Wednesday, May 7, 2008

Daily Report

• The Wall Street journal reports that, according to a recent agency assessment, the Federal Aviation Administration has failed to perform more than 100 recommended safety reviews at major airlines in recent years. (See item 15)

• According to the Los Angeles Times, a recent examination by the House Committee on Oversight and Government Reform has found that, in the event of a major terrorist attack, hospitals in seven major U.S. cities would be poorly equipped or unable to treat the number of patients such an event would create. (See item 26)

Information Technology

35. May 6, Business Wire – (National) Crimeware double threat menaces internet. The public private anti-phishing coalition, APWG, announced today that its January survey shows a new record high in the number of unique keylogger crimeware variants detected – while the number crimeware-spreading URLs rose to nearly its old record attained in November of last year. The number of unique keylogger variants detected in January reached a new high of 364, an increase of 1.4 percent from the previous high in October, 2007. The number of websites found to be hosting keylogging crimeware systems rose by over 1,100 from December, reaching 3,362, the second highest number recorded in the preceding 12 months. Websense Security Labs believes much of the increase in crimeware-spreading URLs is due to attackers’ increasing ability to co-opt sites. Websense’s Vice President of Security Research said, “The attackers appear to be getting better at infecting good sites through automation and tools.” Some highlights from the APWG January Phishing Trends Report include: the total number of unique phishing reports submitted to APWG in January 2008 was 29,284, an increase of over 3,600 reports from the previous month; the number of brands targeted by phishers in January reported decreased by more than 10 brands to 131; the number of unique phishing websites detected by APWG was 20,305 in January 2008, a decrease of over 5,000 from the month of December 2007. The full text of the report is available at:

36. May 6, IDG News Service – (National) Yahoo uses McAfee SiteAdvisor to filter evil Web sites. Starting Tuesday, there will be a few less Web sites popping up in Yahoo searches. That is because Yahoo plans to start filtering out malicious Web sites using McAfee’s SiteAdvisor software, which warns Web surfers if they are about to visit a Web site that has been linked to spam, phishing, or malicious software. SiteAdvisor can be downloaded as a plug-in to Firefox or Internet explorer, but Yahoo has been working since late last year to integrate McAfee’s Web site rating technology into their search engine servers, according to a Yahoo director of product management. Web sites associated with malware will be dropped from search results altogether and Yahoo searchers will now see red warning labels warning them of sites that SiteAdvisor has linked with things like dangerous downloads or unsolicited e-mail. Yahoo calls its version of the service SearchScan, and plans to turn it on by default for all users in the U.S., U.K., Germany, France, Italy, Spain, Canada, Australia and New Zealand. The company will eventually roll SearchScan out in all of the countries it serves, with Asian and Latin American launches coming next, the Yahoo developer said. He estimated that the dropped Web sites were getting as many as one million clicks from Yahoo searchers per day, adding: “A lot of users were getting exposed to this without any knowledge.”

37. May 5, Wired Blogs – (National) Pentagon wants cyberwar range to ‘replicate human behavior and frailties’. The Pentagon’s researchers do not just want to build an Internet simulator, to test out cyberwar tactics. They want the range’s operators to “realistically replicate human behavior and frailties,” too. Congress has ordered the Defense Advanced Research Projects Agency (Darpa) to put together a National Cyber Range, as part of a massive $30 billion, government-wide effort better prep for battle online. The project is now considered a top priority for the Agency. To make sure the facility is as true-to-life as possible, Darpa wants the contractors running the Range to be able to “replicate realistic human behavior on nodes,” a request for proposals, released today, reveals. Several examples of the specifics the Agency wants to have from its contractors include: provide robust technologies to emulate human behavior on all nodes of the range for testing all aspects of range behavior; replicants will produce realistic chain of events between many users without explicit scripting behavior; replicants must be capable of implementing multiple user roles similar to roles found on operational networks; replicants will interact with authenticate systems, including but not limited to DoD authentication systems (common access cards – CAC), identity tokens. These mock people have to be able to “demonstrate human-level behavior on 80 percent of all events,” the Agency adds. And mimicking humans is only one of a wide array of tasks Darpa wants to see operators of the National Cyber Range pull off. The facility should also feature a “realistic, sophisticated, nation-state quality offensive and defensive opposition forces” that can fight military info-warriors in mock combat. Source:

Communications Sector

Nothing to Report.