Tuesday, June 12, 2007

Daily Highlights

NorthWestern Energy announced plans Tuesday, June 5, for a transmission line, called the Mountain States Transmission Intertie, running from Montana to Idaho, which it said could carry energy from developing wind power plants to power−hungry markets. (See item 6)
The Associated Press reports an American Airlines flight to Madrid and a catering truck collided at Miami International Airport on Sunday, June 10, causing damage to both the plane and truck. (See item 15)

Information Technology and Telecommunications Sector

36. June 11, eWeek — Yahoo Messenger flaw being exploited in the wild. A high−risk Yahoo Messenger vulnerability is being exploited in the wild, jacking up the criticality of applying a fix to avoid system hijacking. At issue is a buffer−overflow vulnerability in Yahoo Messenger's Webcam ActiveX control. Attackers can exploit the issue to execute arbitrary code within the context of an application that uses the control—typically Internet Explorer, according to Symantec's DeepSight Alert Services. eEye spotted proof−of−concept code last week and predicted that a malicious exploit would soon follow. Sure enough, DeepSight has spotted an active exploit in the wild at "at least one" site: n.88tw.net. The exploit is put to work when an attacker crafts a malicious site designed to take advantage of the vulnerability. The attacker then lures victims to the site by sending the exploit code via e−mail or hosting it in a remotely accessible location, for example. When victims visit the page, arbitrary code runs in the context of their browser. If successful, the attacker then gains remote access to control the target system. Affected versions range from Yahoo Messenger 5.5.0 on up to 8.0.0 and those versions in between. Yahoo Messenger 8.1 isn't affected.
eEye Digital Security Advisory: http://research.eeye.com/html/advisories/upcoming/20070605.h tml
Source: http://www.eweek.com/article2/0,1895,2144610,00.asp

37. June 11, CNET News — OpenOffice worm Badbunny hops across operating systems. Malicious software targeting OpenOffice.org documents is spreading through multiple operating systems, according to Symantec. "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources." The worm was first spotted late last month, but at the time, it was not thought to be "in the wild." On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user's mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder. On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb. On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.
Source: http://news.com.com/OpenOffice+worm+Badbunny+hops+across+operating+systems/2100−7349_3−6189961.html?tag=nefd.top

38. June 08, IDG News Service — Beware of fake Microsoft security alerts. With Microsoft's monthly patch release expected on Tuesday, June 12, scammers are sending out fake security bulletins that attempt to install malicious software on victim's computers. The e−mail messages claim to describe a "Cumulative Security Update for Internet Explorer" that fixes a critical security flaw in the browser. It comes with a link entitled "Download this update." When users click on this link, they are taken to a server that attempts to install malicious software known as Trojan−Downloader.Win32.Agent.avk. This Trojan software then attempts to reach out to other computers on the Internet in order to install more programs on the victim's computer. Microsoft does send out notification e−mail when it publishes security bulletins, but the links in these alerts take users to the bulletins themselves, not to executable downloads
Source: http://www.infoworld.com/article/07/06/08/Beware−of−fake−Microsoft−security−alerts_1.html

39. June 08, Computerworld — State's move to open document formats still not a mass migration. Only 250 of the 50,000 PCs at Massachusetts government agencies are able to use the Open Document Format (ODF) for Office Applications, despite an initial deadline of this month for making sure that all state agencies could handle the file format. Bethann Pepoli, acting state CIO and director of the Massachusetts Information Technology Division (ITD), said last week that potential plug−in suppliers weren't able to deliver working versions of their software by last November as previously planned. According to Pepoli, the ITD did deploy an Office−to−ODF converter for Word text files developed by Sun Microsystems Inc. at some agencies in January. The ITD is working to install the plug−in at more agencies, but Pepoli said it now has no definite schedule for completing the rollout. State legislators in Texas recently
quashed a bill calling for the use of open document formats−−one of five such proposals that have been defeated or shelved in the U.S. this year.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024160&intsrc=hm_list

40. June 08, eWeek — Anti−spam orgs under DDoS siege. Anti−spam forces must have hit a nerve with their adversaries. As of the evening of June 7, anti−spam groups Spamhaus, SURBL (Spam URI Realtime Blocklists), URIBL (Realtime URI Blacklist) and others have been under a "pretty big" distributed denial−of−service (DDoS) attack, according to the Internet Storm Center (ISC), which is run by the SANS Institute. As of 11 a.m. EDT on June 8, both SURBL and URIBL remained down when eWEEK checked, but Spamhaus was back up. This is an extremely serious issue, as these types of attacks have succeeded in bringing down and, in some cases, permanently knocking out important weapons in the fight against spammers. However, ISC member Bojan Zdrnja noted this positive side of the current DDoS: Spammers must be desperate if they're using their resources to flood anti−spam groups rather than to send out spam.
Source: http://www.eweek.com/article2/0,1895,2143566,00.asp

41. June 08, VNUNet — Worm points the way to Arabic viruses. A seemingly harmless worm spreading around the world could point the way to an explosion in Arabic viruses, according to one security vendor. Masaki Suenaga, a security response engineer at Symantec, claimed that Arabic elements within the W32.Alnuh worm could be a test to see how users react. "W32.Alnuh looks like just an experiment by the author," Suenaga said on the company's Website. "After they have done their homework, they might step to the next stage to make a more complicated virus." Suenaga said that viruses not written in English usually target Chinese, German, Spanish, Portuguese or Russian users, as well as Indonesian, Japanese or Thai to a lesser extent. "There might be more Arabic−aware viruses in the wild than we think simply because many of us do not notice Arabic words, but we are seeing more Arabic−aware viruses than a year ago," said Suenaga. Discovered on May 31, W32.Alnuh spreads harmlessly and only terminates programs to protect itself.
Source: http://www.vnunet.com/vnunet/news/2191697/worm−points−way−ar abic−viruses