Wednesday, December 26, 2007

Daily Report

• The Associated Press reports that a Southwest Airlines flight had to make an emergency landing in Omaha, Nebraska, after a person who missed the flight allegedly made a bomb threat. The passenger, who missed the flight, made a statement about a bag and then made a bomb threat specific to Flight 1018. (See item 14)

• According to the Bridgetown News, a bomb threat at Cumberland County Courthouse in New Jersey caused an evacuation Thursday afternoon, and all afternoon proceedings were canceled. Bomb-sniffing dogs had searched half of the building and found nothing suspicious. (See item 29)

Information Technology

33. December 22, New Scientist Tech – (National) Wi-Fi routers are vulnerable to viruses. The viral infection that began in Cambridge, Massachusetts, somewhere between MIT and Harvard University, failed to cross the Charles River into Boston; in California, the San Francisco Bay stymied a similar attack. This was not a biological infection, but the first simulation of an airborne computer virus. It spread by hopping between wireless routers, which are more susceptible to viruses than computers, said a representative of Indiana University in Bloomington. “We forget that routers are minicomputers. They have memory, they are networked and they are programmable.” And since they are not scanned for viruses, or protected by existing firewalls, they are easy targets. He knows of no actual router viruses, but says such a virus could steal creditcard numbers, make the router send out spam and block incoming security patches. Routers close enough together to communicate — less than 100 meters apart — could act as a vast network for viruses. Although routers do not usually communicate with each other, it would be easy enough for malicious hackers to use a virus to switch on that capability if the router’s encryption system were weak, he said.

34. December 21, IDG News – (International) Russians close to prosecuting ‘Pinch’ Trojan authors. Russia may soon prosecute the authors of the “Pinch” Trojan, an easyto- use malicious software program available on the Internet that steals a variety of data. The head of Russia’s Federal Security Services said earlier this week that Pinch’s authors had been identified and would be taken to court, according to a blog posting by Russian security vendor Kaspersky Lab. Kaspersky said the arrest of the Pinch writers would be on the same level as the 2005 prosecution of a German man for creating the NetSky and Sasser worms, which caused thousands of infected computers to crash worldwide. With Pinch, “it’s impossible to estimate what financial losses have been caused over the years since this Trojan first saw the light of day,” Kaspersky said. Pinch’s sellers would customize the program for buyers and offer support, illustrating a growing underground economy for hacking tools, Kaspersky said. Thousands of versions of Pinch, which comes in Russian and English language versions, are still circulating on the Internet. Kaspersky said its security software can detect some 4,000 variants of Pinch, where the basic code is the same but aspects of the program have been modified in order to evade detection by security software. Pinch has a highly developed user interface that can be used for sorting information it steals off other computers, according to F-Secure. It can steal e-mail account passwords, pilfer other password information stored in the Internet Explorer, Firefox and Opera browsers, and snap screenshots. That stolen information can also be encrypted before it is sent back to the hacker, according to Panda Security, another security vendor. Pinch could also be customized to have the victimized computer join a botnet, or a network of computers set up to hide other malicious activity by the hacker. Botnets are often used to send spam or mount other hacking attacks.

35. December 21, – (International) Orkut worm hits 700,000 users. A fastmoving worm has infected more than 700,000 users on Google’s Orkut social network in just 24 hours. The Portuguese language attack exploited a vulnerability in Orkut’s scrapbook feature to post malicious JavaScript code on a user’s page. On viewing the scrapbook post, the code performed the exploit and downloaded a .js file to the user’s machine. The worm then took control of the user’s account, sending out copies of itself to all of the user’s friends and joining a group called ‘Infectados pelo VĂ­rus do Orkut,’ which translates as ‘Infected by Orkut virus.’ The worm does not appear to download any other malicious programs. Security experts said yesterday that the malicious code has been removed from users’ pages and the worm has been taken offline. A Symantec researcher said that, although the attack was largely benevolent, it is worrisome because it was launched simply by loading the user’s Orkut profile. “This worm illustrates how a simple script injection exploit could affect a large social networking site,” he wrote in a company blog. “This worm could have been used for other malicious purposes, such as stealing cookies, exploiting other vulnerabilities or stealing sensitive data.”

36. December 21, Computerworld – (National) Microsoft automates IE crash snafu workaround. Microsoft Corp. posted an automated fix late yesterday for a week-old crippling problem with Internet Explorer, replacing a registry hack it had offered Wednesday. The new 476KB work-around can be downloaded manually from Microsoft’s Web site, and will be pushed to users via Windows Update as well, according to the company. “It has also been made available via Windows Update andAutomatic Update for all Internet Explorer 6 customers on Windows XP Service Pack 2,” said the IE program manager at Microsoft’s Security Response Center (MSRC), in an entry on the center’s blog yesterday. The work-around came more than a week after users installed Security Update MS07-069 on December 11, and immediately began reporting that they were unable to connect to the Internet with IE or that the browser kept crashing. MS07-069, one of seven bulletins issued that day, fixed four critical vulnerabilities in IE 5.01, IE6 and IE7. On Wednesday, Microsoft acknowledged the problem and posted work-around instructions that required users to edit the Windows registry, a chore beyond most users. Microsoft has also revised the pertinent support document, originally posted Wednesday, to note the availability of the automated workaround, and marked up the MS07-069 security bulletin of December 11 to warn users of the problem.

Communications Sector

Nothing to report.