Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, January 28, 2009

Complete DHS Daily Report for January 28, 2009

Daily Report


 reports that a New Zealand man has found personal details of U.S. soldiers on an MP3 player he bought second-hand in Oklahoma. Most of the 60 files found are dated 2005. (See item 23)

23. January 27, – (National) U.S. Army details found on second hand MP3 player. A New Zealand man has found personal details of U.S. soldiers on an MP3 player he bought second-hand in Oklahoma. About 60 files on the MP3 player contained lists of soldiers based in Afghanistan, the names of some who have fought in Iraq, and mobile numbers for soldiers based overseas. Most of the files found are dated 2005, but some are still active and could have put individual soldiers at risk, according to a New Zealand television news report. The MP3 player also contained details of equipment deployed to the bases and private information about soldiers, such as social security numbers. The U.S. Army and the American embassy in New Zealand have refused to comment, the television news report said. Source:

 According to Government Technology, the Association of Public-Safety Communications Officials announced Monday the approval of an American National Standard that enables alarm companies to transmit alerts to 911 centers automatically. (See item 25)

25. January 27, Government Technology – (National) 911 alarm transmission standard approved. The Association of Public-Safety Communications Officials (APCO) announced January 26 the approval of an American National Standard that enables alarm companies to transmit alerts to 911 centers automatically. Alarm companies typically place a phone call to 911 centers when an alarm sounds, but the new standard would send them automatically. An automated standard could eliminate 32 million calls nationally from the alarm companies to the 911 public safety answering points, erasing the two to three minutes of processing time that call-takers need for obtaining information from alarm company operators, according to a public safety team project manager of the Richmond, Virginia, Department of Information Technology. Source:


Banking and Finance Sector

9. January 27, Cape Cod Times – (Massachusetts) Falmouth police warn of credit card scam. Police are warning area residents of a telephone credit card scam that has been reported to them. The scam starts with a recorded message from a caller identified as the Service Credit Union, according to a press release from the Falmouth police. The message tells the call’s recipient that their credit card is suspended because of “third- party activity” and then asks them to enter a credit card number by using the phone’s keypad, according to the press release. The Service Credit Union has told the Falmouth police that they are not looking for this information, police said. Residents should not give out personal information, including credit card information, the police said. Source:

10. January 27, Reuters – (New York) NY financier arrested in purported $400 million scam. Authorities on January 26 arrested the chief executive of a private New York financing firm on suspicion of running a purported Ponzi scheme that attracted $400 million in investments, U.S. law enforcement officials said. The head of Agape World Inc. on New York’s Long Island was said to provide commercial bridge loans, but was instead operating a traditional Ponzi scheme in which early investors are paid with the money of new clients, officials said. “The suspect took the advice of an attorney and complied with an arrest warrant,” said a spokesman for the U.S. Postal Inspection Service, which is investigating Agape World and Cosmo along with the Federal Bureau of Investigation. “Some of the early investors made money but as this scheme started to crumble, the later investors did not see a penny,” a law enforcement official said of the firm. Source:

11. January 27, Baltimore Sun – (Maryland) Suburban Federal Savings Bank told to sell. Federal banking regulators have told Crofton-based Suburban Federal Savings Bank that it must be sold by January 31or face a possible government takeover. The 53-year-old thrift has been trying to recover from losses on soured real-estate loans. In documents filed recently, the Office of Thrift Supervision (OTS) ordered Suburban to merge with another institution or accept “appointment of a conservator or receiver.” If Suburban were to be seized, it would be the first bank to fail in Maryland since 1992, the tail end of the savings and loan crisis. Suburban, which has seven branches and about $354 million in assets, was supposed to submit a binding merger agreement to the OTS by January 23, but neither the regulator nor Suburban officials would say on January 26 whether a plan was submitted. Source:,0,4636975.story

12. January 26, Yakima Herald-Republic – (Washington) Text message scams target Yakima Valley Credit Union customers. Tens of thousands of people nationwide have received suspicious text messages asking for individuals’ banking information. The most recent incident involves the Yakima Valley Credit Union. The messages state that the recipient’s bank account has been closed due to unusual activity, and asks the individual to call a phone number with bank information. The Yakima Valley Credit Union has been busy fielding calls from concerned customers. The Chief Executive Officer (CEO) and president fielded calls from across the state. The credit union has reported the scam to several agencies including the Federal Bureau of Investigation, the local police, and the National Credit Union Administration and posted an alert on its Web site to remind customers that the credit union will never contact customers for sensitive information. The CEO said most people have not fallen for the scam, but for the few people who have, the credit union has managed to intervene and prevent any money from being stolen from them. Source:

Information Technology

27. January 27, DarkReading – (International) PandaLabs detects Valentine’s Day worm. PandaLabs, Panda Security’s malware analysis and detection laboratory, announced on January 27 that it has detected a new variant of the Waledac Storm worm, the Waledac.C worm, which is using Valentine’s Day as bait to spread itself to as many computers as possible. As is usually the case in this type of attack, Waledac C spreads by email trying to pass itself off as a greeting card sent for Valentine’s Day to the targeted user. The email message includes a link to download the card. However, if the user clicks the link and accepts the subsequent file download they will actually be letting the Waledac.C worm into their computer. These malicious files have Valentine’s Day-related romantic names such as: youandme.exe onlyyou.exe you.exe meandyou.exe. Once it has infected the computer, the worm uses the affected user’s email to send out spam. To do this, it collects all the email addresses stored on the user’s computer, and sends them an email message like the one above in order to trick other users into downloading the malware strain. Source:;jsessionid=XEK4HSDWQX1MUQSNDLPCKHSCJUNN2JVN?articleID=212902776

28. January 26, Computerworld – (International) Hackers exploit Obama site to spread malware. A social networking site operated by the 2008 Barack Obama presidential campaign is serving up malware to unwary visitors a full week after the tactic was reported, a security researcher said on January 26., still active after the recent inauguration of the U.S. President, is being used by hackers trying to dupe users into downloading a Trojan horse, said the vice president of security research at Websense Inc. The criminals have set up bogus accounts and used them to create blogs. When a user reaches one of the fake blogs, a YouTube-like video window is displayed; clicking on that video frame takes the user to a malicious Web site packed with pornography. If the user clicks to view the porn, a message pops up claiming a video codec must be downloaded and installed. The executable file is no codec, but rather a Trojan horse that hijacks the PC. The cybercrooks do not just try to grab people browsing through, he added; rather, they are actively polluting search engines with the URLs of their bogus blog accounts in an attempt to take advantage of’s reputation and popularity. Source:

29. January 26, eWEEK – (International) More malware targeting users of pirated software for Mac. Users of pirated software have a new headache to worry about. For the second time in less than two weeks, malware targeting Mac computers has surfaced on the Web. According to an advisory from Intego, OSX.Trojan.iServices.B is a variant of the iServices Trojan the company found recently targeting pirated copies of iWork 2009. This time, the malware has its sights set on versions of Adobe Photoshop CS4 downloaded via BitTorrent trackers and other sites containing links to pirated software. “The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program,” Intego’s advisory reads. As of January 25, nearly 5,000 are believed to have downloaded the Trojan, according to the advisory. After downloading this version of Photoshop, users will run the crack application to be able to use it, the advisory continues. The crack application extracts an executable from its data and installs a backdoor in /var/tmp/, which is not deleted when the computer is restarted. The crack application then requests an administrator password and launches the backdoor with root privileges, the advisory continues. The program saves the root hash password in the file /var/root/.DivX. In addition, it listens on a random TCP port, answers requests such as GET / HTTP/1.0 by sending a 209-byte packet and makes repeated connections to two IP addresses. Source:

30. January 26, – (International) Monitoring data center contamination key concern at ASHRAE conference. According to a speaker and member of American Society of Heating Refrigeration and Air Conditioning Engineers (ASHRAE) Technical Committee 9.9 (TC 9.9), the time has come for data centers to start monitoring their data center dust and pollution. A senior systems and technology group engineer at IBM spoke on January 25, at the ASHRAE Winter Conference in Chicago. He and two IBM colleagues wrote a paper on data center particulate and gaseous contamination. Any kind of data center contamination, and there are several types, can cause problems, the engineer said. He started with data center dust, saying it could be separated into “chemically inert dust” and “corrosive dust.” Chemically inert dust is similar to household dust, and when it starts clogging server intake valves and other small openings, it can affect thermal efficiency, cooling efficiency, and the airflow through heat sinks in electronic components. It can also lead to overheating of power connectors for tape and optical media drives, he said. Showing a picture of the dust, the engineer pointed out that there was “contamination evidence on covers and intakes. Corrosive data center dust contains ionic chemical compounds like sulfur and chlorine salts that, when wet, get corrosive. When bridges form between two conductive patterns, the engineer said that short-circuiting can result. After the session, the engineer added that a lot of the data center contamination comes from IT equipment being delivered in smaller and smaller footprints. Source:,289142,sid80_gci1346032,00.html

Communications Sector

Nothing to report.