Department of Homeland Security Daily Open Source Infrastructure ReportDepartment of Homeland Security Daily Open Source Infrastructure Report

Friday, July 11, 2008

Daily Report

• Scientists at The Scripps Research Institute say that they have uncovered the shape of the Ebola virus spike protein. The researchers say that their study revealed the Ebola virus spike protein bound to an immune system antibody acts to neutralize the virus. (See item 23)

• Chinese authorities say 82 suspected terrorists have been arrested this year for plotting to sabotage the Olympic Games in Beijing. International security experts have questioned the level of the threat that China says it faces. (See item 36)

Banking and Finance Sector

9. July 10, KNXV 15 Phoenix – (Arizona) Thieves target Valley bank accounts. Thieves are stealing money from Valley bank accounts by stealing account numbers and personal identification numbers. Scottsdale police say they are seeing an increasing trend in the Valley. Criminals are becoming more sophisticated. They are using technology and software to “skim” account and PIN numbers. Scottsdale police said criminals are manufacturing their own credit cards, debit cards, and gift cards to use. Some criminals are selling account information online for a profit. In Tempe, police said a woman used software to find open credit card accounts and recreate actual credit cards. Bank of America, Wal-Mart, and CVS credit card customers could be affected by the crime, according to Tempe police. Also, ATM customers should pay close attention to the way the ATM machine is functioning. If it asks for your PIN number more than once or seems to function strangely report it to the bank. It could have a skimming device on it. Source:

10. July 9, Business First of Columbus – (Ohio) Father, son guilty in credit card fraud scheme. A Pickerington father and son who pitched a credit card debt-elimination scheme pleaded guilty Wednesday to federal charges of defrauding consumers. The two men pleaded guilty in U.S. District Court in Columbus to defrauding customers out of hundreds of thousands of dollars. Their plea comes after a grand jury indicted the two in 2007 following an investigation by the Internal Revenue Service, Postal Service, and U.S. Attorney’s office. The men worked through Liberty Resources, which marketed debt-elimination services over the Internet. Liberty charged a fee to help consumers get out from under credit card debt, and they received documents from the business claiming that the debt had been eliminated by the program, the U.S. Attorney’s office said. But when customers stopped paying on their credit cards, thinking their debt was cleared, card issuers sued them for payment. Many filed for bankruptcy, the government said. Source:

Information Technology

30. July 10, Ars Technica – (National) Zombie botnets continue to defy containment attempts. The anti-malware manufacturer Commtouch released its quarterly update on the state of spam in Q2 of 2008 earlier this week. The report (PDF) runs some 15 pages, but the company’s overall message is considerably more succinct. In the war between the forces of good anti-malware and evil malware, we are not making much headway. The irony, according to Commtouch, is that anti-malware companies spend far more time investigating, tracking, and categorizing malware than the malware authors ever spend designing their end-runs around existing antivirus software. Relative rankings can and do fluctuate—the United States’ share of global zombie IP addresses continues to fall, down to 4.2 percent in Q2, compared to five percent in Q1. But the overall flood of malware surging across the Internet remains relatively unchanged. Source:

31. July 10, Market Watch – (National) US military actions used as decoy to spread malware. BitDefender researchers have identified a new wave of spam messages that announce an alleged attack of the U.S. Army against Iran in order to trick users into downloading and installing malicious software onto their personal computers. The webpage hosting the piece of malware – – is a simple, yet efficiently designed site with a top banner, a simple picture masquerading as a YouTube player and three lines of text detailing the U.S. operation in Iran. This spam approach is used on large scale as the spammer relies on a catchy heading and a link to the piece of malware in order to fuel users’ curiosity and trick them into downloading the piece of malware. “The new spam wave relies on computer users’ curiosity regarding the conflict between the United States and Iran. Users are redirected to a fake news website, where they are shown a larger, inciting description accompanied by a movie player,” said a BitDefender Spam analyst. “However, the alleged flash movie is an image depicting a movie player; when clicked, the image gives users a ‘Save image as’ option.” Upon clicking on either the “movie” or the top banner, the user starts the download process of a binary piece of malware, called “iran_occupation.exe.” The file contains the same malicious code infecting the user with the Storm Worm. The authors have used timing as their advantage, as the recent tensions in the Middle East between the U.S. and Iran have been escalating. On the social side, the spam wave is targeting the increasingly worried U.S. citizens looking for fresh news on Iran threatening to burn Tel Aviv down in response to possible U.S. attacks on its nuclear facilities. Source:

32. July 9, ComputerWorld – (National) File-sharing breach at investment firm highlights dangers of P2P networks -- again. Wagner Resource Corp., an Alexandria, Virginia-based investment firm last week had to notify about 2,000 of its clients that their names, Social Security numbers, and birth dates had potentially been exposed on the LimeWire P2P network, according to a story published Wednesday by The Washington Post. Among the individuals whose personal data was exposed in the Wagner compromise was a Supreme Court justice, according to the Post. Wagner did not immediately respond to a request for comment about the incident. But the Post reported that the compromise resulted from the use of LimeWire’s file-sharing software by a Wagner employee. The employee apparently downloaded the software to his company-issued PC last year, so he could share music and other media files with fellow LimeWire users. But the software ended up exposing all of the contents on the employee’s computer to other users of the P2P network. Source:

33. July 9, ComputerWorld – (National) File Microsoft patch knocks some ZoneAlarm users offline. Users of the popular ZoneAlarm firewall have reported dead Internet connections after installing one of the security updates issued by Microsoft Corp. yesterday, according to online message forums. Early today, ZoneAlarm told its users to uninstall the Microsoft patch – which fixed a widespread problem with the Web’s addressing system – or make more technical changes to their PCs in order to regain a connection. The trouble was traced to ZoneAlarm hooking into the Windows XP kernel in order to filter out potentially malicious traffic, a company engineer said. “We filter network traffic at the kernel, where malware can’t avoid us,” said a ZoneAlarm team lead. “If you filter traffic in user mode, malware can see what we’re doing.” Kernel hooking – intercepting Windows’ system calls and modifying the kernel dispatch table – is a common practice by security vendors, which defend it on the grounds that it lets them provide stronger protection against malware, including rootkits. The practice is undocumented in Windows XP, although Microsoft has traditionally looked the other way. In Windows Vista, however, it documented application programming interface calls in the Windows Filtering Platform, or WFP, that let third-party security companies directly access data traffic. Source:

Communications Sector

34. July 10, Wall Street Journal – (National) Comcast vows to smooth access for Vonage users. Amid growing regulatory scrutiny, Comcast Corp. said Wednesday it would collaborate with Vonage Corp. to ensure the Internet phone company’s service runs more smoothly over Comcast’s broadband network. Critics long have speculated that Comcast – which offers an Internet phone service that competes with Vonage – may purposely be degrading the quality of Vonage’s service. Comcast has denied the charge and said that any glitches suffered by Vonage customers using Comcast’s broadband network were due to congestion at peak times. Wednesday’s announcement comes as regulators and lawmakers are looking into whether Internet service providers like Comcast use control of their broadband networks to undercut rivals. Under the new arrangement, Vonage and Comcast will have a direct line of communications between their network operations centers to resolve customer issues, the companies said. Vonage will also participate in testing the impact of Comcast’s network management techniques on its service. Comcast says the arrangement will allow it to better balance the management of its network at peak times. Source:

35. July 9, Red Orbit – (National) JDSU launches fiber optic test kits. JDSU, a provider of communications test and measurement solutions, has announced the release of all-in-one fiber optic test kits, providing network technicians with a simple way to avoid one of the leading causes of network downtime: contaminated, or dirty, fiber. JDSU said that its inspection, cleaning, and test kits are designed specifically to meet the needs of modern fiber applications and environments including FTTx, LAN/WAN, and data centers found in both cable and telecommunications networks. The kits include JDSU video fiber microscopes, optical cleaning tools, PocketClass or Smart optical light sources and optical power meters, and a visual fault locator. The general manager in the JDSU communications test and measurement business segment said, “Inspecting with a kit that contains all the necessary tools before you connect enables technicians to conveniently inspect both sides of an optical connection, clean it if necessary, and conduct the required optical testing to ensure the integrity of the network.” Source: