Wednesday, October 5, 2011

Complete DHS Daily Report for October 5, 2011

Daily Report

Top Stories

• The hacktivist group Anonymous declared "war" on the New York Stock Exchange and vowed to "erase" it from the Internet on October 10. – PC Magazine See item 13 below in the Banking and Finance Sector

• A security hole found in some HTC Android phones could give apps with Internet permissions access to information such as a user’s location, text messages and system logs, Android Police reported October 2. – Ars Technica (See item 40 below in the Information Technology Sector

Details

Banking and Finance Sector

10. October 4, Financial Industry Regulatory Authority – (Texas; National) FINRA fines Merrill Lynch $1 million for supervisory failures that allowed a registered representative to operate a ponzi scheme. The Financial Industry Regulatory Authority (FINRA) announced October 4 it has fined Merrill Lynch, Pierce, Fenner & Smith Inc., $1 million for supervisory failures that allowed a registered representative at Merrill Lynch's branch office in San Antonio to use a Merrill Lynch account to operate a ponzi scheme. The registered representative convinced 11 individuals to invest more than $1 million in a Ponzi scheme he created and ran as B&J Partnership for more than 10 months. Merrill Lynch supervisors approved the representative's request to open a business account for B&J and failed to supervise funds customers deposited and he withdrew. FINRA permanently barred the representative from the securities industry in December 2009. FINRA found Merrill Lynch failed to have an adequate supervisory system in place to monitor employee accounts for potential misconduct. Merrill Lynch's supervisory system automatically captured accounts an employee opened using a Social Security number (SSN) as the primary tax identification number. However, if the employee's SSN was not the primary number associated with the account, the system failed to capture the account in its database. Instead, Merrill Lynch solely relied on its employees to manually input these accounts into its supervisory system. FINRA also found that from January 2006 to June 2010, Merrill Lynch failed to monitor an additional 40,000 employee/employee-interested accounts, which were not reported for certain periods of time and therefore not available on the supervisory system. In concluding this settlement, Merrill Lynch neither admitted nor denied the charges, but consented to the entry of FINRA's findings. Source: http://www.finra.org/Newsroom/NewsReleases/2011/P124572?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+FINRANews+(FINRA+News)&utm_content=Google+Reader

11. October 4, WTVB 1590 Coldwater – (Michigan) Serial bank robber believed to have held up area banks. The FBI said it believes the bandit who held up a Century Bank Branch in Coldwater, Michigan, in August and a Southern Michigan Bank & Trust branch in Tekonsha in September is a serial robber who may have been involved in up to 8 stickups or attempted holdups dating back to the fall 2009. The FBI announced there is a $10,000 reward being offered for information leading to the arrest of the bandit. The investigation includes Coldwater City Police, the Calhoun and Hillsdale County Sheriff’s Departments, and the Michigan State Police. Authorities said the first financial institution targeted was a bank in Manitou in Lenawee County November 20, 2009. The institution most recently hit was the Southern Michigan Bank and Trust branch in Tekonsha September 9. The suspect is described as a white male, approximately 6 feet tall, with an average build. He has worn vinyl Halloween masks, possibly of a former Democratic U.S. Vice President, and the current U.S. President, as well as camouflage clothing during hunting season to disguise his appearance. His weapon is a black semi-automatic pistol. Witnesses have described his getaway vehicle as a white, four-door passenger car with a gray or black strip along the bottom. Source: http://wtvbam.com/news/articles/2011/oct/04/serial-bank-robber-believed-to-have-held-up-area-banks/

12. October 3, Orange County Register – (California) Broker pleads guilty in Ponzi and real estate scheme. A broker for "hard-money lenders" pleaded guilty in California October 3 to multiple felony counts for stealing $6.9 million from investors in a Ponzi and real estate fraud scheme, authorities said. The 53-year-old of Tustin, California, faces a potential term of 15 years in prison. He pleaded guilty to 55 felony counts of grand theft, 7 felony counts of filing false recorded documents, 6 felony counts of elder financial exploitation, and sentencing enhancements for white-collar crime over $500,000 and excessive stealing. He defrauded as many as 12 people in a Ponzi and real estate fraud scheme from May 2004 to June 2007 while operating as a broker for "hard-money lenders" through his four Orange County-based businesses, including Sea View Investments, HLHS Financial Services Inc., Foothill Realty, and Sea View Mortgage, prosecutors said. The term "hard-money lender" is a private investor who provides money to borrowers looking for funds from non-bank lenders, prosecutors said. He stole from private investors, most of whom were long-time friends, by keeping the money they lent for borrowers and not funding the loans as promised, according to a news release from the Orange County District Attorney's Office. The convict supplied investors with bogus interest payments by taking small sums from their initial investment and providing them with falsified and forged documents to prevent them from discovering the loans had not been repaid, prosecutors said. He used funds from new investors to pay off old investor, prosecutors said. In December 2008, the Tustin Police Department began investigating after receiving complaints of checks bouncing. The convict was arrested in court June 12, 2009, after pleading guilty in an unrelated case to 6 felony counts, including grand theft and check fraud. Source: http://www.ocregister.com/news/helsing-320174-money-felony.html

13. October 3, PC Magazine – (New York) Anonymous threatens to 'erase NYSE from the Internet'. Anonymous declared "war" on the New York Stock Exchange (NYSE) the weekend of September 30 and vowed to "erase" it from the Internet October 10 as the Occupy Wall Street protest entered its third week in New York City after a weekend that saw hundreds of protesters arrested during a planned march across the Brooklyn Bridge. "On October 10, NYSE shall be erased from the Internet. On October 10, expect a day that will never, ever be forgotten," intoned a computer-generated male voice common to many Anonymous videos, in a warning posted on TheAnonMessage YouTube channel. The channel has been used to post several Occupy Wall Street-related video messages since the protest against lax regulation of the financial sector and economic inequality began September 17. Those messages include Anonymous' initial "official" video regarding Occupy Wall Street, and a warning sent last week to the New York Police Department that threatened retaliation if "the brutality does not stop" against Occupy Wall Street protestors. The threat to "erase" the NYSE from the Internet was not explained, though some speculated Anonymous was planning a Distributed Denial-of-Service (DDoS) attack on the public-facing NYSE.com Web site, similar to DDoS attacks the group has used to take down sites in the past. Others felt that would only be a minor setback for the NYSE and guessed that Anonymous was planning a larger attack, perhaps even an attempt to actually disable trading on the exchange. Source: http://www.pcmag.com/article2/0,2817,2394071,00.asp#fbid=HVPcnsT7BOR

14. October 3, KSAZ 10 Phoenix – (Arizona) Bank robber threatens teller with flammable liquid. A woman walked into a Scottsdale, Arizona bank October 3, demanded money, and then set the counter on fire. Police said the woman tried to rob the Wells Fargo bank inside the Albertson's at Scottsdale Road and Thomas about 10 a.m. Officers spent the day going through surveillance video and talking to witnesses. "She does state that she has a flammable liquid of some sort in the cup, and that if she doesn't get money she's going to light it on fire, which she actually does," a Scottsdale police officer said. The suspect poured out the cup and lit it with a match. A small section of the counter ignited, but the fire died off quickly. She then fled empty-handed, and jumped into a silver 4-door getaway car. Police are looking into whether or not the suspect is tied to another robbery in Mesa, Arizona, October 3, but that has not been confirmed. Source: http://www.myfoxphoenix.com/dpp/news/crime/bank-robber-threatens-teller-with-flammable-liquid-10-3-2011

15. October 3, Softpedia – (International) PayPal emails replicated in phishing campaign. An e-mail reading “Your PayPal account has been limited” has been received by many users, in what turned out to be a well-thought-out phishing expedition. Mxlabs informed Softpedia October 3 that the scam e-mails were very well designed and because the seemingly genuine address was spoofed, they looked even more credible. The body of the note reads ”Unfortunately one of your recent transaction with PayPal is not successful because your PayPal account has been limited. It is a measure taken to protect your account and help ensure the safety of the PayPal platform. We want to help you remove this limitation as soon as possible so he can continue to take advantage of the benefits from PayPal.” The whole layout of the e-mail is very well conceived, and all the graphics and content elements are a perfect match to what would normally be seen in a message coming from PayPal. Once the Click Here button is hit, the user is transferred to a site hosted on a domain called mittemaedchen(dot)de. The full address contains some fragments that refer to “pay pal” to make it look more realistic. The next page, which is also well built, contains a form in which the customer is asked for information such as name, date of birth, country, address, and credit card information. After the form is completed, the victim is redirected to the PayPal genuine site. Source: http://news.softpedia.com/news/PayPal-Emails-Replicated-in-Phishing-Campaign-225118.shtml

For another story, see item 40 below in the Information Technology Sector

Information Technology Sector

37. October 4, Help Net Security – (International) Critical vulnerabilities in Adobe Photoshop Elements 8. Critical vulnerabilities have been identified in Adobe Photoshop Elements 8.0 and earlier versions, Help Net Security reported October 4. These two buffer overflow vulnerabilities (CVE-2011-2443) could cause a crash and potentially allow an attacker to take control of the affected system. An attacker would need to convince a user to open a malicious binary .grd or .abr file to successfully exploit the issue. Because Photoshop Elements 8 is no longer supported, Adobe recommends users upgrade to Photoshop Elements 10. Users who cannot upgrade to Photoshop Elements 10 should not open .grd or .abr files from untrusted sources. Source: http://www.net-security.org/secworld.php?id=11726

38. October 3, Softpedia – (International) Children's online games hide bank account stealing malware. Bitdefender experts warn users to pay closer attention to what their children access on the Internet as in many cases, harmless looking games hide dangerous malware that could compromise the entire information from a device. According to a Bitdefender researcher, “Some of these dangerous games are easily identified by adults –- who suspect that something is abnormal about them when they require permission to install various programs in the computer or they redirect to other Web sites," he said. ”Thus, attackers choose targets that are easier to dupe. Furthermore, a 4-year-old doesn't understand the concept of online vulnerability." The colorful images and playful sounds might look innocent, but in some cases they hide backdoor applications that surrender control of the machine to hackers looking to steal sensitive data. The phenomenon is expected to take off, as recent studies show that in the United States and in the United Kingdom, more than 40 percent of children are highly active in social networking environments. Also, 24 percent of parents do not monitor their children's Internet activity. Malware containing Flash applications seem to be among the most unsafe as in many cases they look like regular games. When they are executed, redirects are made, which lead kids to insecure locations that host malicious elements. Legitimate sites can also be overtaken by cybercriminals and infested with malevolent code that could hand over the controls to the system to a third party. Source: http://news.softpedia.com/news/Children-s-Online-Games-Hide-Bank-Account-Stealing-Malware-225093.shtml

39. October 3, Wired.com – (International) U.S. signs international anti-piracy accord. The United States, Australia, Canada, Japan, Morocco, New Zealand, Singapore, and South Korea signed the Anti-Counterfeiting Trade Agreement October 1, an accord targeting intellectual property piracy. The European Union, Mexico, and Switzerland — the only other governments participating in the accord’s creation — did not sign the deal at a ceremony in Japan but “confirmed their continuing strong support for and preparations to sign the agreement as soon as practical,” the parties said in a joint statement. Among other things, the accord demands governments make it unlawful to market devices that circumvent copyright, such as devices that copy encrypted DVDs without authorization. The accord also calls on participating nations to maintain extensive seizure and forfeiture laws when it comes to counterfeited goods that are trademarked or copyrighted. Most important, countries must carry out a legal system where victims of intellectual property theft may be awarded monetary damages. Source: http://www.wired.com/threatlevel/2011/10/united-states-signs-acta/

40. October 2, Ars Technica – (International) Security hole in HTC phones gives up e-mail addresses, location. A security hole found in some HTC Android phones could give apps with Internet permissions access to information such as a user’s location and their text messages, Android Police reported October 2. The vulnerability is part of HTC’s Sense UI and affects a subset of the brand’s most popular phones, including the HTC Thunderbolt, and the EVO 4G. The affected HTC phones have an application package titled HTCLoggers.apk installed with root-level access. Apps with Internet permissions can access HTCLoggers.apk, which provides access to information such as GPS data, WiFi network data, memory information, running processes, SMS data (including phone numbers and encoded text), and system logs that can include information such as e-mail addresses and phone numbers. When called upon, the logging program opens a local port that will provide this data to any app that asks for it. Apps can send the data off to a remote server for safekeeping, as shown by a proof-of-concept app that Android Police researchers developed. Source: http://arstechnica.com/gadgets/news/2011/10/security-hole-in-htc-phones-gives-up-e-mail-addresses-location.ars

41. October 1, Softpedia – (International) Google and Yahoo services become spammers' heaven. Since e-mail arriving from Yahoo or Google services is considered legitimate and useful, spammers take advantage of this to spread malevolent messages. A Sophos security researcher revealed he has been receiving a lot of spam e-mail from Google Picasa and Yahoo! Groups, all being attempts of hackers to cast “spammy” alerts. In the case of Google's Picasa, a random account is created that contains text and attached pictures that are then shared with other members. So users might end up receiving many Picasa Web albums. Because anything coming from the picture manager is considered to be harmless, it never ends up in the spam folder of the mailbox. Instead, it floods users' inboxes with myriad scam attempts. With Yahoo! Groups the principle is more complicated, but spammers can just as easily take advantage of the policy slip. The rules allow anyone who owns a group to add members without asking for permission. Instead, after a user is unwillingly made part of a group, they must unsubscribe to stop receiving alerts. This mechanism is utilized successfully and as the Sophos researcher pointed out, in many cases it is not easy to unsubscribe. Another one of Yahoo's policies makes certain links expire ”to prevent abuse,” thus making it impossible to cancel a subscription. Source: http://news.softpedia.com/news/Google-and-Yahoo-Services-Become-Spammer-s-Heaven-224879.shtml

For more stories, see items 13 and 15 above in the Banking and Finance Sector and 43 and 44 below in the Communications Sector

Communications Sector

42. October 3, KOTV 6 Tulsa – (Oklahoma) AT&T repairs cell tower after 6 month service interruption in Adair. Cell phone provider AT&T said October 3 it solved a chronic problem for customers in Adair, Oklahoma. Almost no one with an AT&T cell phone could make outgoing calls, and the problem lasted for more than 6 months, despite plenty of complaints. AT&T said the problem was limited to one tower. The cell phone company said they repaired it the day after KOTV 6 Tulsa reported the phone problems delayed the emergency response to a house fire. Source: http://www.newson6.com/story/15607981/att

43. October 3, NorthEscambia.com – (Florida) Frontier experiences Internet outage. Frontier Communications Internet customers across the North Escambia, Florida area were without service for about 6 hours October 3. Business and residential customers in the Walnut Hill, Bratt, Molino, and Atmore areas reported their Internet service failed about 9:10 a.m. Service returned about 3:15 p.m., according to the company. A spokesperson for Frontier said early the afternoon of October 3 that the outage was the result of an AT&T cable that was cut west of Atmore. Frontier high speed Internet customers have been plagued with numerous outages — some many hours in length — over the past several months. The company has said that most of those outages were caused by problems with AT&T, the provider for Frontier’s connection to the Internet. Source: http://www.northescambia.com/?p=70172

44. October 3, Riverside Press-Enterprise – (California) Verizon restores Wrightwood-area phone service. The San Bernardino County, California Sheriff’s Department announced telephone service was restored to Verizon customers living in an area west of Interstate 15 in the lower Cajon Pass October 3. The service had been disrupted early October 3, cutting land-line, cellular, and data services to residents of Wrightwood, Canyon Hill, Oak Springs, Cajon, West Cajon Valley, Big Pines, and Pinon Hills, including 911 service. Residents with an emergency were urged to go to one of three fire stations in the area, a spokeswoman said. The county fire department’s emergency communications center, and Wrightwood’s community emergency response team were checking on residents during the outage to help ensure no one with special needs, such as people with disabilities, or emergencies were going without aid, the spokeswoman said. A Verizon crew worked throughout the day to restore service, but neither Verizon nor the sheriff’s department announced what cause the service outage, or how many people it affected. Source: http://www.pe.com/local-news/san-bernardino-county/san-bernardino-county-headlines-index/20111003-update-verizon-restores-wrightwood-area-phone-service.ece

