Wednesday, November 21, 2007

Daily Report

Reuters reports that UK officials have confirmed a second outbreak of bird flu in as many weeks. An agriculture ministry spokesperson said all the turkeys at the site have been culled, a new protection zone had been established around the second farm, and the surveillance zone had been extended. (See item 20)

IDG News Service reports that, according to a new study by the independent Nemertes Research Group, rapidly expanding consumer and corporate use of the Internet could overwhelm current capacity and lead to Internet brown-outs by 2010 unless backbone providers invest up to $137 billion in new capacity, more than double what service providers plan to invest. (See item 28)

Information Technology

25. November 20, Network World – (National) Hackers poised for Black Friday assault. Security researchers say hackers are poised to launch a slew of Web-based attacks against consumers. “The holiday season in general is a huge time for hackers ... [and] Black Friday is typically the start,” says the vice president of strategic accounts for Secure Computing. “This year, my biggest concern for consumers is all the Web-borne malware out there.” Black Friday, the day after Thanksgiving, is followed in marketing lingo by Cyber Monday. Both are big days for retailers and online fraudsters. Consumers should watch out for e-mails advertising incredible deals that seem too good to be true. “Freebies may be freebies in the sense that you get free malware,” says a senior threat researcher at Trend Micro. A common scam is to pick the hot toy of the season and send out a spam e-mail blast offering it for much less than the typical price, one researcher said. Victims end up entering credit card information on malicious sites designed to look like well-known, trusted ones. They might also unknowingly download a keylogger that can steal personal information people type in when making any kind of Internet transaction. “Be leery of sites being advertised [in e-mail that might be spam]. In all likelihood you’re being directed to a malware-connected site,” he said. “Do not click on URLs within e-mails even for well-known public sites.” In an HTML e-mail, it is a trivial task for hackers to hide the real URL a victim is clicking on. “It might say ‘,’ but you’re actually clicking on something entirely different,” he says. In addition to being wary of e-mails, be careful when searching for holiday deals or specific products on Google and other search engines. Operators of malicious sites have figured out ways to rise to the top of search listings, researchers warn.

26. November 20, Computerworld – (National) Hackers jack, infect job hunters. took a portion of its Web site offline Monday as researchers reported that it had been compromised by an IFrame attack and was being used to infect visitors with a multi-exploit attack kit. According to Internet records, the Russian Business Network (RBN) hacker network may be involved. Parts of the Monster Company Boulevard, which lets job hunters search for positions by company, were unavailable Monday; by evening, the entire section was dark. Most major American companies are represented on the site. Job seekers who used Monster’s by-company directory on Monday before the site was yanked were exposed to Neosploit, an attack tool kit similar to the better-known Mpack, said the chief technology officer at Exploit Prevention Labs Inc. The injection of the malicious IFrame code into the site probably happened Monday, he added. Like many other IFrame exploits, this one silently redirected the user’s browser to another site hosting Neosploit. In the case of at least one of the exploit sites the researcher identified, there is a connection to the notorious RBN, the hacker and malware hosting network that recently shifted operations to China, then mysteriously abandoned the IP blocks it had acquired in China, seemingly vanishing from the Internet.

Communications Sector

27. November 20, IDG News Service – (Ohio; National) ‘Swatters’ tricked AT&T while making fake 911 calls. A Cleveland, Ohio, man has pled guilty to participating in a scheme that involved using AT&T employee passwords and identities to place false 911 calls to emergency dispatch centers. The man is facing up to five years in prison and a $250,000 fine after pleading guilty to charges of harassing people by tricking 911 operators into dispatching police SWAT (Special Weapons And Tactics) teams to the homes of unsuspecting victims. He was part of a group of about 15 to 20 people who met in chat rooms and telephone party lines to exchange information on how to conduct their attacks, according to court documents. The Ohio man is considered the lead defendant in a federal case against members of the group. Two other members have pled guilty, and two others are still facing trial. Virtually unknown until recently, “swatting” gained national attention last month when a 19 year-old was arrested after allegedly dispatching a SWAT team to the home of an unsuspecting couple in Orange County, California. That incident cost county officials nearly $20,000. On Friday, the 19-yearold pled not guilty to charges stemming from the March 29 incident. He is not believed to be connected with the other ‘swatter’ group, which has been connected to about 60 incidents, including one in January 2007, according to a detective with the Snohomish County Sherriff’s Office in Washington State.

28. November 19, IDG News Service – (National) Study: Internet could run out of capacity in two years. Consumer and corporate use of the Internet could overwhelm the Internet’s current capacity and lead to brown-outs by 2010 unless backbone providers invest up to $137 billion in new capacity, more than double what service providers plan to invest, according to a study by Nemertes Research Group, an independent analysis firm. In North America alone, backbone investments of $42 billion to $55 billion will be needed in the next three to five years to keep up with demand, Nemertes said. The study is the first to “apply Moore’s Law (or something very like it) to the pace of application innovation on the ‘Net,’” the study says. “Our findings indicate that although core fiber and switching/routing resources will scale nicely to support virtually any conceivable user demand, Internet access infrastructure, specifically in North America, will likely cease to be adequate for supporting demand within the next three to five years.” The study confirms long-time concerns of the Internet Innovation Alliance (IIA), an advocacy group focused on upgrading U.S. broadband networks, said the group’s cochairman. The study gives “good, hard, unique data” on the IIA concerns about network capacity, he said. The Nemertes study suggests demand for Web applications like streaming and interactive video, peer-to-peer file transfers, and music downloads will accelerate, creating a demand for more capacity.