Wednesday, January 5, 2011

Complete DHS Daily Report for January 5, 2011

Daily Report

Top Stories

• eWeek reports a botnet spamming out malware through a phony holiday message from the White House enabled operators to get hold of 2 gigabytes of data from government agencies, including the National Science Foundation. (See item 37)

37. January 3, eWeek – (International) Malware campaign cyber-espionage or cyber-crime? The crew behind the Kneber botnet that made headlines in 2010 may have surfaced again in a malware campaign targeting employees of various governments. The botnet, which pushes out the Zeus Trojan, was spotted around Christmas time spamming out malware through a phony holiday message from the White House. Those who received the card and either clicked on a link to an e-card or opened a malicious attachment were compromised. The fact Zeus was stealing data will come as no surprise to anyone familiar with the Trojan; but the idea that a piece of malware most commonly associated with swiping banking credentials was after documents raised some eyebrows. According to a security blogger, the botnet operators were able to get their hands on more than 2 gigabytes of PDFs, Microsoft Word, and Excel documents from dozens of victims, including an employee at the U.S. National Science Foundation’s Office of Cyberinfrastructure and an official with the Moroccan government’s Ministry of Industry, Commerce, and New Technologies. Source: http://www.eweek.com/c/a/Security/Malware-Campaign-Cyber-Espionage-or-Cybercrime-626011/

• According to the Rock Hill Herald, sophisticated thieves pilfered $100,000 of emergency response equipment from the South Carolina Forestry Commission’s main maintenance and storage area. (See item 45)

45. January 1, Rock Hill Herald – (South Carolina) Thieves steal S.C. Forestry Commission equipment. Sophisticated thieves pilfered some $100,000 of emergency response equipment from the South Carolina Forestry Commission’s main maintenance and storage area in Columbia sometime during the Christmas break. Missing items include critical equipment the agency needs for emergency response, a commission spokesman said. “Many of the items are things our Incident Management Team must have to respond to large-scale disasters, such as the bigger wildfires and hurricanes,” he said. Among the items taken were 13 Dell laptops, 2 all-terrain vehicles equipped for law enforcement and firefighting duties, various tools, and a Ford F350 diesel flatbed truck adorned with the agency’s logo. Source: http://www.heraldonline.com/2011/01/01/2721918/thieves-steal-sc-forestry-commission.html

Details

Banking and Finance Sector

14. January 4, Cliffview Pilot – (New Jersey) ‘Fedora robber’ in custody, tied to holdups in Hackensack, Fairview, Guttenberg. Union City, New Jersey police tracked a bank robbery suspect after he tried to hold up a TD Bank branch off 43rd Street less than 2 hours after making off with $1,000 from the Guttenberg Savings and Loan off 68th Street on December 14, investigators said. Both branches are on Bergenline Avenue. “Our investigation revealed he was also responsible for” robbing the Valley National Bank in Hackensack on September 9 and the Oritani Bank on Fairview Avenue on December 4, an agent told the Cliffview Pilot. The same weapon — the end of a blowtorch wrapped in a cloth — was used in both holdups, he said. No weapon was reportedly shown in the Hudson County robberies. The suspect served nearly 15 years for robbery after being sentenced in February 1989, records show. Investigators told the Web site he wore a white hat and was carrying the weapon when he took more than $10,000 from the Hackensack bank. Source: http://www.cliffviewpilot.com/hudson/1985-fedora-robber-in-custody-tied-to-holdups-in-hackensack-fairview-guttenberg-

15. January 3, LoanSafe.org – (National) Kansas man pleads guilty to role in embezzlement by bank president. A Jefferson County man has pleaded guilty to helping the former president of a bank in Meriden, Kansas, steal from the bank, a U.S. Attorney said January 3. The man pleaded guilty in U.S. District Court in Kansas City, Kansas, January 3 to one count of aiding and abetting theft by a bank officer. In his plea, the man admitted that in 2001 and 2002 he helped the former Meriden State Bank president embezzle bank funds. During that time, the former bank president convinced the bank’s board to construct a branch on Fairlawn Street in Topeka, Kansas. The two men concealed from the board the fact the former bank president would be serving as the undisclosed general contractor on the project. In order to receive approval for the project, the former bank president falsely represented to the Federal Deposit Insurance Corporation that no insider would be involved or benefit from construction of the branch. The man who assisted the former bank president in the scheme is set for sentencing March 21, 2011. He faces a maximum penalty of 30 years in federal prison, and a fine of up to $1 million. Source: http://www.loansafe.org/kansas-man-pleads-guilty-to-role-in-embezzlement-by-bank-president

16. January 3, Associated Press – (Washington) Minivan is tool, getaway vehicle in WA ATM theft. Vancouver, Washington police said a minivan driver used his vehicle as both a tool and a getaway car in the theft of an automatic teller machine from a bowling alley January 3. The Columbian reports a man drove a minivan drove through the glass doors of Allen’s Crosley Lanes at about 3 a.m. and crashed into the ATM. Surveillance footage of the robbery shows a person then jumping out of the van, grabbing the ATM, hoisting it into the vehicle and driving off. A sergeant said damage to the building was “in the thousands.” There was an unknown amount of cash in the ATM. Source: http://www.seattlepi.com/local/6420ap_wa_atm_robbery.html

17. January 3, SecurityInfoWatch.com – (National) FBI: Organized retail crime costs U.S. $30B a year. According to an article published the week of January 3 by the FBI, organized retail crime, which includes merchandise theft, as well as credit card fraud, gift card fraud, and price tag switching, costs the United States about $30 billion per year. The agency said the stores targeted by perpetrators of organized retail crime range from small specialty shops to major department stores. The groups responsible for these crimes include South American theft groups, Mexican criminal groups, as well as Cuban criminal groups from South Florida, and Asian street gangs from California. A Special Agent of the FBI’s Violent Crimes/Major Offenders Unit in Washington, D.C. called organized retail crime a “gateway crime” often used to fund other criminal endeavors. The FBI said it is working with the retail industry to help address the problem, and noted it recently helped to develop the Law Enforcement Retail Partnership Network (LERPnet), which is a database that can be used by retailers to report and share incidents of retail theft and other retail crimes. Source: http://www.securityinfowatch.com/fbi-organized-retail-crime-costs-us-30b-a-year

Information Technology

46. January 4, IDG News Service – (International) Microsoft blames server problem for Hotmail outage. Microsoft said it has fixed a problem with its Windows Live Hotmail service that temporarily deleted the e-mail of more than 17,000 users. The trouble began December 30 when the e-mail in 17,355 accounts disappeared. A Microsoft executive wrote January 3 the company had identified the technical glitch and restored e-mail to the affected accounts by the night of January 2. “Customers impacted temporarily lost the contents of their mailbox through the course of mailbox load balancing between servers,” a corporate vice president with Windows Live Engineering wrote on a company blog. Source: http://www.computerworld.com/s/article/9203120/Microsoft_blames_server_problem_for_Hotmail_outage

47. January 4, ITProPortal – (International) PlayStation 3 root key made public. A hacker has finally managed to completely crack Sony’s PlayStation 3 console, allowing users to run custom firmware and pirated games without restrictions. The hacker decrypted the “root key” used to authorize software on the platform that prevented users from installing unauthorized software on the PS3, and has posted it for every one to use. Kotaku reported the hack could also be connected to hacking group fail0verflow that develops “homebrew” software for PS3s. With the root key cracked, users and hackers will now also be able to play pirated games, circumventing Sony’s built-in security measures. In using the hack, users risk voiding the device’s warranty. Experts believe Sony will not be able to change the master root key without risking making most legitimate programs on the platform completely inaccessible. Experts also claim the latest PS3 hack is unlikely to be be unaffected by future software updates. Source: http://www.itproportal.com/2011/01/04/playstation-3-root-key-made-public/

48. January 4, Softpedia – (International) Adware and Java trojans dominated the web threat landscape in December. According to statistics from Kaspersky Lab, adware programs and Java-based downloaders were the most common threats encountered on the Web during December 2010. The most frequently encountered one was AdWare.Win32.HotBar.dh, which tried to infect a number of 203,975 distinct users. It includes HotBar, Zango, and ClickPotato and was the most prominent threat overall, including all categories. The other two samples are AdWare.Win32.FunWeb.di and AdWare.Win32.FunWeb.fq. The second most common threat was Trojan-Downloader.Java.OpenConnection.cf, a dropper that uses the OpenConnection method of an URL class to download malware on the computer. The third place was filled by rogue IFrames injected into compromised Web sites. Source: http://news.softpedia.com/news/Adware-and-Java-Trojans-Dominated-the-Web-Threat-Landscape-in-December-176033.shtml

49. January 4, H Security – (International) Unpatched hole in ImgBurn disk burning application. According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user’s system. The security issue in the freeware program is reportedly caused by the application loading libraries (dwmapi.dll) in an “insecure manner,” which can then lead to the execution of arbitrary code. The problem has been confirmed to affect version 2.5.4.0 of ImgBurn, the latest release from December 12; however, previous versions are also likely to be vulnerable. For an attack to be successful, a victim must first open a specially crafted file. As such, users are advised to avoid opening untrusted files. Source: http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html

50. January 3, Softpedia – (International) Recent spam campaign points to new Storm botnet. While analyzing a recent spam campaign, security researchers found what seems to be a new version of the Storm or Waledac botnets. According to the Shadowserver Foundation, a recent junk e-mail campaign distributed links that led to a new Waledac or Storm variant. The e-mails come with a subject announcing a holiday e-card, while their body message direct users to links to view the alleged greeting. These links lead to HTML pages hosted on compromised Web sites, which in turn execute a meta redirect towards one of multiple domain names controlled by the attackers. The domains are using fast flux hosting — they respond to multiple IP addresses and are difficult to shut down. The landing pages on these domains display a message reading “Can’t view the greeting? Download Flash Player!” If the visitor does not click on the link to download the alleged Flash Player installer within 5 seconds they are redirected to a secondary page which serves several exploits for outdated software installed on their computer. If they do click on the link, a file called install_flash_player.exe is downloaded. If executed, this file opens an Internet Explorer connection to the same exploit page. In both scenarios, successful exploitation downloads the new Storm variant. Source: http://news.softpedia.com/news/Recent-Spam-Campaign-Suggest-New-Storm-Botnet-175866.shtml

51. January 3, The H – (International) Hole in VLC Media Player. Virtual Security Research has identified a vulnerability in VLC Media Player. In versions up to and including 1.1.5 of the VLC Media Player, specially crafted files can be used to inject code that will trigger a buffer overflow in the demultiplexer used for Real Media format files. Potential victims need to explicitly open such a specially crafted file. Users have been advised not to open files from unknown sources until the media player has been patched. As an alternative, the Real demuxer plug-in (libreal_plugin.*) can be removed from the VLC plugin directory. VLC Media Player 1.1.6 is said to be immune to the problem, but the Videolan developers have not yet released this version for Windows. Source: http://www.h-online.com/open/news/item/Hole-in-VLC-Media-Player-1162498.html

Communications Sector

52. January 3, Aviation Week – (International) Intelsat mulls options in wake of zombie sat. An Intelsat spacecraft that wreaked havoc around the world since it went out of control last spring has been shut down, removing an interference hazard that had threatened communications satellite operators worldwide. Intelsat said the spacecraft, Galaxy 15, temporarily lost Earth lock December 17, causing it to lose enough power to shut down its primary C- and L-band payload. On December 23, the battery completely drained and the baseband equipment command unit reset automatically, as it was designed to do. The spacecraft then began accepting commands and sending telemetry again, allowing engineers to place it in safe mode. The satellite — which industry has dubbed Zombie Sat — is now Sun-pointed and thermally balanced with batteries fully recharged and no longer poses a threat to neighboring satellites or customer services, the operator said. Over the coming weeks, engineers will run diagnostic tests, upload new command software patches that have been pre-tested on other orbital satellites, and attempt to immobilize the satellite, which has been drifting eastward since it went out of control April 5. They will then seek to move the satellite to one of Intelsat’s orbital locations so it can be thoroughly tested to determine the viability of the payload and the functionalities of the spacecraft. Source: http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=space&id=news/awx/2010/12/27/awx_12_27_2010_p0-279254.xml&headline=Intelsat Mulls Options In Wake Of Zombie Sat

53. January 3, Los Angeles Times – (National) Jam prisoners’ cellphone calls? New federal report explores possibilities. The Presidential Administration does not want dangerous prison inmates to make calls or send text messages from contraband cellphones because of the possibility they could direct new crimes. But federal officials also do not want to go so far in trying to jam those communications that they create problems for nearby public safety workers or average citizens, according to a new government report. A possible solution: more limited technologies that would let prison officials block calls only from unapproved devices, the report said. In late 2009, Congress directed government officials — including the Federal Communications Commission, the Federal Bureau of Prisons, and the National Telecommunications and Information Administration — to look into technologies that could prevent the use of cellphones by inmates. A law enacted in August bans cellphones from federal prisons, but it does not apply to state facilities. In California state prisons, for example, inmates are not supposed to have cellphones, but there is no law that makes possessing one a crime, or that imposes penalties on visitors who smuggle them in. This year, California will test one technology, called managed access, with which officials can block calls that do not come from a list of phones approved to transmit through nearby towers. The system enabled Mississippi state officials to block more than 216,000 unauthorized calls and text messages in its first month in operation last summer. Source: http://latimesblogs.latimes.com/technology/2011/01/prison-cellphone-charles-manson-jam-government-fcc-report.html

No comments: