Friday, March 27, 2009

Complete DHS Daily Report for March 27, 2009

Daily Report


 The Associated Press reports that government investigators testing the nation’s food tracing system were able to follow only five out of 40 foods all the way through the supply chain, according to a report released Thursday by the Health and Human Services inspector general’s office. (See item 28)

28. March 26, Associated Press – (National) Investigators say food tracing system full of gaps. Government investigators testing the nation’s food tracing system were able to follow only five out of 40 foods all the way through the supply chain, according to a report released Thursday. For 31 of the 40, investigators said they were able to identify the facilities that most likely handled the products. And in the case of four items, 10 percent of the total, investigators were unable to identify the facilities that handled them. An investigation by the Health and Human Services inspector general’s office found that the records many companies keep are not detailed enough. And one-quarter of the company managers were totally unaware of record keeping requirements. The inspector general recommended that the FDA consider seeking stronger legal powers to improve the tracing of food. Source:

 According to the Associated Press, fish caught near wastewater treatment plants serving five major U.S. cities had residues of pharmaceuticals in them, researchers reported on Wednesday. The findings have prompted the Environmental Protection Agency to significantly expand similar ongoing research to more than 150 different locations. (See item 31)

31. March 25, Associated Press (National) Study: Range of pharmaceuticals in fish across U.S. Fish caught near wastewater treatment plants serving five major U.S. cities had residues of pharmaceuticals in them, including medicines used to treat high cholesterol, allergies, high blood pressure, bipolar disorder, and depression, researchers reported March 25. Findings from this first nationwide study of human drugs in fish tissue have prompted the Environmental Protection Agency (EPA) to significantly expand similar ongoing research to more than 150 different locations. “The average person hopefully will see this type of a study and see the importance of us thinking about water that we use every day, where does it come from, where does it go to? We need to understand this is a limited resource and we need to learn a lot more about our impacts on it,” said the study’s co-author, a Baylor University researcher and professor who has published more than a dozen studies related to pharmaceuticals in the environment. A person would have to eat hundreds of thousands of fish dinners to get even a single therapeutic dose, he said. But researchers have found that even extremely diluted concentrations of pharmaceutical residues can harm fish, frogs, and other aquatic species because of their constant exposure to contaminated water. The research was published online March 25 by the journal of Environmental Toxicology and Chemistry and also was presented at a meeting of the American Chemical Society in Salt Lake City. Much of the contamination comes from the unmetabolized residues of pharmaceuticals that people have taken and excreted; unused medications dumped down the drain also contribute to the problem. In an ongoing investigation, the Associated Press has reported trace concentrations of pharmaceuticals have been detected in drinking water provided to at least 46 million Americans. The EPA has called for additional studies about the impact on humans of long-term consumption of minute amounts of medicines in their drinking water, especially in unknown combinations. Limited laboratory studies have shown that human cells failed to grow or took unusual shapes when exposed to combinations of some pharmaceuticals found in drinking water. Source:


Banking and Finance Sector

19. March 26, Economic Times – (International) Software labs warn of ATM virus that steals money from banks. Russia’s leading computer security labs have warned of a new software virus which infects Automatic Teller Machines (ATM) to steal money from bank accounts of their users. Two leading anti-virus software producers ‘Doctor Web’ and ‘Kaspersky Lab’ claimed to have discovered a new virus, in the networks of several bank ATMs, which is able to collect information from bank cards. “This is a malicious program intended to infect and survive in ATMs. It is possible that new software will appear, aimed at illegitimately using banking information and removing funds,” an official of the Kaspersky Lab was quoted as saying by RIA Novosti news agency. He said the virus is a Trojan which is able to infect the popular American Diebold brand of ATMs, used in Russia and Ukraine. Judging by the programming code used, there is a high probability that the programmer comes from one of the former Soviet republics, he added. The computer security experts say the number of infected ATMs is minimal but individual bank cardholders will not be able to detect whether an ATM is infected or not. Source:

20. March 26, Bloomberg – (National) SEC plans new money manager rules after Madoff fraud. The U.S. Securities and Exchange Commission chairman said she will impose new rules on money managers to safeguard client holdings after a $65 billion fraud shattered investor confidence. The SEC will propose that all investment advisers who have custody of customer assets undergo annual audits that are “unannounced,” the chairman said on March 26 in testimony prepared for the Senate Banking Committee. Money managers may also be subject to compliance audits by professional examiners to make sure they are adhering to securities laws, she said. “For our markets to be fair and efficient and to operate in the best interests of investors, those who control access to our capital markets must be competent, financially capable and honest,” she said. The SEC is trying to strengthen oversight after lawmakers weighing the most sweeping overhaul of U.S. financial regulation since the 1930s questioned the agency’s effectiveness in the wake of the scandal. The chairman defended the SEC since taking the helm in January, arguing that the agency must remain independent of any regulator Congress assigns the role of monitoring risks posed to the economy by large banks, hedge funds, and private equity firms. “Congress created only one agency with the mandate to be the investors’ advocate,” she said. “If there were ever a time when investors need and deserve a strong voice and a forceful advocate in the federal government, that time is now.” Source:

21. March 26, Spamfighter – (Montana) Mountain West Bank consumers targeted by phishing scam. Phishing fraudsters appear to be constantly attacking some banks in the Missoula region of Montana with one being Mountain West Bank, whose authorities inform that the e-mail scam began recently in March and it has gained momentum. The e-mails that pose to be messages from or direct recipients to input their account details so that their account accessibility is not restricted. The e-mails also provide a link which takes the user to a Web site that appears like the actual homepage of the bank. Meanwhile, various forms of the phishing e-mail are being circulated, with different Web links pointing to or The president of Mountain West Bank Missoula Branch said that a few of their clients divulged their account details, and consequently, they lost money, as reported by Montana’s News Station. The president further said that the bank was able to shutdown more than 40 of the cloned sites, but they were arising from all over the world. Meanwhile, since the e-mail has been circulating within the customers’ mailboxes for several days now, the Bank’s official Web site is displaying an urgent alert message. Accordingly, the Bank’s officials inform people that the institution is not behind any of the fraudulent, phishing e-mails. Customers are required to be wary of these kinds of frauds to guard themselves. Moreover, none of the bank’s customer databases have been attacked. Source:

Information Technology

39. March 26, IDG News Service – (International) Firefox fix due next week after attack is published. Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser. The attack code, written by a security researcher, was published on several security sites on March 25, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user’s machine. Mozilla developers have already worked out a fix for the vulnerability. It is slated to ship in the upcoming 3.0.8 release of the browser, which developers are now characterizing as a “high-priority firedrill security update,” thanks to the attack code. That update is expected sometime early next week. “We... consider this a critical issue,” said the Mozilla director of security engineering in an e-mail. The bug affects Firefox on all operating systems, including Mac OS and Linux, according to Mozilla developer notes on the issue. By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorized software on a victim’s system. This kind of Web-based malware, called a drive-by download, has become increasingly popular in recent years. While the public release of browser attack code does not happen all that often, security researchers do not seem to have much trouble finding bugs in browser software. Last week, two hackers at the CanSecWest security conference dug up four separate bugs in the Firefox, IE, and Safari browsers. Source:

40. March 25, Computerworld – (International) New ransomware holds Windows files hostage, demands $50. Cyber crooks have hit on a new twist to their aggressive marketing of fake security software and are duping users into downloading a file utility that holds users’ data for ransom, security researchers warned on March 25. While so-called scareware has plagued computer users for months, those campaigns have relied on phony antivirus products that pretend to trap malware but actually only exist to pester people into ponying up as much as $50 to stop the bogus warnings. The new scam takes a different tack: It uses a Trojan horse that is seeded by tricking users into running a file that poses as something legitimate like a software update. Once on the victim’s PC, the malware swings into action, encrypting a wide variety of document types, ranging from Microsoft Word .doc files to Adobe Reader PDFs, anytime one is opened. It also scrambles the files in Windows’ “My Documents” folder. When a user tries to open one of the encrypted files, an alert pops up saying that a utility called FileFix Pro 2009 will unscramble the data. The message poses as a semiofficial notice from the operating system. “Windows detected that some of your MS Office and media files are corrupted. Click here to download and install recommended file repair application,” the message reads. Clicking on the alert downloads and installs FileFix Pro, but the utility is anything but legit. It will decrypt only one of the corrupted files for free, then demands the user purchase the software. “This does look like a new tactic,” said the global director of education at antivirus vendor Trend Micro Inc. “But all online fraud is just minor variations of classic con games. This is just the ‘Bank Examiner’ played out on the Internet.” On the Web, data-hostage scams like this are called “ransomware” for obvious reasons. This is not the first time the tactic has been used, but it is remarkably polished, said the director. “We have not seen ransomware with this level of sophistication,” he said. Source:

Communications Sector

41. March 26, – (International) Worm targets Linux routers. Users of Linux-based routers are being warned of a new worm in the wild which attempts to take control and add their device to a growing botnet. As reported over on on March 25, the ‘psyb0t’ worm was first spotted by security research group DroneBL recently, but may have been spreading since the start of the year. Designed to brute-force the password of routers running Linux compiled for the RISC-based MIPS chip, including ones running custom OpenWRT and DD-WRT firmwares, the worm takes control of poorly secured devices and joins a botnet which the DroneBL group estimates may have grown to as large as 100,000 compromised devices so far. Because the worm relies on insecure passwords, or devices which have not been reconfigured from their default settings, the group claims that “ninety per cent of the routers and modems participating in this botnet are [doing so] due to user error.” While it is always good advice to choose a very secure password for Internet-facing devices, it is unlikely that anyone reading a security blog needs telling. The payload of the worm is interesting: as well as allowing full remote control of the router via an IRC channel, the malware uses packet inspection techniques in an attempt to sniff traffic for usernames and passwords to Web sites and e-mail accounts. The worm also attempts to resist disinfection by locking out telnet, SSH, and Web access to the device’s management functionality — preventing the device from being flashed with a known-clean firmware. The group notes that “this is the first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems” and warns that “many devices appear to be vulnerable.” Source:

42. March 25, IDG News Service – (International) Cisco security updates squash router bugs. Cisco has released eight security updates for the Internetwork Operating System (IOS) software used to power its routers. The patches were released on March 25, the day Cisco had previously scheduled for its twice-yearly IOS updates. None of the bugs had been publicly disclosed ahead of the March 25 updates, but some of them were reported to Cisco by outside sources. Most of the bugs could be exploited by attackers to crash or somehow disrupt service to a router, typically if a specific, vulnerable service is enabled, Cisco said. For example, Cisco has fixed two bugs in its SSLVPN (Secure Sockets Layer Virtual Private Network) software that could be used to crash the device. Attackers could exploit one of these bugs by sending a specially crafted HTTPS packet to the router. The bug does not affect users of the company’s ASA 5500 appliance or of Cisco IOS XR or XE software, however. SSLVPN lets users outside of the corporate firewall access their company’s network using a Web browser, instead of installing special VPN software on their PC. Another serious bug affects those who have enabled the Secure Copy Protocol (SCP), used to allow file transfers over the network. Because of this bug, an authenticated user on the device could “transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do,” Cisco said in its advisory. This could allow a user to mess with the router’s configuration files or sneak a peek at passwords, Cisco said. Source:

43. March 25, WTHR 13 Indianapolis – (Indiana) AT&T to expand Indiana coverage. A&T announced on March 25 that it plans to add over 35 new cell sites in Indiana this year. AT&T says it is expanding its 3G wireless broadband network. New cell sites include Anderson, Bloomington, Carmel, Evansville, Fishers, Fort Wayne, Indianapolis, Lafayette, Muncie, Noblesville, Sheridan, South Bend, Terre Haute, and more. AT&T will also introduce 3G services in Anderson, Bloomington, Columbus, and Muncie, and expand its 3G footprint in Allen, Hamilton, Johnson, and St. Joseph counties. New sites will also expand coverage in several other Indiana counties including: Clark, Floyd, Lake, LaPorte, Porter, Spencer, and Vanderburgh. Source: