades. Microsoft's new operating system may be the most eagerly anticipated release of the past 10 years, but concerns over compatibility, bugs and security are keeping many IT professionals from doing so soon, according to the survey released Tuesday, January 23, by Cambridge, MA.based Bit9, a provider of desktop lockdown solutions. Only 68 percent of IT pros reported that they'd be upgrading to Vista in 2007, though very few had made immediate plans. Of those who had expressed their intention to shift to the new operating system, 58 percent said they'd be waiting six months to one year after the launch to do so, while but 10 percent planned to roll out the upgrade in the next six months.
Research Brief (registration required):
http://www.bit9.com/files/Bit9_Vista_Survey_Research_Brief_v f.pdf
Source: http://www.eweek.com/article2/0,1895,2086703,00.asp

37. January 23, IDG News Service — Google.de domain gets kidnapped. Visitors to the German Website of Google were met with a strange sight early Tuesday morning, January 23: Gone was the Google logo, replaced by the name of a local Internet service provider with the message that no content was available for the domain. The Internet address of google.de and the page name were transferred to the new ISP, Goneo Internet GmbH, in a domain name grab that has confused Google users and infuriated company officials. Not all of Google's German Websites were affected by the domain grab, and those that were got restored within approximately two hours. In Google's case, two key security measures to prevent domain hijacking failed, a situation that could lead to changes in German domain name regulations, according to German domain registry Denic eG.
Source: http://www.infoworld.com/article/07/01/23/HNgooglegermany_1. html