Wednesday, April 18, 2007

Daily Highlights

The Washington Post reports some lending companies with access to a national database that
contains confidential information on tens of millions of student borrowers have repeatedly searched it in ways that violate federal rules, raising alarms about data mining and abuse of privacy. (See item 12)
·
U.S. Customs and Border Protection officers and Border Patrol agents using rail gamma−imaging technology apprehended a 30−year−old Honduran citizen entering at Blaine, Washington, along with 34 pounds of marijuana. (See item 15)
·
Information Technology and Telecommunications Sector

35. April 17, ComputerWorld — Botworms exploit Windows DNS bug. Security researchers late Monday, April 16, spotted botworms exploiting a zero−day bug in Microsoft Corp.'s Windows DNS Server Service, confirming suspicions earlier in the day that hackers were sniffing out vulnerable systems. McAfee Inc.'s Avert Labs was the first to report that a new Nirbot variant −− the worm also goes by the name Rinbot −− was trying to exploit the DNS vulnerability in the wild. In a blog entry Monday afternoon, virus research manager Craig Schmugar said the botworm was an "Internet relay chat [IRC] controlled backdoor, which provides an attacker with unauthorized remote access to the compromised computer." Later Monday, McAfee announced it had found a second Nirbot/Rinbot variant exploiting the bug. According to McAfee's analysis, the new Nirbot botworms scan for vulnerable servers, then use multiple exploits −− including the unpatched DNS flaw −− in an attempt to hijack the machine. Earlier Monday, Symantec Corp. warned of an extraordinary spike in scans for TCP and UDP Port 1025. Monday evening, Symantec confirmed that the source of the increased Port 1025 activity was the Nirbot/Rinbot, and like McAfee, posted an initial analysis of the worm.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9016820&intsrc=hm_list

36. April 17, VNUNet — Panic spreads over 'killer' mobile phone virus. Fears of a deadly virus that can be transmitted by mobile phone have swept the Afghani capital of Kabul, prompting the government to step in and reassure the public. Reports from inside the city suggest that mobile phone users are fearful that a biological virus is spreading via mobile phone calls. Rumors claim that several people have already died. The stories appear to have come from Pakistan, where similar rumors began spreading last week.
Source: http://www.vnunet.com/vnunet/news/2187920/panic−killer−mobil e−phone−virus

37. April 16, eWeek — Researchers: Botnets getting more resilient. A select group of some 40 security researchers gathered on April 10 in the first Usenix event devoted to botnets. The invitation−only event, called HotBots, was held in Cambridge, MA. At the event, researchers warned that botnets −− which can contain tens or even hundreds of thousands of zombie PCs that have been taken over for use in spamming and thievery of financial and identity−related data −− are on the brink of a technological leap to more resilient architectures and more sophisticated encryption that will make it that much harder to track, monitor and disable them. Specifically, security researchers have spotted the early development stages of resilient botnets that have included peer−to−peer (P2P) architectures. Botnets have traditionally been organized in a hierarchical structure, with one central command−and−control location. This centralization has been a blessing to researchers, as it gives them a single point of failure on which to focus. With a P2P botnet, however, there is no centralized point for command and control.
Source: http://www.eweek.com/article2/0,1895,2114741,00.asp