Thursday, April 3, 2008

Daily Report

• WBBM 2 Chicago reports emergency inspections were underway Wednesday morning on more than 50 United Airlines Boeing 777 aircraft. During a review of maintenance records, inspectors discovered that tests were not performed on one of the five bottles in the planes’ fire suppression system. Until the tests are complete, the planes will not fly, United said. (See item 10)

• According to the Associated Press, the U.S. Department of Agriculture plans to conduct a coordinated nationwide survey to determine whether an invasive moth that has been found in 12 California counties has spread to other states. State officials say the moth threatens more than 2,000 varieties of California plants and crops. (See item 17)

Information Technology

26. April 2, CIOL News Reports – (National) Email security threats impacting businesses worldwide. Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, has released its latest research report, “State of Internet Security: Protecting Business Email” The report reveals the significant impact that rapidly growing email security threats, in size and volume, are having on businesses worldwide and underscores the need for a multi-layered approach to Internet security. “The battle against spam is an on-going struggle for many organizations with spammers continuing to present a serious and costly threat to most businesses. In 2008, we estimate there will be over 42,000 spam emails for every single business email account, or about 116 per day. And, because spammers are working at beating conventional filters with images and attachments, the size of spam has grown 60 percent since 2004,” said Webroot’s Chief Operations Officer. “The size and volume of these spam attacks is largely due to the partial success of current filtering defenses that now make spamming success a numbers game. It’s clear why first-generation defenses such as appliances and server-based software are struggling to keep up.” Along with the rapid growth in spam, there is a similarly rapid growth in malware. Industry research shows that malware jumped from about 50,000 variants in 2004 to 5.5 million in 2007. Source:

27. April 2, ars technica– (International) Report: boot sector viruses and rootkits posed for comeback. Security firm Panda Labs has released its malware report for the first quarter 2008. The report covers a number of topics and makes predictions about the types of attacks we may see in the future. Forecasting these trends is always tricky – no one expected the Storm Worm to explode when it did – but Panda’s prediction that we may see a rise in boot sector viruses is rather surprising. Thus far, adware, trojans, and miscellaneous “other” malware including dialers, viruses, and hacking tools have captured the lion’s share of the “market” as it were. These three categories account for 80.55 percent of the malware Panda Labs detected over the first quarter. Password-stealing trojans are still a growing market, and the report cautions users, as always, to be careful of their banking records. The monetization of the malware market, the prevalence of JavaScript/IFrame attack vectors, and the growing number of prepackaged virus-building kits are all issues that the report raises. Also, social engineering-based attacks are both dangerous and effective, and social networks, particularly those based around Web 2.0, are often tempting attack targets. Source:

28. April 1, Computerworld – (National) New exploit targets corporate CA users. An exploit specifically targeting corporate Computer Associates users has been created some three weeks after a critical vulnerability was identified. The attack uses an ActiveX Control buffer overflow vulnerability present in 21 CA products, including BrightStor ARCServe Backup for Laptops and Desktops, Unicentre Remote Control, Software Delivery, Asset Management, Desktop Management Bundle, and Desktop Management Suite. The exploit was rated as critical by the French Security Incident Response Team (FSIRT), which discovered the vulnerability, and allows hackers to launch local and remote attacks such as a denial-of-service (DoS) or a hijack of the affected system. Thompson Cyber Security Labs’ director said attacks will become widespread because of the popularity of the exploit’s NeoSploit toolkit delivery system. “The vulnerability is likely to be quite widespread, simply because of CA’s size and spread within the corporate market,” he said in his blog. “Corporate clients should probably be pretty nervous, because their firewall is unlikely to protect them against this.” Source:

29. April 1, IDG News Service – (International) Cybercrime treaty gains more interest, momentum. The number of countries that will have ratified the only international treaty addressing cybercrime is expected to nearly double this year, a sign that momentum is building behind efforts to police the Internet. The Council of Europe’s Convention on Cybercrime, which sets guidelines for laws and procedures for dealing with Internet crime, was adopted in 2001. Countries can sign the treaty, which indicates their willingness to comply, and then can ratify it after their laws have been modified. So far, 22 countries have ratified the treaty, a lower number than expected since the treaty was introduced seven years ago, said the head of the economic crime division for the Council of Europe, on Tuesday. However, the Council hopes around 40 countries will ratify it by February 2009. The slow pace comes from the legal and legislative complexities that come with modifying laws in order to comply with the treaty, he said. The Council often works with countries to ensure their compliance. Countries outside the 47-member Council, which represents European countries, may apply for accession, the first step in implementing the treaty. The U.S., for example, has ratified the treaty, and more countries outside Europe are indicating their interest in joining, he said. The Convention is aimed at providing for swifter prosecutions of cybercrime as well as better cooperation between law enforcement agencies, as investigations often cross borders. For example, it requires countries to have a law enforcement contact available at all hours to assist in a digital investigation. Source:

