Friday, June 10, 2011

Complete DHS Daily Report for June 10, 2011

Daily Report

Top Stories

• The Birmingham News reports Talladega, Alabama officials continue to search for the cause of a 6-day water main leak that has hemorrhaged more than 2.8 million gallons of water per day, and forced the cancellation of surgeries at a hospital. (See item 26)

26. June 8, Birmingham News – (Alabama) Talladega searching for water leak that is losing 2.8 million gallons per day. Talladega, Alabama is losing enough water each day to fill more than four Olympic swimming pools, but authorities have no idea where the water is going. The consequences, though, are obvious as the crisis enters its sixth day. The local hospital has called a halt to surgeries, residents are asked to boil drinking water, and the city, which has declared a state of emergency, has invested tens of thousands of dollars in bottled water to hand out to a parched community. Water and sewer officials June 8 continued to search for the cause of the mysterious water main leak which has hemorrhaged more than 2.8 million gallons of water per day. By midday June 8, city officials had handed out at least 40 pallets of water, some donated by the emergency management agency, and others brought into the city by tractor trailer rigs: the price tag on just one of those loads was more than $20,000. Add in the amount of water lost, time spent trying to figure out the problem, and the eventual repairs, and the city manager said it will be nothing short of a major financial blow to the system. Source:

• According to CNN, a lightning strike June 8 at military training camp sent 77 U.S. Air Force Reserve Officer Training Corps (ROTC) cadets to hospitals in the Hattiesburg, Mississippi, area, where they were all responsive and in stable condition. (See item 32)

32. June 8, CNN – (Mississippi) Lightning strike at Mississippi military base sends 77 to hospital. A lightning strike June 8 sent 77 U.S. Air Force Reserve Officer Training Corps (ROTC) cadets to hospitals in the Hattiesburg, Mississippi, area, where they were all responsive and in stable condition, according to a Camp Shelby spokeswoman. Two were transported by ambulance, and the remaining 75 were transported by Camp Shelby buses. All 77 were college students enrolled in the Air Force ROTC, which uses Camp Shelby as its summer training site. The base had been under a severe thunderstorm warning when the lightning strike occurred, and the facility had been receiving reports of bad weather all day, the spokeswoman said. She said she did not know what the cadets were doing when the accident occurred. CNN affiliate WDAM reported four of the cadets were close to the lightning when it struck around 2 p.m. The remaining personnel at Camp Shelby Joint Forces Training Center quickly responded to the situation to ensure that anyone injured received medical attention. Source:


Banking and Finance Sector

11. June 9, IDG News – (National) Citigroup breach exposed data on 210,000 customers. Citigroup admitted June 8 that an attack on its Web site allowed hackers to view customers’ names, account numbers and contact information such as e-mail addresses for about 210,000 of its cardholders. Citigroup did not say how the Web site, Citi Account Online was compromised. The bank discovered the breach early in May. Other customer information, such as Social Security numbers, birthdates, card expiration dates, and the three-digit code on the back of the card, were not exposed, the company said. The affected customers are being contacted by Citigroup. Although hackers may have not gained complete information on cardholders, the contact nformation is enough for scammers to try and elicit more information through targeted attacks. Source:

12. June 9, Quincy Patriot Ledger – (Massachusetts) Alleged bank robber is held on bail. A Quincy, Massachusetts man was ordered held on $40,000 cash bail June 8 after being charged with robbing a Weymouth bank. The man pleaded innocent to one count of armed robbery June 8 in Quincy District Court. He was arrested June 7 after detectives from Weymouth, Norwell, Hanover, Braintree, and Hingham and the FBI followed tips that led them to the Norwell trailer park where he was staying. The departments began working together after noticing similarities in a string of bank robberies in their towns and one in Rockland. So far, the suspect has only been charged with the May 19 robbery of a Bank of America branch in Weymouth, but police said he confessed to five other robberies after he was arrested. Source:

13. June 8, Orange County Register – (California) Irvine real estate broker admits $4.3 million Ponzi scam. A veteran real estate broker and former Irvine, California Planning Commissioner defrauded 34 friends, relatives, and clients of $4.265 million with an elaborate Ponzi-style investing scheme starting in 2007. The 50-year-old Irvine family man cooperated with the FBI, confessed his crimes and agreed to plea guilty to felony interstate wire fraud, according to documents filed the week of June 6 in federal court in Santa Ana by the local U.S. attorney’s office. The man forged bank documents, used non-existent escrow companies, provided bogus status updates, and falsely reported significant profits, victims said. If they did not want to reinvest their money with him, he made up excuses for why he could not give it back. The FBI began investigating the man in late January. He is president of several business entities, including Irvine-based Sparks Realty & Investment Inc., and Nevada-based Wellington Grant Ltd. Source:

14. June 8, Minneapolis Star Tribune – (International) Brits arrest 3, say fraud ring bilked investors. British police said June 8 they have made three arrests in an investigation of an international investment fraud and money laundering conspiracy that allegedly used phony accounts at Wells Fargo, U.S. Bank, and several other financial institutions to defraud investors out of a “huge amount of money.” Wells Fargo & Co. first revealed the alleged conspiracy in a racketeering lawsuit it filed 15 months ago in Minneapolis, Minnesota. It said a group of unknown defendants were using Wells Fargo trademarks on phony documents that indicated they had large amounts of money in the bank. The bogus documents were allegedly used to assure prospective investors the defendants had the means to pursue certain business opportunities. Now police in London have arrested and charged two people with conspiracy to defraud about 1,800 people in a scheme that resembles the one described in Wells Fargo’s lawsuit. In addition to Wells Fargo, authorities said, the investigation has found links to nearly a dozen other banks and business entities in the Middle East, Thailand, England, and the United States. British police said evidence seized by his department implicates an American lawyer and a few other individuals in the United States. Correspondence indicates they may have violated money laundering laws, and that the scheme appears to have links with a number of large European organized crime networks. Source:

15. June 8, KPHO 5 Phoenix – (Arizona; National) Lending Company security breach may be inside job. Investigators now believe the security breach at major Phoenix, Arizona mortgage company could be an inside job, KPHO 5 Phoenix reported June 8. A police report details how in May, officials at the Lending Company in north Phoenix contacted detectives. One of its managers had reported seeing a computer transferring customer’s personal information to an external source. The police report indicates an employee may be the culprit, but no arrests have been made. The company mailed letters to its customers, warning of the potential for identity theft. The Lending Company does business in 12 states, including Arizona. The company admitted its secure database was breached May 4, potentially putting at risk thousands of its customers. Source:

16. June 8, Norwich Bulletin – (National) Former Dime Bank officer pleads guilty to embezzlement. A former Dime Bank executive plead guilty June 7 in Connecticut to embezzling more than $1 million from his employers. He pleaded guilty to a single count of bank theft. The man, who served as the banks’ assistant vice president and technology officer, was responsible for overseeing the bank’s hardware and software systems, according to a press release from the U.S. Department of Justice. He admitted he created a fake company to issue false invoices to the bank in September 2001, according to court documents. The invoices purported to charge the bank for technology support services that the man knew had not been rendered. From September 2001 through November 2010, the man stole approximately $1,029,050 from his employer, officials said. Source:

17. June 8, KTHV 11 Little Rock – (Arkansas) Kelly Harbert indicted for bank fraud, money laundering charges. A 45-year-old woman from Little Rock, Arkansas, was indicted June 8 by a federal grand jury for 17 counts of bank fraud, two counts of money laundering, and one count of aggravated identity theft. The woman served as the vice president and commercial loan officer and later as senior vice president for One Bank. The charges she faces claims she devised a scheme to defraud various financial institutions by acquiring funds under false pretenses. She then used proceeds from fraudulent loans and lines of credit, totaling over $555,000, for her own personal use. Using her position at One Bank, she allegedly approved unsecure loans and lines of credit in the names of another parent, without their knowledge or authorization. She also used her business relationship with other financial institutions in the Little Rock area to arrange for unsecured loans and lines of credits at the banks in the names of one parent or the other, and in the names of some of the bank clients. The money laundering counts come from the woman’s conversion of the bank proceeds by depositing and transferring amounts, in excess of $10,000, from one account to another. Source:

Information Technology

39. June 9, Help Net Security – (International) Plankton Android trojan found in 10 apps on Android Market. Ten more applications have been pulled from Google’s official Android Market following a notification that they contained a new kind of Android malware. The malware was discovered by an assistant professor at the North Carolina State University and his team. The malicious code is “grafted” onto legitimate applications, and once the app is installed, it works as a background service whose goals is to gather information and transmit it to a remote server. The server takes the information in consideration and returns a URL from which the malware downloads a (dot)jar file that, once loaded, exploits Dalvik class loading capability to stay hidden by evading static analysis. According to the researchers, Plankton — as they named the malware — and the payloads it downloads do not provide root exploits. “Instead, they only support a number of basic bot-related commands that can be remotely invoked,” they said. Among those commands are those that collect browser history, bookmark and log information, and those that allow the installation and deinstallation of shortcuts. Source:

40. June 9, Help Net Security – (International) French certification authority reveals its private key by mistake. Certigna, a major French certification authority whose certificates are trusted in popular browsers — Internet Explorer, Firefox, Safari, Opera — managed to make its private key accessible via browser for anyone who might be looking. “A visit to the site’s revocation list page — which is fully publicly accessible via a standard Web browser — allows anyone and everyone to download the private key and other supposedly secret files, potentially enabling the creation of their own valid Certigna-signed SSL certificates,” a researcher said. This private key can result in malicious pages seemingly possessing valid certificates signed by a trusted certification authority, reassuring potential victims that it is safe to give out their private or financial information or to download offered files. According to the researcher, Certigna has been alerted to the fact and has removed the files in question from the Web site. Source:

41. June 9, Softpedia – (International) Movable Type 0-day vulnerability used to hack into PBS, patches available. Six Apart, the company developing Movable Type, has released updates for the popular blogging platform to patch a zero-day vulnerability used by hackers to break into the Web site 2 weeks ago. At the end of May, the group LulzSec hacked into the Web site of the Public Broadcasting Service (PBS) and posted fake news articles. In a post on its official blog, Six Apart admits working with PBS following the incident to determine how hackers managed to compromise the site that runs on Moveable Type. The company released mandatory security updates June 9 across all branches — 4.0, 5.0, and 5.1 — to address the security issues exploited by LulzSec. Users are strongly recommended to upgrade to Movable Type 5.11, 5.051, and 4.361, depending on what branch they use, the company stressed. Changes include the addition of a blacklist and whitelist for uploaded files. These were implemented as configuration directives called DeniedAssetFileExtensions and AssetFileExtensions. Source:

42. June 9, H Security – (International) Mozilla disables Firefox 5 WebGL’s cross domain textures. Mozilla disabled cross domain textures in Firefox 5’s WebGL implementation after a researcher demonstrated an ability to abuse the capability. A report released in May by Context Information Security on WebGL security included a proof of concept that used cross domain textures to reconstruct a displayed image without directly accessing the image. The Khronos Group, home to the WebGL standard, responded to the issue saying it was considering requiring opt-in to Cross Origin Resource Sharing or some other mechanism to prevent possible abuse. In advance of any decision being taken ratified by the Khronos Group, Mozilla decided to completely turn off cross domain texture support in the forthcoming Firefox 5. A documentation note explains what has been changed and suggests that if code was relying on cross domain textures, the textures should be moved to the same domain. Source:

43. June 8, Softpedia – (International) Scareware spread from rogue SourceForge pages via PDF exploit. Security researchers from GFI Labs warn that scareware distributors are abusing SourceForge to host malicious pages that direct visitors to PDF exploits. The campaign is the work of people behind the FakeRean family of malicious applications that pose as fake security products and trick users to buy useless licenses. “This family also alters the infected system’s registry quite extensively and drops lots of component and shortcut files, among other things. What sets FakeRean apart from the usual rogues is its ability to hijack a file association for executable (.EXE) files, which allows it to reappear every time an application is run,” the GFI security researchers explained. It uses customizable SourceForge user pages feature to distribute scareware. The rogue pages are designed to look like adult sites and ask visitors to confirm that they are at least 18 years old by clicking a button. Doing so takes visitors to a site that attempts to exploit a vulnerability in older versions of Adobe Reader. If the attack is successful, a FakeRean variant is silently installed on the computer. The fake SourceForge project pages are filled with keywords corresponding to adult content. The domains’s good standing on Google helps push them up in search results. In addition to SourceForge, the gang behind this campaign is also abusing other public services, such as Twitter, Flickr, Yahoo!, Scribd, TED, Formspring, Posterous, and Source:

44. June 8, CNET News – (International) Sony Pictures says 37,500 customer records exposed. Almost a week after hackers posted a trove of customer information stolen from various Sony businesses’ Web sites, Sony Pictures has more details on the attack. The company posted a statement June 8 saying personally identifying information of 37,500 customers was exposed in the breach. “We are continuing to investigate the details of this cyberattack; however, we believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name,” the statement reads. Sony Pictures notes that it had not requested credit card information, Social Security numbers, or driver’s license numbers from those people. Source:

45. June 7, Bloomberg – (International) Sony says it’s investigating two new possible attacks, suspends Website. Sony, targeted since April by hacker attacks that have compromised more than 100 million customer accounts, is investigating two new possible intrusions. The company suspended its Brazilian music entertainment Web site while it looks into a possible breach, it said June 7. Sony also is investigating a hacker group’s claim that it stole data related to the company’s game operation. Japan’s largest exporter of consumer electronics reported the new attacks 2 days after saying hackers had broken into its European unit’s Web site. No customer information was accessed during that intrusion, Sony said June 6. The possible attack on Sony’s Brazilian Web site may have altered some content, a spokesman for the Tokyo, Japan-based company said June 7. Source:

For more stories, see items 11 and 16 above in the Banking and Finance Sector

Communications Sector

See item 39 above in the Information Technology Sector

Thursday, June 9, 2011

Complete DHS Daily Report for June 9, 2011

Daily Report

Top Stories

• Bloomberg reports that a large power company was seeking alternative energy sources because an Arizona wildfire threatened to destroy high-voltage lines that deliver power to 371,000 homes, a 1,700-square-mile army base, and an oil refinery. (See item 1)

1. June 8, Bloomberg – (Arizona; Texas; New Mexico) Ariz. fire threatens 40% of El Paso’s power. El Paso Electric Co., supplier of power to an oil refinery and the U.S. Army’s Fort Bliss, said it is seeking alternative power supplies should an Arizona wildfire cut electrical lines from Palo Verde, the nation’s largest nuclear generating plant located in Wintersburg, Arizona. The Wallow Fire is on track to reach within 3 days high-voltage links that deliver 40 percent of the power used by 371,000 homes and businesses in western Texas and southeastern New Mexico, including the 1,700-square-mile Fort Bliss base, a spokeswoman for the El Paso, Texas-based utility owner said June 8. The blaze, which started May 29, has scorched an area 21 times larger than Manhattan. The utility warned June 7 it would begin cutting power temporarily to parts of its service area as a “last resort” to avoid a wider blackout. Residents of Springerville, Arizona, near El Paso’s lines, have been urged to prepare for evacuation by the sheriff of Apache County, according to the Web site of the incident command for the fire. None of the fire is contained, the June 8 report said. Fire damage to the lines from Palo Verde in Arizona may knock out 633 megawatts of supply, the utility owner said June 7. That is enough for about a half million average U.S. homes, according to statistics from the Energy Department in Washington. The Wallow Fire has raged over 311,491 acres south and west of Alpine, Arizona. The fire has destroyed 10 structures and damaged one. The Apache County Sheriff’s Office has ordered evacuation of at least four towns. The fire has not yet interrupted the power grid, a spokeswoman for the Western Electricity Coordinating Council said June 8. Source:

• According to the Associated Press, a troubled small-town insurance agent in Louisiana shot two unarmed state fraud investigators to death at his office June 7, before killing himself. See item 15 below in the Banking and Finance Sector.


Banking and Finance Sector

15. June 8, Associated Press – (Louisiana) La. state police: Insurance agent fatally shot 2 fraud investigators, then himself. Authorities worked June 8 to figure out why a troubled small-town insurance agent shot two unarmed state investigators to death at his office in Ville Platte, Louisiana before killing himself. They believe the man killed two veteran insurance fraud investigators June 7 after they had come to collect information, said the Louisiana State Police superintendent. It was not clear what the investigators were looking for. The man barricaded himself in his office and a SWAT team and negotiators spent hours outside before bursting in to find him dead. Authorities said he had been in business for almost 40 years but had a history of troubles. The Louisiana Department of Insurance in 2009 had suspended his insurance license and fined him $16,500, saying he provided fraudulent proof of vehicle insurance several times. In January, state police arrested the man and charged him with unfair trade practices. Source:

16. June 8, San Francisco Chronicle – (California) S.F. cops hunting ‘Gen X bandit’ kill suspect. A suspected bank robber shot and killed June 7 by San Francisco, California police may be the so-called “Gen X bandit” because of his distinctive attire while robbing two banks in Southern California, authorities said. The man was shot dead in the Lower Haight neighborhood June 7 after the suspect tried to run over officers with his vehicle, authorities said. A spokesman for the police department said officers responded to the unit block of Buena Vista Avenue East around 5:40 p.m. in an attempt to apprehend the robbery suspect. The FBI had tipped local police that the suspect, wanted in connection with two bank robberies in Irvine (Orange County), had fled to the city in a stolen BMW. The FBI said it tracked the vehicle using the car’s on-board GPS unit, a navigation computer system. The bank robbery suspect was dubbed the “Gen X bandit” by the FBI. He robbed a Chase Bank and Comerica Bank in Irvine within a half-hour May 17. Source:

17. June 8, Lansing State Journal – (Michigan) Credit union robbery leads to man’s capture. A Lansing, Michigan man who police said admitted to multiple bank robberies is behind bars after allegedly robbing a Clinton County credit union June 7, and leading police on a multi-county pursuit. The man was slated to be arraigned June 7 in district court in connection with the incident that started at about 9:05 a.m. 7 at Portland Federal Credit Union in Westphalia, and ended more than a half hour later outside Cooley Law School Stadium in Lansing. The suspect took an undisclosed amount of cash from the credit union, and an employee saw him leave in a vehicle, a county sheriff’s detective said. A DeWitt police command officer spotted the car shortly after 9:30 a.m. The suspect drove into Lansing when police attempted to stop him near Interstate 69, the detective said. He was arrested outside the Lansing Lugnuts baseball stadium after bailing on foot, the detective said. Police said the man told Clinton County sheriff’s detectives and FBI agents he robbed banks in Lansing, Fowler, and Middleton. Source:|mostpopular|text|FRONTPAGE

18. June 7, KREM 2 Spokane – (Washington) ‘Bad Hair Bandit’ suspected in Moses Lake bank heist. Detectives believe a serial bank robber called the “Bad Hair Bandit” hit a Moses Lake, Washington Sterling Servings Bank at 12 p.m. June 7. Bank workers said the woman handed the teller a piece of paper telling her to put her hands up. The suspect demanded cash and implied she had a weapon. Officers said she got away with an undisclosed amount of money. The robber matches the description of the “Bad Hair Bandit,” a white woman about 35-years-old, 5-feet, 6-inches, and 220 pounds with a heavy build. She has hit banks in the Puget Sound area, as well as in Spokane, and Ellensburg. Source:

19. June 7, Los Gatos Patch – (California) Man arrested for bomb threat and robbery. A 28-year-old man was arrested and charged for robbery, attempted robbery, extortion, and making a bomb threat June 6, after a police investigation linked him to a series of bomb threats and attempted robberies at two banks, Los Gatos/Monte Sereno police reported. The investigation took place over the weekend of June 4 and 5, after the man was positively identified in connection with multiple bomb threats and attempted robberies at Chase Bank June 3 and Wells Fargo Bank June 4. Police later conducted a photo lineup where witnesses at Wells Fargo positively identified him as the suspect from the attempted Chase Bank robbery, and a previous robbery at the same Wells Fargo branch March 17. Police also determined the simulated explosive devices found at each location were nearly identical. Source:

20. June 6, Federal Bureau of Investigation – (National) FBI releases bank crime statistics for first quarter of 2011. During the first quarter of 2011, there were 1,092 reported violations of the Federal Bank Robbery and Incidental Crimes Statue, a decrease from the 1,183 reported violations in the same quarter of 2010. According to statistics released June 6 by the FBI, there were 1,081 robberies, 9 burglaries, 2 larcenies, and 1 extortion of financial institutions reported between January 1, 2011 and March 31, 2011. Source:

For another story, see item 47

Information Technology

50. June 8, Softpedia – (International) Java 6 update 26 fixes critical security issues. Oracle has released update 26 for its Java SE 6 platform to address a number of 17 remotely exploitable vulnerabilities, many of which could result in arbitrary code execution. Of the included patches, 11 apply only to the Java SE client and 1 only to the server version. The rest affect both of the platform’s flavors. Nine vulnerabilities carry the maximum score of 10 on the CVSS scale. This means that they can be exploited remotely with ease and no authentication resulting in a complete confidentiality, integrity, and availability compromise. The scores were calculated under the presumption users have administrative privileges, typically on Windows, and are capable of running Java applets or Java Web Start applications that is default behavior. Three of the remaining vulnerabilities carry a CVSS base score of 7.6, four of 5.0, and one of 2.6. Java vulnerabilities are commonly exploited in drive-by download attacks to infect users with malware. In fact, according to statistics grabbed from live Web exploit kit installations, Java exploits are the most effective ones. Source:

51. June 8, IDG News Service – (Arizona) Intel investigating fire at Arizona plant. Intel said June 8 it is investigating a fire at the company’s manufacturing facilities in Chandler, Arizona, that left 13 people injured. The fire June 7 was in a support building handling solvents outside the Fab 22 chip-manufacturing site, which is currently under construction. Reasons for the fire have not been determined and are under investigation, an Intel spokesman said. Five people were sent to hospital for evaluation, but the company declined to comment on the extent of their injuries or medical progress. Another manufacturing facility in the complex, Fab 32, was evacuated briefly as a precaution. There was no impact to chip production on the sites, and the factories have now returned to normal operation, the spokesman said. The company produces millions of chips a year, and maintains major manufacturing operations in Chandler, where it has about 9,700 employees. Many chip facilities there are continuously upgraded to make smaller and faster chips for future laptops, desktops, and servers. Source:

52. June 8, Softpedia – (International) New MacShield variants spotted in the wild. Three new variants of the MacShield scareware were identified June 8, suggesting that Apple’s efforts so far have not discouraged Mac malware development. “F-Secure Labs located three new samples today, and added detection for today’s in-the-wild versions of MacShield,” a security advisor at the Finnish antivirus vendor said. The volume of new Mac scareware has increased and so has the number of distribution vectors. At first, there were Google Images black hat search engine optimization campaigns. Then the malware distributors switched to Facebook. It is unclear if the new variants bypass Apple’s XProtect blacklist, but it is a very likely possibility given the technology works by comparing hashes. Users should use a full-featured security product that offers layered protection. For example, antivirus programs contain Web filters that block users from accessing scareware distribution sites in the first place. However, if a site is very new and the Web filter does not know about it, an antivirus product can still leverage heuristic signatures to identify new variants of a certain threat. Source:

53. June 7, Softpedia – (International) Chrome 12 brings many security fixes and enhancements. Google released the first stable build of Chrome 12 that addresses many vulnerabilities and brings several new security enhancements. A total of 14 security flaws have been patched in the new Chrome 12.0.742.91 build, in addition to the ones fixed during the development cycle. Five of the vulnerabilities are rated with high severity. Aside from the vulnerability patches, Chrome 12 allows users to delete Flash cookies from the browser’s own interface. Flash Player’s local storage can be abused to respawn tracking cookies. Another security-related feature in Chrome 12 provides protection against malicious downloads by using data from Google’s Safe Browsing service. Source:

54. June 7, The Register – (International) Hackers jailbreak iOS 5 in under 24 hours. Hackers said they have jailbroken the latest version of Apple’s iOS so it will run applications not officially sanctioned by the company. iOS 5 was unveiled June 6, and a beta version was made available to a limited number of developers. Within hours, members of the iPhone Dev Team posted pictures that showed it had been jailbroken. They said the OS, which runs iPhones, iPod Touches, and iPads, had been unlocked using “limera1n,” a technique devised by serial jailbreaker “GeoHot.” The jailbreak is of the tethered-boot variety, meaning jailbroken iDevices must be connected to a computer each time they reboot. There was no mention of an untethered jailbreak coming to the new OS. Source:

55. June 6, Darkreading – (International) New malware can launch multiple types of advertising fraud. A new coordinated malware attack can enable cybercriminals to launch multiple types of online advertising fraud, according to researchers. According to researchers at Adometry (formerly Click Forensics), the attack, called “ad hijacking,” uses similar malware and infection delivery methods to create a network of computers aimed at committing advertising fraud through different kinds advertisements and channels. “In the past, advertising fraudsters have mainly set their sights on the search advertising industry,” the CEO of Adometry said. “This is the first attack we’ve seen that coordinates advertising fraud across many different online ad channels.” Rather than requiring a user to download malware via a fake antivirus program, Adometry said the ad-hijacking malware injects itself into the rootkit of a user’s computer through an advertisement on a popular Web site. Once it infects the computer, the malware receives instructions from a host to perform multiple kinds of advertising fraud, including search hijacking, display advertising impression inflation, and video advertising fraud. Source:

Communications Sector

See item 54 above in the Information Technology Sector