Friday, January 16, 2009

Complete DHS Daily Report for January 16, 2009

Daily Report


 According to the Associated Press, a US Airways plane crashed into the Hudson River on Thursday afternoon after striking a bird that disabled two engines. (See item 12)

12. January 15, Associated Press – (New York) Plane crashes in NYC river after bird cuts engines. A US Airways plane crashed into the Hudson River on Thursday afternoon after striking a bird that disabled two engines, sending passengers fleeing for safety in the frigid waters, a government official says. A Federal Aviation Administration spokeswoman says US Airways Flight 1549 had just taken off from LaGuardia Airport enroute to Charlotte, North Carolina, when the crash occurred in the river near 48th Street in midtown Manhattan. She says the plane, an Airbus 320, appears to have hit one or more birds. The plane was submerged in the icy waters up to the windows. Rescue crews had opened the door and were pulling passengers in yellow life vests from the plane. Several boats surrounded the plane, which appeared to be slowly sinking. Government officials do not believe the crash is related to terrorism. “There is no information at this time to indicate that this is a security-related incident,” a Homeland Security spokeswoman said. “We continue to closely monitor the situation which at present is focused on search and rescue.” New York City firefighters and the U.S. Coast Guard are responding to the crash. It was not immediately clear if there were injuries. Source:

 KXAS 5 Dallas-Fort Worth reports that police in Rowlett, Texas say a student arrested on suspicion of bringing a bomb to school intended to detonate the device inside the Rowlett High School cafeteria. (See item 35)

35. January 15, KXAS 5 Dallas-Fort Worth – (Texas) Rowlett police: Student planned to bomb cafeteria. Police say a student arrested on suspicion of bringing a bomb to school intended to detonate the device inside the Rowlett High School cafeteria. The 17-year-old student was arrested Monday. Investigators said Rowlett high school students notified police that the student told them he was planning to bring a bomb to school. Officers searched the suspect’s car in the school’s parking lot and discovered what police described as a crude, homemade explosive device large enough to injure a group of people. A police bomb squad removed the device from the vehicle and detonated it at a safe location. He praised the students who notified school administrators and police of the device. Police said the arrested student had no prior run-ins with the law. Rowlett High students said they are still trying to understand his motives. Garland Independent School District officials notified parents Tuesday night by letter about the incident and tried to dispel rumors. “It was handled immediately,” a district spokesman said. “Students came forward, it was handled immediately, police did their job.” Rowlett police said the accused could face federal charges after the Bureau of Alcohol, Tobacco, Firearms and Explosives examines the device and investigates the teenager’s motives. Source:


Banking and Finance Sector

9. January 15, Tennessean – (Tennessee) Phishing scam affects two local banks. An e-mail scam floating through Middle Tennessee is causing confusion among customers of two community banks that use the F&M Bank acronym. While F&M Bank in Clarksville appears to have been targeted by the scam, First Farmers & Merchants Bank in Columbia, which also uses the F&M Bank acronym, is fielding questions concerning the e-mails. “We are concerned that the e-mails may cause consumers to reveal personal information that could lead to money being taken from their accounts,” said the chief operating officer at First Farmers & Merchants Bank, Columbia. Consumers recently began reporting receiving e-mails informing customers of “F&M Bank” that their account had been suspended or limited and directing them to a Web site to update the account. Once there, recipients were to follow instructions to update their personal records with information that would fall into the hands of the scam artists. Source:

10. January 14, Computerworld – (National) Wall Street crisis brings lax e-discovery law enforcement to light. The financial crisis on Wall Street has prompted numerous investigations into the lending practices of financial services firms, all with a similar focus: Who knew what, and when did they know it? Strong electronic records retention plans could help users quickly answer such questions. However, industry observers note, few of the records-retention regulations enacted over the past decade have been strongly enforced, and most companies have done little to comply with them. Analysts warn that the fallout from the Wall Street meltdown will lead quickly to stronger enforcement of existing laws, including the Sarbanes-Oxley Act, the Electronic Signatures in Global and National Commerce Act, the U.S. Security and Exchange Commission’s Rule 17A-4, and the Gramm-Leach-Bliley Act, and perhaps some new ones targeting the financial services industry. As of January 14, only 10 percent to 15 percent of U.S. corporations have electronic records retention systems in place, according to Gartner Inc., a consulting firm “In terms of a good electronic records systems, I would say it is closer to zero,” said Gartner analyst. Source:

11. January 14, Washington Post – (National) Bank of America to get billions more from Treasury. The Treasury Department plans to invest billions of dollars in Bank of America to help the company absorb troubled investment bank Merrill Lynch, according to two people familiar with the matter. The new investment, which is expected to be announced next week, is in addition to $25 billion the government already has invested in Bank of America, including $10 billion specifically in connection with the Merrill Lynch deal. Losses at Merrill Lynch have outpaced expectations since the deal was announced in September 2008. Bank of America had enough capital to support its own operations, but not enough to absorb Merrill Lynch’s losses, the sources said. The banks closed the deal on January 1 after Treasury committed to making the new investment. Source:

Information Technology

31. January 14, Security Focus – (International) Downadup worm infects more than 3.5 million. The Downadup worm, a malicious program that spreads using a recently patched Windows flaw, has compromised more than 3.5 million computers, security firm F-Secure stated this week. The Downadup worm has successfully spread because it uses a major flaw that Microsoft patched in October to remotely compromise computers running unpatched versions of the Windows operating system. However, the malicious program’s greatest strength appears to be a feature that allows worm-controlled computers to download malicious code from a random drop point. The program generates addresses for 250 different domains each day. The botnet controller need only register one of the domains and set up a download server to update the bot program with different functionality, said the chief research officer at F-Secure. The worm uses a vulnerability in Windows’ processing of remote procedure call (RPC) requests by the Windows Server service. When it issued an emergency patch for the flaw in October, Microsoft warned that the vulnerability could be used to automatically spread malicious code to systems running Windows XP and earlier versions of the company’s operating system. Symantec, the owner of SecurityFocus, has also recorded large numbers of infections by Downadup. The company recorded more than 600,000 systems infected with the program in a 72-hour span. Almost all of the system were running Windows XP. Source:

32. January 14, – (International) Windows 7 Beta gets first patch, fixes MP3 corruption. An MP3 corruption snag in Microsoft’s Windows 7, which has been downloaded a number of times last week, has now been addressed through an Automatic Update. Though the patch, tagged as “KB961367”, was released soon after the beta launch of the software, it necessitated a manual Windows Update for it. The corruption flaw occurs every time when metadata is edited in an MP3 file, triggering to permanent loss of several seconds at the beginning of an MP3 track; however, the deletion is more prominent when the header size exceeds 16KB. Incidentally, in the newly launched Windows 7 beta, metadata editing of MP3 files are performed by Media Foundation interfaces, and hence the snag can occur when MP3 files with large-sized headers are played in Windows Media Center or Windows media Player applications. In addition, Microsoft also addresses some of the other issues with this patch, including improper functioning protected tuning sources, inadequate working of MHEG (iTV) in Europe, and problems in performing recording operations by Windows Media Center, among others. Furthermore, the patch also addresses recording issues for the systems that have been upgraded from Windows Vista, and problems in Windows Vista DVR-MS recordings that do not play back in Windows Media Center or Windows Media Player. Source:

33. January 14, DarkReading – (International) Storm botnet makes a comeback. It is official: Storm is back. The notorious botnet that ballooned into one of the biggest botnets ever and then basically disappeared for months last year is rebuilding — with all-new malware and a more sustainable architecture less likely to be infiltrated and shut down. Researchers during the past weeks have been speculating about similarities between the new Waledac, a.k.a. Waled, botnet and Storm. Now new evidence has helped confirm that this new botnet is, indeed, Storm reincarnated. Storm all but disappeared off of the grid last year, basically going dormant in mid-September after its last major spam campaign in July — a “World War III” scam. In October, researchers started to write off Storm, at least in the short term. But now they say the big botnet has reinvented itself with new binary bot code, and that it is no longer using noisy peer-to-peer communications among its bots. It has instead moved to HTTP communications, which helps camouflage its activity among other Web traffic. The manager of security research for Arbor Networks says he was initially skeptical of speculation that Waledac and Storm were one in the same. But the latest findings on the malcode and its activity, the botnet is using many of the same IP addresses that were used in Storm, changed his mind. “[The Waledac bots] are talking to the same servers we saw in Storm,” he says. So far Storm’s M.O. is the same: to send traditional spam, typically in the form of e-greetings, such as the Christmas Eve spam run of e-cards that had the earmark of Storm. But the biggest difference is it is no longer as easily detectable now that it has converted to HTTP communications. “P2P was part of the reason for Storm’s demise. It was easy to filter it,” the manager says. “With HTTP, it is a little harder [to filter] because you have got to know what you are looking for.” Source:;jsessionid=HJKWFJ20C1JMCQSNDLRSKH0CJUNN2JVN?articleID=212900543

Communications Sector

34. January 14, Associated Press – (Hawaii) Regulators to eye Hawaii’s analog TV shutoff. With the nation’s February 17 shutdown of analog TV signals in doubt, federal regulators will be closely watching what happens Thursday in Hawaii, when the state makes the move early because of an endangered bird. As Hawaii scrambles to become the first state to turn off analog broadcasts and go all digital, hundreds of people have been calling support lines for help and zipping digital converter boxes off store shelves. By Thursday at noon, all stations should be transmitting their digital signals at full power. Government officials and broadcasters estimate about 20,000 households in Hawaii still get their TV signals over the air. Hawaii’s change is happening now so analog transmission towers can be taken down before the nesting season of the dark-rumped petrel, a volcano-dwelling endangered bird. Even those who have converter boxes might see some channels go dark. People with poor analog reception likely will need to add more powerful indoor or outdoor antennas to get the digital broadcasts. People living in the islands’ many green valleys and rural areas figure to be among the most affected. Source: