Tuesday, May 8, 2007

Daily Highlights

Symantec Corp. researchers Friday, May 4, warned of a Trojan horse in the wild that poses as a Windows activation program to dupe users into entering credit card information in an attempt to reanimate their machines. (See item 8)
·
The Associated Press reports police arrested a Nevada man at the Hancock International Airport in Syracuse, New York, for possession of explosives and stolen goods. (See item 16)
·
The Department of Homeland Security announced on Friday, May 4, that it intends to integrate biometric exit procedures into the existing international visitor departure process, which will make departing the United States more convenient and accessible for international visitors. (See item 17)·

Information Technology and Telecommunications Sector

40. May 07, InformationWeek — Month Of ActiveX Bugs Reveals Critical Vulnerabilities. Researchers posted details of a denial−of−service bug in Office OCX PowerPoint Viewer. It's an ActiveX control that enables software to communicate with Microsoft PowerPoint files. The French Security Incident Response Team (FrSIRT) called the bug critical. There are also several holes in the Excel Viewer OCX that Secunia rates as "highly critical." "The vulnerabilities are caused due to boundary errors within the Excel Viewer ActiveX control (ExcelViewer.ocx)," wrote Secunia analysts. "These can be exploited to cause stack−based buffer overflows via overly long arguments passed to certain methods (e.g. "HttpDownloadFile()" or "OpenWebFile()"). Successful exploitation may allow execution of arbitrary code when a user visits a malicious Website." The vulnerabilities, according to Secunia, are confirmed in version 3.2.0.5, but other versions also may be affected.
Secunia: http://secunia.com/
FrSIRT: http://www.frsirt.com/english/
Source: http://www.informationweek.com/news/showArticle.jhtml?articl eID=199300005

41. May 07, InfoWorld — USB worm gets its turn. Security researchers at Sophos are warning of a new Trojan worm virus that is being spread via infected USB device. According to the security software maker the W32/SillyFD−AA program, or Silly worm, automatically spreads itself to any USB storage device connected to a PC it has infected, and then passes itself along to any subsequent machines to which the removable thumb drive is inserted. Sophos said that once loaded onto a computer, the worm creates a hidden file labeled as "autorun.inf" from which it continues to propagate itself. Among the only discernible affects of the attack is that it changes the title of users' Internet Explorer browsers to read: Hacked by 1BYTE. Sophos advises that people should disable the USB autorun feature of Windows that allows the devices to immediately being communicating with a PC once connected. Unfamiliar USB sticks should be checked for viruses before being allowed to run, the company said.
Source: http://weblog.infoworld.com/zeroday/archives/2007/05/usb_wor m_gets_i.html

42. May 07, Associated Press — Nearly 50 percent of Americans have little use for Internet and cell phones, survey finds. A broad survey about the technology people have, how they use it, and what they think about it shatters assumptions and reveals where companies might be able to expand their audiences. The Pew Internet and American Life Project found that adult Americans are broadly divided into three groups: 31 percent are elite technology users, 20 percent are moderate users and the remainder have little or no usage of the Internet or cell phones.
Report: http://www.pewinternet.org/PPF/r/213/report_display.asp
Source: http://www.foxnews.com/story/0,2933,270392,00.html

43. May 03, TechWorld.com — Spammers use fresh technique to evade filters. Spammers have stepped up efforts to use encrypted attachments to evade filtering systems, service provider Email Systems has reported. The technique relies on the fact that many spam systems can't scan inside emails containing encrypted or password−protected attachments, and work out that they are not legitimate. Without a rule to block such attachments, most systems will pass on the email to recipients, handing spammers an important victory in the battle to get spam through. In recent weeks, Email Systems detected a small but steady stream of such spam emanating from bot−compromised hosts, containing a zipped−up version of the pervasive 'Storm' bot−loading Trojan that plagued Internet users in January. Recipients would have been able to inadvertently unzip the Trojan using an embedded password, after being attracted by a number of eye−catching subject lines, including 'Worm Detected!', 'Virus Detected!', 'Spyware Alert!' and 'Warning!'
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018597&intsrc=hm_list