30. April 1, IDG News Service – (International) Internet has a trash problem, researcher says. Between one and three percent of all traffic on the Internet is meaningless packets of information, used in distributed denial of service attacks (DDOS) to knock Web sites offline. Those are the findings of Arbor Networks, a network traffic analysis company that recently looked at traffic flowing among more than 68 Internet service providers to see how much of it was malicious. The thing that’s surprising is it’s consistently 1 to 3 percent,” said Arbor’s chief research officer. To purchase the bandwidth that Arbor tracked in these DDOS attacks, a legitimate user would have to pay hundreds of thousands of dollars per month, he said. That is not a problem for criminals, however, who use the network connections of their victims to attack others. DDOS attacks try to overwhelm the victim’s servers with routine Internet messages. Attackers try to send so many packets that the victim’s computers are unable to do their regular jobs. They have become a common occurrence in recent years and have spawned a cottage industry of companies that try to mitigate their effects. Studying the data from about 1,300 routers over 18 months, Arbor found that the tidal waves of SYN (synchronization) or ICMP (Internet Control Message Protocol) packets used in DDOS attacks rarely dropped below one percent of all traffic and could easily rise to six percent during peak periods. Source:

Communications Sector

31. April 2, eWeek – (International) Research exposes vendor-specific VOIP vulnerabilities. VOIPshield Systems on April 2 will seek to set itself apart among voice-over-IP security providers when it launches what officials claim is the first database of vulnerabilities specific to the IP PBXes of market leaders Cisco Systems, Avaya and Nortel Networks. “This is the first time a research lab will spell out what some of these vulnerabilities are,” said the company’s CEO. “We will announce them under the terms of our responsible disclosure policy. We first talked to the vendors and disclosed these, and we work with them and give any help they would like.” “What’s different about VOIPshield is their focus on [IP] telephony systems most commonly deployed at large enterprises in North America,” said the research director of security and risk management at market research company Gartner. “Much of the focus with VOIP security to date is on [SIP (Session Initiation Protocols)], but when people roll out IP telephony today they are using proprietary signaling protocols that come with these PBXes,” he said. VOIPshield through the two-year course of its research on the leading IP PBX systems found 144 different vulnerabilities across all three vendors’ products, the company said. The 144 vulnerabilities are in four different categories of exploits, including denial of service, unauthorized access, information harvesting, and code execution. Source:

32. March 31, Telecoms – (National) Mobile fraud: Phone loving criminals. Internet security firms, such as McAfee, Sophos and F-Secure, are making a lot of noise about the potential damage that malignant viruses, Tojans or other internet-style spam and scams will cause as they infiltrate the mobile handset population. Consumers can appreciate the potential for personal loss as they are well aware of the same issues in the desktop environment. Meanwhile, the network and roaming vendors’ primary concern is centered on various types of subscription and revenue share roaming fraud. Their public profile is a lot lower than the first set of vendors, since the subject area is of negligible concern to most consumers. Yet the costs for operators of these low-key frauds dwarf the costs incurred due to malware attacks. A global marketing manager at McAfee Mobile Security said: “A major share of fraud within a carrier is not caused by malicious content, like viruses and spyware, but by criminal activity such as roaming fraud and SIM card cloning. The biggest mobile security risks are also different carrier versus consumer.” McAfee presented the results of its annual Mobile Security Report at this year’s Mobile World Congress in Barcelona. The report, carried out in conjunction with analyst house Datamonitor, states that 86 per cent of the 2,000 mobile consumers it surveyed across the UK, US and Japan are worried about security risks posed to their mobile handset, with 79 per cent knowingly using unprotected devices. Consumers feel threatened, it seems, but not enough to do anything about it. The onus of responsibility, according to McAfee, falls with the operators. There is a chance that, if and when we move towards a fat pipe future with network agnostic devices, attitudes towards handset protection will change. For the foreseeable future though, operators must take the lead. Source: