Thursday, February 14, 2008 – Happy Valentine’s Day

Daily Report

• The Associated Press reports undercover New York City police secretly set up a fake company to demonstrate how easily and anonymously a terrorist could purchase chlorine on the Internet for a deadly chemical strike against the city. There has been no specific terror threat against the city involving chemicals, but New York City police recently put more emphasis on screening shipments of chlorine after learning that it has become a favored component of homemade bombs in Iraq. (See item 4)

• According to the Ottawa Citizen, the head of the U.S. Department of Homeland Security said in a recent interview that “much more than a dozen” individuals with links to al-Qaeda, Hezbollah, and other extremist groups have been caught trying to enter the U.S. from Canada since September 11. (See item 12)

Information Technology

29. February 13, IDG News Service – (National) Valentine’s Day-themed Storm worm attacks detected. A Valentine’s-themed outbreak of the Storm worm has been detected. Malicious e-mails are being received across the globe – they contain a Web link, which directs users to a Web site where they can supposedly download a Valentine’s card, but in fact are infected with the Storm bug. The virus mirrors the fake Christmas and New Year messages seen in previous months. According to a security analyst at McAfee, the virus will try to steal personal information from your PC, bring down its security defenses, and use your PC to send out millions of junk e-mails. “There are about ten million PCs worldwide infected with the Storm worm. These threats have suddenly spiked from zero percent of all spam e-mails to 1.5 percent, and they are continuing to rise as we draw closer to Valentine’s Day, and more people are fooled into downloading the malicious file,” he commented.

30. February 12, Network World – (National) Blended security threats on the rise, IBM says. The number of malware code samples in the wild grew 30 percent to 410,000 in 2007, according to security researchers at IBM’s Internet Security Systems (ISS) division. The Storm worm in particular accounted for 13 percent of the entire malware collection. IBM released these findings and more in its security trends report for 2007, which summarizes the threat landscape based on IBM’s research on malware, software vulnerabilities, phishing, and Web sites with questionable content. While software vulnerabilities decreased 5.4 percent last year to 6,437 disclosures by vendors, the most risky “high impact” vulnerabilities that allow immediate remote or local access increased from 16.2 percent in 2006, the first such increase noted since 2004. The operations manager at X-Force Research and Development at IBM ISS says one thing that struck him about this year’s threat analysis is that half of the software vulnerabilities reported by vendors in 2007 had no vendor patch available for them. “It seems that vendors have not produced patches, and we don’t know why,” he says. On the spam front, average spam message size is down to pre-2005 levels, corresponding with a decrease in image-based spam, the 2007 IBM ISS report says. In its malware-code analysis, IBM ISS says there is a shift from mass-mailing worms to sophisticated targeted Trojan attacks with rootkits and other blended threats. Trojans made up the single largest class of malware in 2007, accounting for 26 percent of the total. But IBM ISS believes that malware code is becoming less distinct as simply a virus, worm, spyware, backdoor, or password stealer.

31. February 12, InformationWeek – (National) Microsoft’s Patch Tuesday includes 11 security bulletins. Microsoft on Tuesday released 11 Security Bulletins that address 17 potential vulnerabilities. Six of the Security Bulletins are rated critical; five are rated important. Microsoft did not include a fix for a JScript vulnerability that the company mentioned in its pre-patch guidance last week. The affected software includes WebDAV Mini-Redirector, Object Linking and Embedding (OLE) Automation, Microsoft Word, Internet Explorer, Microsoft Office Publisher, and Microsoft Office. The OLE and Word vulnerabilities affect both Microsoft’s Windows and Mac customers. Components with important vulnerabilities include Active Directory/Active Directory Application Mode, Transmission Control Protocol/Internet Protocol, Internet Information Services, and Microsoft Works File Converter. A Symantec senior research manager observed that Tuesday’s round of fixes points to the increasing use of trusted sites to distribute malware. “While the batch of critical vulnerabilities all require some sort of user interaction to exploit, the interaction can be as simple as visiting a trusted Web site that has first been exploited by an attacker,” he said in an e-mail. “As consumers and enterprises become more savvy to security risks, attackers are leveraging alternative means to distribute malware through these trusted sites in addition to distributing via an attachment or random link in an e-mail.”

Communications Sector

32. February 12, Associated Press – (National) BlackBerry outage caused by upgrade. The company behind the BlackBerry smart phones said a three-hour e-mail outage Monday was caused by an upgrade designed to increase capacity. Research in Motion Ltd. Tuesday said the upgrade was part of “routine and ongoing efforts,” and that similar upgrades in the past had caused no problems. The outage, which started about 3:30 p.m., annoyed subscribers who are used to checking and writing e-mail whenever they are in cellular coverage and able to make voice calls. It affected only some of the BlackBerry users in North America; for others, the service kept working fully. It was the second major outage for the service in less than a year. In April, a minor software upgrade crashed the system for all users. A smaller disruption in September also was caused by a software glitch. Experts said RIM’s system is relatively reliable, but its centralized structure means that when there are problems, they can affect millions of users. E-mail sent to and from BlackBerry phones in North America all goes through a Network Operations Center. It appears the problem occurred there, when one of two Internet addresses that relay e-mail from corporate servers stopped responding, according to Zenprise, a Fremont, California, company that helps companies troubleshoot BlackBerry problems.