Tuesday, July 29, 2008

Complete DHS Daily Report for July 29, 2008

Daily Report

• The Associated Press reports that excessive flooding in the Midwest destroyed tons of valuable topsoil throughout the region. Environmental groups say there are risks to opening up conservation program land to planting. (See item 12)

• According to the Associated Press, a road along Dillon Reservoir that Denver Water utility officials closed over security concerns, opened Friday to two-axle passenger and emergency vehicles, but will be closed from 10 p.m. to 6 a.m. (See item 30)

Banking and Finance Sector

6. July 27, Scotsman – (International) Banks warned of computer ‘super bug’ that can change identity. United Kingdom banks and other financial institutions are being warned to be extra vigilant following the release on the internet of a new so-called “PC super bug” designed to steal online banking log-on details on an unprecedented scale. Cyber criminals have let loose a virus called Limbo 2 Trojan, which, according to security experts, is an extremely nasty bug developed specifically to worm its way into finance websites in order to cause maximum damage. Security firm Prevx said the difference this time is that the new bug has been developed specifically to evade the vast majority of anti-virus computer systems. Such systems are devised by global IT security firms including McAfee, Symantec, and AVG. Finance houses all over the world rely on them to provide adequate protection. It is estimated that a single data breach can cost a big firm more than £3m to rectify. Prevx reported that the Trojan bug features a changeable shell with a pliable cloak coming in many guises and variants to try to fool security systems and slip past conventional signature-based anti-virus detection. This involves illegal technology that generates fake information boxes on a compromised computer, asking the user to enter more information than usual. While this is happening, passwords, credit card information and other personal details are transmitted to the malware’s criminal operator to then exploit financially. Source: http://business.scotsman.com/bankinginsurance/Banks-warned-of-computer-39super.4328710.jp

7. July 25, New York Times – (National) New York sues UBS for securities fraud. The attorney general of New York accused UBS of consumer and securities fraud on Thursday, saying the bank had misled investors when it sold them auction-rate securities. Auction-rate securities are preferred shares or debt instruments with rates that reset regularly, usually every week, in auctions overseen by the brokerage firms that originally sold them. But the $300 billion market for these instruments collapsed in February, trapping investors who had been told that they were safe and easy to cash in. Even as a senior executive at UBS called the market “a complete loser,” the bank continued to pitch the securities as short-term, liquid investments, according to the civil complaint filed by the attorney general of New York. At the same time, seven executives at the bank sold their personal holdings of the securities, which totaled $21 million, to avoid losses, according to the complaint. UBS halted the auctions of these securities on February 13, leaving more than 50,000 UBS customers holding about $37 billion in the investments, according to the complaint. These investors, including city governments, companies, individual investors, remain unable to sell them in many cases. Source: http://www.nytimes.com/2008/07/25/business/25rate.html?_r=1&em=1217131200&en=dc443400c043b5bb&ei=5087%0A&oref=slogin

Information Technology

20. July 28, BBC – (International) China becomes biggest net nation. China now has the world’s largest net-using population, say official figures. More than 253 million people in the country are now online, according to statistics from the China Internet Network Information Center (CNNIC). The figure is higher than the 223 million that the U.S. mustered in June, according to Nielsen Online. Net penetration in the U.S. stands at 71 percent compared to 19 percent in China, suggesting it will eventually vastly outstrip the U.S. The development is significant because the U.S. has had the largest net-using population since people started recording how many people were online. The 2008 figure is up 56 percent in a year, said CNNIC. Analysts expect the total to grow by about 18 percent per annum and hit 490 million by 2012. About 95 percent of those going online connect via high-speed links. Take up of broadband has been boosted by deals offered by China’s fixed line phone firms as they fight to win customers away from mobile operators. China’s mobile phone-using population stands at about 500 million people. Source: http://news.bbc.co.uk/2/hi/technology/7528396.stm

21. July 27, PC Magazine – (International) Beware fake malware cleaner programs. Chinese hackers are sending out malware masquerading as the Trend Micro Virus Clean Tool, according to Trend. The example in the linked Trend blog is in Chinese, so perhaps the threat is only real in China and Taiwan. But the example is instructive. The threat arrives as an e-mail which looks like it came from Trend Micro and the malware comes as an attachment to it. The use of an attachment is by itself unusual, as malware distribution has largely moved to using links to hijacked web sites where the malware is hosted. The Trend blog says the attachment is named iClean20.EXE, but the screen shot of the e-mail shows it as a .RAR file which probably itself contains iClean20.EXE. iClean20.EXE drops two files, one of which is the genuine Trend Virus Clean Tool, and the other the malware, detected by Trend as BKDR_POISON.GO. By pointing the user to the actually cleaning tool they may distract them from the malware. BKDR_POISON.GO opens a random port and allows a remote user to execute commands on the affected system. Source: http://blogs.pcmag.com/securitywatch/2008/07/beware_fake_malware_cleaner_pr.php

Communications Sector

22. July 28, Computerworld – (California) City missed steps to avoid network lockout. A San Francisco city official lost administrative control of the network’s routers and switches for more than a week after an IT worker allegedly reset passwords and refused to reveal them prior to and after his arrest on July 13. A network administrator in the city’s Department of Telecommunications and Information Services (DTIS) was charged with locking up the network and with planting network devices that enabled illegal remote access to the network. The FiberWAN system carries almost 60 percent of the city government’s traffic. Users and analysts interviewed last week said that the city could have avoided the recent turmoil by implementing stronger configuration management techniques along with processes that could quickly detect when someone was attempting to bypass network controls. A senior network engineer at DataWare Services suggested that anytime it takes more than 48 hours to restore access to a locked-down network that indicates that “basic network administration standards” are not in place. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=network_security&articleId=322799&taxonomyId=142&intsrc=kc_top