Monday, July 9, 2007

Daily Highlights

Immigration and Customs Enforcement officials say increased immigration enforcement −−such as the June raid at a produce plant in North Portland, Oregon −− has pushed some undocumented workers to shift from fictitious Social Security numbers and green cards to identity theft. (See item 6)
·
Investigators in the United States and Britain say three British residents who pleaded guilty to using the Internet to incite murder used computer viruses and stolen credit card accounts to set up a network of communication forums and Websites to futher global jihad. (See item 8)
·
Information Technology and Telecommunications Sector

25. July 06, Reuters — Norwegian hacker says he can bypass AT&T on iPhone. A well−known hacker claims to have overcome restrictions on Apple Inc.'s iPhone, allowing highly technical users to bypass AT&T Inc.'s network to use the phone's Internet and music features. In a post dated Tuesday, July 3, on his blog, Jon Johansen, 23, a prolific hacker of consumer electronics gadgets since he was a teenager in Norway, said "I've found a way to activate a brand new unactivated iPhone" without signing up for AT&T service. "The iPhone does not have phone capability, but the iPod and Wi−Fi work. Stay tuned!" he wrote on his long−running blog, which is combatively named "So Sue Me." The site contained technical details for other hackers, as well as links to software necessary to complete the process.
Source: http://www.eweek.com/article2/0,1895,2155284,00.asp

26. July 06, VNUNet — Trojan uses Hotmail and Yahoo as spam hosts. Security firm BitDefender has warned of a new e−mail threat using Hotmail and Yahoo Mail accounts to send spam. Trojan.Spammer.HotLan.A uses automatically generated e−mail accounts, suggesting that spammers have found a way to bypass so−called Captcha systems. Captcha works by preventing new accounts being created until the creator correctly identifies the letters depicted in an image. Every active copy of the Trojan accesses an account, and pulls encrypted spam e−mails from a Website. It then decrypts the e−mails and sends them to valid addresses taken from yet another Website. "There are only about 500 or so new accounts being created every hour," said Viorel Canja, head of BitDefender's antivirus lab. "But we have seen at least 15,000 Hotmail accounts being used so far. It is hard to estimate how many spam e−mails have already been sent." The spam currently being distributed attempts to lure users to a site advertising pharmacy products.
Source: http://www.vnunet.com/vnunet/news/2193671/trojan−hotmail−yah oo−spam−hosts

27. July 05, IDG News Service — Talking Trojan says 'bye bye' to victims' data. A newly identified malicious program not only messes up its victims' computers, it taunts them too. The program, called the BotVoice.A Trojan was first spotted by security vendor Panda Software about two weeks ago. It is a Trojan horse program, which the victim must download first. But once installed, it gets nasty. The Trojan soon sets to work trying to delete everything from the victim's hard drive, while at the same time endlessly repeating an audible message, apparently designed to taunt the victim. "You have been infected; I repeat, you have been infected and your system files have been deleted. Sorry. Have a nice day and bye bye," the Trojan says. It does this by using a text−reading program that is part of the Windows operating system, Panda said. Users of Windows 2003, XP, 2000, NT, ME, 98, and 95 are all at risk. Unlike a virus, BotVoice.A does not jump from computer to computer on its own, but spreads via peer−to−peer networks or storage devices such as CD−ROMs or USB memory drives.
Source: http://www.infoworld.com/article/07/07/05/Talking−Trojan−say s−bye−to−data_1.html

28. July 05, ComputerWorld — Mpack installs ultrainvisible Trojan. The notorious Mpack hacker toolkit is installing malware that carries out its chores −− including spewing spam −− from within the Windows kernel, making it extremely difficult for security software to detect it, Symantec said Thursday, July 5. The Trojan horse that Symantec has dubbed "Srizbi" is being dropped onto some PCs by the multi−exploit Mpack, a ready−to−use attack application that until recently has been selling for around $1,000. Responsibility for a large−scale attack launched from thousands of hijacked Websites last month was pinned on Mpack, as was a follow−up campaign waged from compromised Internet porn sites. Although Mpack can force−feed any malicious code to a commandeered PC, Symantec researchers said Srizbi stands out. Rather than follow the current practice of hiding only some activities with rootkit−cloaking technologies, Srizbi goes completely undercover. The new Trojan, said Symantec, works without any user−mode payload and does everything from kernel mode, including its main task: sending spam.
Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026323&intsrc=hm_list

29. July 05, Washington Technology — DHS cyber security IG report released. The National Cyber Security Division of the Department of Homeland Security (DHS) needs to do a better job of establishing priorities for key programs and managing them effectively, according to a new inspector general (IG) report. Although the division has made progress since 2004 in achieving its mission of advancing the nation’s cyber security, officials have not set strategic priorities nor set a detailed schedule for achieving them, states a report from DHS Inspector General Richard L. Skinner.
IG report: http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_07−48_Jun07.pdf
Source: http://www.washingtontechnology.com/online/1_1/30971−1.html? topic=homeland

30. July 04, Register (UK) — Security consultant's blog found pushing crudware. A prominent IT security consultant has issued a mea culpa after learning a blog he set up on Blogspot and later abandoned is being used to push crudware. "If I'm supposed to know what I'm doing, what about the 299 million people out there who don't know better?" said Winn Schwartau, an expert in information warfare and computer security education, when asked why his old security blog, SecurityAwareness, tries to trick visitors into installing crudware called Malware Alarm. The incident is a cautionary tale for anyone who has ever kept a blog or Website and then decided to pull the plug. Schwartau had ditched the Blogspot address for a new URL that was linked to the Website of The Security Awareness Company, a business he runs. A spokesperson for Google, which runs Blogspot, said when the URL was retired, it went back into regular rotation, meaning it was available for the first person to request it. The new owner, evidently, is responsible for the content that warns users they may have malware and invites them to download Malware Alarm.
Source: http://www.channelregister.co.uk/2007/07/04/security_blog_pu shes_crudware/

31. July 03, Federal Computer Week — IG finds FEMA's laptop security faulty. The Federal Emergency Management Agency (FEMA) does not have effective procedures to protect information contained on its laptop computers, according to a new report from Richard Skinner, the Department of Homeland Security’s inspector general (IG). The IG tested 298 of the 32,000 laptop computers FEMA has in its inventory and discovered shortcomings in the agency’s ability to set security configurations, conduct patching to remedy vulnerabilities and manage its inventory. FEMA officials agreed with the IG’s report.
IG Report: http://www.dhs.gov/xoig/assets/mgmtrpts/OIGr_07−50_Jun07.pdf
Source: http://www.fcw.com/article103138−07−03−07−Web