Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 9, 2008

Daily Report

• The U.S. Department of Homeland Security has preliminarily labeled more than 200 chemical facilities, including university laboratories, at highest risk for a potential terrorist attack. (See item 4)

• Gardasil, the cervical cancer vaccine from Merck & Co., has been linked to the paralysis of a 13-year old girl, as well as two other teenage girls. Gardasil was approved by the U.S. Food and Drug Administration in June 2006. (See item 24)

Banking and Finance Sector

9. July 8, Philadelphia Inquirer – (Pennsylvania) Identity thieves skim credit info at gas pumps. A new practice uses small devices that swipe credit information as people swipe debit or credit cards. Such devices, called skimmers, were apparently furtively installed as early as late April on some Wawa gas pumps in Bucks, Montgomery, Delaware, and Chester Counties, as well as New Castle County, Delaware, according to the Pennsylvania State Police. The stolen debit card information was then used to withdraw money directly from bank accounts. Tens of thousands of dollars were taken from several dozen accounts, according to a trooper of the Media Criminal Investigation Unit. The withdrawals were made at automated teller machines at convenience stores and Atlantic City casinos. The devices were actually installed inside the pumps, making them difficult to detect, the trooper said. Authorities are looking for two men photographed by surveillance cameras. Source:

10. July 7, KNDO/KNDU 23/25 Kennewick – (Washington) Watch out for ATM thefts. Scam artists are finding ways to keep your ATM card and get your pin number. In a video sent to KNDU by a viewer, a thief is putting a trap inside the ATM machine. When the victim tries to get money out, his card gets stuck. Then the suspect comes back and pretends to help the victim, telling him to put in his pin number. The suspect then walks away with a stolen card and someone else’s money. The trap is a plastic device put inside the machine. This video also has a tip for ATM users. If your card ever gets stuck, check the card slot for any tampering and if you find anything unusual report it to your bank. Source:

Information Technology

31. July 8, – (International) Phishing and link spam spreading on MSN. An avalanche of phishing is now roaring through Microsoft’s MSN network, luring recipients to a page that asks for their MSN login data. Those who respond will find themselves on a page displaying a few photographs, which are linked to search queries. Evidently a background script checks whether these access data are useful by logging in to MSN as the user. Shortly thereafter, all the account holder’s friends are sent messages containing URLs that take them to similar pages. Although most people never bother, reading the small print of the “Terms of Use” or “Privacy Policy” gives the game away. It’s stated there, quite openly, that the access data will be used in order to show friends “new, entertaining pages”. It claims not to be a phishing site because, after all, the use made of the data is precisely as described. Source:

32. July 7, SearchSecurity – (International) Microsoft warns of attacks against Microsoft Access zero-day flaw. Microsoft issued an advisory Monday warning customers of active, targeted attacks using a zero-day flaw in the Snapshot Viewer ActiveX control for Microsoft Access. The Snapshot Viewer is used to view database report snapshots that are created with any version of Microsoft Access. The flaw could allow an attacker to gain user rights on a system, Microsoft said. The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007, according to Microsoft. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003. Microsoft said websites, such as blogs which accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have to lure users through an email or instant message to visit a malicious website to pull off a successful attack. Danish vulnerability clearinghouse Secunia rated the flaw “extremely critical” in its 30883 advisory, because the vulnerability is currently being actively exploited in the wild. Source:,289142,sid14_gci1320323,00.html

33. July 7, CXOToday – (International) Trojans most circulated malware in Q2’08: Report. More than 63 percent of new malicious codes that appeared during the second quarter of 2008 were Trojans, followed by Adware at 22.40 percent, according to the latest quarterly report from PandaLabs. The report said that the Bagle.RP worm (a relatively low-threat level Trojan that spreads and affects other computers) infected most computers, followed by the Puce.E and Bagle.SP worms. Puce.E spreads through P2P programs. Bagle.SP mainly spreads via emails. According to PandaLab’s malware encyclopedia, Bagle.SP generates a large amount of network activity in the local network, consuming critical bandwidth. Trojans were also responsible for most infections in the second quarter of 2008, accounting for 28.7 percent of the total. Adware, which held first place in the first quarter of the year, was the cause of 22.03 percent of infections, and worms were the culprits in 13.52 percent of cases. According to Panda, the present scenario makes it difficult for cyber criminals to infect a large number of computers without attracting attention. Hackers therefore, create different Trojans and target users of a specific service or utility, etc. Source:

Communications Sector

34. July 7, Guardian Unlimited – (International) China hails satellite killer – and stuns its rivals in space. China has given notice of its increasing power in space – and provoked widespread international concern – with a successful test of an anti-satellite weapon that could be used to knock out enemy surveillance and communications craft. In the first such test since the cold war era, the White House confirmed that China had used a medium-range ballistic missile, launched from the ground, to destroy an aging weather satellite more than 500 miles into space. “We are aware of it and we are concerned, and we made it known,” the White House spokesman, Tony Snow, told reporters. The January 11th test was the first of its kind since 1985 when Washington halted such exercises because of fears of damaging military and civilian satellites with large clouds of debris. The test was especially troubling because it exposed the vulnerability of America’s dependence on low-orbiting satellites, which are used for military communications, smart bombs, and surveillance. In theory, last week’s exercise could give Beijing the capability to knock out such satellites - a realization that underlay the protests from Washington. Australia and Canada also voiced concerns; Britain, South Korea, and Japan were expected to follow. “The U.S. believes China’s development and testing of such weapons is inconsistent with the spirit of cooperation that both countries aspire to in the civil space area,” a White House spokesman, said. “We and other countries have expressed our concern regarding this action to the Chinese.” Source: