Wednesday, July 20, 2011

Complete DHS Daily Report for July 20, 2011

Daily Report

Top Stories

• Security researchers from F-Secure spotted a new PDF-based e-mail attack that appears to target people working in the defense industry, according to Softpedia. (See item 14)

14. July 18, Softpedia – (International) New PDF-based targeted attack against military contractors spotted. Security researchers from F-Secure spotted a new PDF-based e-mail attack that appears to target people working in the defense industry. According to the Finnish antivirus vendor, the attack was intercepted the week of July 11 and is still ongoing. It uses the 2012 AIAA Strategic and Tactical Missile Systems Conference as a lure. The e-mails distribute a malicious PDF file that claims to be a call for papers for the renowned defense industry conference classified as SECRET. "When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm(dot)exe. This is a backdoor that connects back to the attacker," F-Secure's chief research officer said. According to a scan on Virus Total, the malicious PDF file still has a low detection rate with only 15 out of 43 antivirus engines detecting it. After the exploitation occurs, a non-malicious PDF file about the call for papers is opened on the computer to distract the user and avoid raising suspicion. The exact target of this attack is not known by F-Secure, but judging by its characteristics, security experts think it is most likely someone in the defense industry, possibly a military contractor. Source:

• Authorities in Spain and the United States have broken up an international drug money-laundering ring and seized buildings, cars, and cash valued at more than $140 million, CNN reports. See item 15 below in the Banking and Finance Sector.


Banking and Finance Sector

15. July 19, CNN – (International) Authorities bust international drug money-laundering ring. Authorities in Spain and the United States have broken up an international drug money-laundering ring and seized buildings, cars, and cash valued at more than $140 million, the Spanish National Police said July 18. More than 20 people were arrested — 17 in Spain and 4 in the United States — during the operation, more than 2 years in the making. Authorities accuse those arrested with participating in a drug money-laundering ring that spanned three continents. As U.S. authorities tell it, cocaine was smuggled in multihundred-kilogram quantities from Colombia to Spain, where it was processed and sold. The proceeds were then sent to a man, identified by the U.S. Attorney's Office for the Southern District of Florida, who would allegedly launder the money with the help of at least two co-conspirators. The man is thought to have received more than $26 million in drug proceeds from Spain between 2004 and the present, the attorney's office said in a statement. Among the group's favorite ways to launder money was through the purchase and sale of real estate and luxury cars, authorities said. They seized 21 properties in Spain,4 in the United States, and 60 cars, including one thought to be worth more than $2.8 million. Spanish police said they also seized $35 million in cash, kept in 50- and 100-euro bills, in Madrid. Source:

16. July 18, Fort Worth Star-Telegram – (Texas) Woman pleads guilty in mortgage fraud case. The woman at the forefront of an elaborate $13 million mortgage fraud pleaded guilty July 18 in Texas to engaging in organized criminal activity. The 46-year-old former mortgage broker whom prosecutors have described as the linchpin of the operation, entered her plea July 18 and faces as much as life in prison. She also pleaded guilty to three charges of money laundering, which will be barred from prosecution, but the judge can consider them at sentencing, officials said. Officials have said the scheme surfaced several years ago after the Tarrant County district attorney's office received an anonymous letter asking authorities to look into why so many houses in Mansfield's Twin Creek subdivision were foreclosed, vacant, or for sale. An investigation revealed that false data from "straw buyers" was being used to buy homes at inflated prices and pocket the proceeds. Twelve defendants, most of them straw buyers, have been sentenced for their roles in the fraud, an assistant district attorney said. Most reached agreements with prosecutors and received 5 to 10 years' probation and a $10,000 fine in exchange for guilty pleas and cooperation. Source:

17. July 14, Dow Jones Newswires – (National) Report: IRS didn't notify some taxpayers when data released. The Internal Revenue Service (IRS) didn't always properly notify taxpayers after inadvertently disclosing personal information, according to a Treasury Department audit released July 14. Not all citizens were notified that their personal data had been released, in a sample of 98 case files from the 2009 and 2010 fiscal years the IRS had flagged as inadvertent disclosures of personal taxpayer information, according to a report from the Treasury Inspector General for Taxpayer Administration (TIGTA). In total, the IRS processed 4,081 inadvertent disclosures during the 2009 and 2010 fiscal years, of which 1,493 required taxpayer notification. The IRS collects personal and financial data from more than 142 million people. The omission occurred in 5 percent of cases in the report's sample because IRS employees hadn't documented the name of the taxpayer whose data had been disclosed. In another 10 percent of cases, the taxpayer wasn't notified because only tax account data was released, which the IRS does not consider "personally identifiable information." The audit noted that taxpayers weren't notified in a timely manner. In 74 percent of the incidents that required notification, the IRS didn't alert taxpayers within 45 days. Letters sent to these taxpayers from the IRS took an average of 86 days. The IRS systems also were missing some cases of personal data disclosure, the auditors reported, after finding 815 incidents the IRS's four computer systems hadn't flagged. The TIGTA made four recommendations to the IRS, including educating employees on the need to gather enough information on individuals whose information has been released. Tax account information should be treated as sensitive personal information as well, the audit advised, and taxpayers should be notified more promptly. Source:

Information Technology Sector

36. July 19, Dark Reading – (International) More Windows kernel vulnerabilities may yet emerge, researcher says. A researcher who discovered a fundamental design flaw in the kernel of the Windows operating system said the software company has done a good job of patching so far, but it is likely more vulnerabilities will emerge before its work is done. The researcher, from security company Norman ASA, said despite announcements made on Patch Tuesday the week of July 11, which corrected some 13 Windows kernel vulnerabilities, there likely will be more vulnerabilities found. The researcher, who discovered the fundamental flaws in the 15-year-old Win32.sys operating environment, will present his findings on kernel vulnerabilities in a talk at Black Hat USA in Las Vegas, Nevada, in August. The vulnerabilities generally are the result of a function in the Win32k graphical user interface called user-mode callbacks, a mechanism that allows the kernel to make calls back into user-mode. User-mode callbacks enable the operating system to do a variety of tasks, such as invoking application-defined hooks, providing event notifications, and copying data to or from user-mode, the researcher explained. Source:

37. July 18, Help Net Security – (International) Facebook scammers use Tumblr sites to evade detection. Facebook users have been targeted again by survey scammers, and this time the lure is a video of a woman exposing herself on live television. There are two versions of the scam. In one, when the user clicks on the play button on the destination page, the click is hijacked and used to "like" the page. In the other, the user is asked to confirm they are an adult by clicking on the "Jaa" button that actually shares the link with friends. "To ensure that this scam continues, the scammers are using Tumblr sites to redirect users to the same Fake YouTube page," a researcher explained. "By redirecting users via Tumblr, scammers can evade Facebook filters as well as stay off the radar of Facebook’s recent Web of Trust integration." The scam ends with the user being encouraged to fill out surveys to receive a gift. Source:

38. July 18, The Register – (International) Microsoft turns screws on bot herders with hefty reward. Microsoft is offering a $250,000 reward for information leading to the arrest of those who controlled Rustock, a recently dismantled botnet that in its heyday was one of the biggest sources of illegal spam. The announcement of the bounty July 17 comes 4 months after Microsoft waged a novel campaign to take down Rustock, which enslaved an estimated 1 million PCs. The number of infected machines has been cut in half since that time, and Microsoft has already taken out ads in Russian newspapers in an attempt to track down the operators of the notorious botnet. Now, Microsoft is redoubling those efforts with the promise of the quarter-million dollar bounty to anyone who can help Microsoft and law enforcement officials identify and catch the perpetrators. Source:

Communications Sector

39. July 18, WAAY 31 Huntsville – (Alabama) Verizon Wireless outage frustrates customers. According to a Verizon spokesperson, service was restored to most of the Huntsville, Alabama area by the early evening of July 18. But throughout the morning and afternoon of July 18, dozens of angry customers were in and out of the Verizon Wireless store on University Drive wanting to know what was going on. Cellular phones were not working because 52 cell sites were out of service in the Huntsville area. Verizon officials would not say how many customers were affected during the outage, or what caused the cell sites to stop working. Source:

40. July 18, IDG News Service – (International) Mobile networks near capacity, survey finds. Mobile networks in North America are filled to 80 percent of capacity, with 36 percent of base stations facing capacity constraints, according to a survey by investment bank Credit Suisse. Networks in other regions also are more than 50 percent utilized, with the global average at 65 percent, Credit Suisse said after surveying carriers around the world. That level of use matches the average "threshold" rate that would trigger the service providers to start buying more network equipment, the report said. Looking ahead, on average the carriers expected their utilization rate to grow to 70 percent within 12 months. At a certain level, heavy use of a base station can affect the mobile experience of individual subscribers. The survey found that 23 percent of base stations worldwide had capacity constraints (defined as a utilization rate over 80 percent during busy hours), while 36 percent in North America were under that kind of pressure. The North American networks were 72 percent utilized 2 years ago. The region's carriers expect the rate to ease back down to that point within 2 years. North American service providers are likely to buy more equipment soon, because having their networks 74 percent filled is the threshold rate in that region, the survey indicated. Source:

No comments: