Monday, February 11, 2008

Daily Report

• The New York Times reported a man fatally shot five people and wounded two others on Thursday evening as a City Council meeting began in Kirkwood, Missouri. The gunman shot and killed a police officer in a parking lot and another policeman and three city officials inside City Hall. The gunman was shot to death by police. (See item 28)

• According to the Associated Press, six people died and dozens were injured in a blast Thursday night at a sugar refinery in Port Wentworth, Georgia. Officials suspect a sugar dust explosion caused the blast. (See item 38)

Information Technology

34. February 8, IDG News Service – (National) Mozilla patches critical Firefox flaws. Mozilla issued ten patches on Friday for its Firefox browser, including three for critical vulnerabilities. The latest version of Firefox is now One of the critical vulnerabilities, MFSA 2008-06, is a problem in the way the browser handles images on certain Web pages. It is possible to exploit the flaw to steal a person’s Web browsing history, forward that information, and then crash the browser. It may also be possible to run arbitrary code on a machine, Mozilla said. A second critical vulnerability can enable a privilege escalation attack or remote code execution. The last critical problem involves a memory corruption flaw that “we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla said. Also notable is a fix for a problem with Mozilla’s “chrome” protocol, which is the term Mozilla uses for its user interface. The problem involves some of Firefox’s add-ons, or applications that users can download which extend browser functionality. The vulnerability would let an attacker determine what applications are installed on a person’s PC, which could give clues to how the machine could be compromised, Mozilla said. However, a victim would have to be lured to a special malicious Web page designed to take advantage of the flaw.

35. February 8, IDG News Service – (International) Antivirus company’s Web site downloads...a virus. The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors’ computers, security researchers said Thursday. The download section of AvSoft’s S-cop Web site hosts the malicious code, according to the chief research officer with security vendor AVG. “They let one of their pages get hit by an iFrame injection,” he said. “It shows that anyone can be a victim. ... It’s hard to protect Web servers properly.” The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim’s browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim’s computer. The malicious software is a variant of the Virut virus family. The iFrame pages are commonly used by Web developers to insert content into their Web pages, but because it is possible to create an invisible iFrame window, the technology is often misused by hackers as a way to silently redirect victims to malicious Web sites. AvSoft, based in New Delhi, sells an antivirus product called SmartCOP and has sold a second antivirus product called Smartdog. The company, which is not well-known in the U.S., also specializes in recovering data lost due to virus attacks.

36. February 7, – (National) Bush administration proposes $7.3 billion for IT security. President Bush’s proposed budget for fiscal 2009 includes $7.3 billion for cybersecurity efforts – a 9.8 percent increase from last year and a 73 percent increase from fiscal 2004. According to documents issued by the Office of Management and Budget (OMB), five agencies currently rate unsatisfactory in cybersecurity efforts, based on reports from inspectors general. The Defense Department is still undergoing an audit. Federal agencies submitted planned IT security spending to OMB as part of their budget requests. On average, agencies planned to spend 10.3 percent more on their IT security efforts in fiscal 2009, compared to the prior year. The highest increase – 129.7 percent – came from the Transportation Department, which earmarked $765 million in cybersecurity. Defense aims to spend $4 billion on cybersecurity efforts in fiscal 2009, a 3.4 percent increase over the enacted fiscal 2008 while the president’s budget proposed $404 million in IT security funds for the Department of Homeland Security (DHS), a five percent increase. These funds are separate from the $294 million in the DHS budget that will go to cross-government cybersecurity efforts – most notably the continued deployment of the Einstein system, an automated process for collecting and analyzing computer security information across civilian agencies to protect against cyberthreats and intrusions.

37. February 7, Government Technology – (National) Worm use to steal confidential data increasing in 2008. This year has begun with alarming data: in addition to Trojans, the use of worms to steal users’ confidential data is also on the increase. According to data collected by Panda, while Trojans caused 24.41 percent of infections, worms accounted for 15.01 percent. This data contrasts with the 2007 data, in which attacks caused by worms were responsible for less than ten percent of infections. According to PandaLabs this is due to the increasing activity of Nuwar-type worms, also known as Storm Worms. Computer worms can spread rapidly on their own. However, unlike those that caused epidemics massively covered by the media, they do not seek to collapse data traffic or damage computers. Instead, their objective is to steal confidential data for online fraud or identity-theft crimes. To do so, these worms usually arrive in messages that use social engineering techniques which refer to current affairs. They also include links redirected to pages that have been modified to automatically install other malware which steals the data, or to spoof pages similar to those used for phishing attacks. “Although we suspected this would occur, we didn’t think cyber-crooks would focus on these types of worms so soon. It is a very dangerous threat, since even though its effects are more visible than Trojans’ and they can be neutralized more easily, these worms can carry out indiscriminate ‘storm’ attacks to collect large amounts of confidential data very quickly,” claimed the technical director of PandaLabs.

Communications Sector

Nothing to report.