For more stories, see items 38, 40, and 41 above in the Information Technology Sector

Tuesday, October 4, 2011

Complete DHS Daily Report for October 4, 2011

Daily Report

Top Stories

• Workers mixing chemicals sparked a massive blaze October 3 at a plant south of Dallas, Texas, that led to thousands of people being evacuated from homes and schools. – Associated Press (See item 5)

5. October 3, Associated Press – (Texas) Texas plant fire sparked as chemicals were mixed. A fire official said a massive blaze at a plant south of Dallas, Texas, was sparked as workers mixed chemicals. A fire chief said he is not sure what chemicals were involved in the fire that broke out before 11 a.m. October 3 at a Magnablend, Inc., facility in Waxahachie. No serious injuries were reported. The chief said the fire should be brought under control by late afternoon October 3, and that about 1,000 evacuated residents should be allowed to return to their homes. The blaze sent massive plumes of black smoke and bright orange flames into the sky, forcing schoolchildren and residents to evacuate or take cover indoors to avoid possible exposure to dangerous gases. A Magnablend spokesman said 25 to 30 employees who were inside a 100,000-square-foot warehouse at the plant evacuated safely when the fire broke out before 11 a.m. He said the company manufactures about 200 products, including some that are hazardous when ignited. The Texas Commission on Environmental Quality and U.S. Environmental Protection Agency were setting equipment to monitor air quality in the area. Ellis County emergency management officials issued a mandatory evacuation order for an apartment complex, an elementary school, and a junior college. Sheriff’s officials urged residents not to drive toward the area of the fire. A Waxahachie Independent School District spokeswoman said Wedgeworth Elementary School students were safely bused to another school’s gymnasium by 12:25 p.m. Navarro College cancelled all classes for its 2,500 or so students. Magnablend makes, blends, and packages chemicals. Much of its business revolves around energy production, including chemicals used to stimulate oil and gas wells, and hydraulic fracturing. The company employs about 250 people, and has operations in four states. Source: http://www.msnbc.msn.com/id/44759380/ns/us_news-life/#.Tonw93KHNGo

• A huge fire in downtown San Antonio destroyed a historic building housing two restaurants, and severely damaged a building containing several city offices, forcing the relocation of at least 300 city employees. – KSAT 12 San Antonio (See item 45)

45. October 3, KSAT 12 San Antonio – (Texas) Historic building gutted by fire to be demolished. City officials said the historic Wolfson building on East Commerce Street and North Main Avenue in downtown San Antonio will be demolished after a fire destroyed it October 1, according to KSAT 12 San Antonio, October 3. The emergency demolition will tie up the streets around Main Plaza for at least a week. As a result of the fire, West Commerce Street from Soledad to South Flores streets, and Main Street from Houston to West Commerce streets will be closed while the cleanup continues. The massive four-alarm fire also damaged the bottom seven floors of the Riverview Towers, a 21-story office building that contains several city offices. At least 300 city employees will have to temporarily relocate for work. Employees were asked to call their supervisors or the city hotline for more information. The fire chief said there were no injuries. No cause or damage cost has been determined. The charred Wolfson building opened in 1880, a conservation society official said. It was one of just two remaining structures surrounding Main Plaza from that period. The building served as a commercial operation since the 1880s. It housed the Bell’s Furniture Store, and more recently two restaurants and an upstairs ballroom for special events. Source: http://www.ksat.com/news/29369261/detail.html

Details

Banking and Finance Sector

15. October 2, Cybercast News Service – (California) FBI seeks public’s help IDing ‘Mr. Magoo Bandit’. FBI agents asked for the public’s help October 2 in identifying and arresting a bald-headed bank robber believed responsible for 6 local holdups. The “Mr. Magoo Bandit” struck in San Diego September 7 at a U.S. Bank branch at 3201 University Avenue, and, by releasing video of him, FBI agents hope someone will recognize him. He is also wanted for bank robberies in Camarillo, South San Francisco, and Novato. The most recent holdup was at a Chase branch in Camarillo September 27. He wears prescription glasses and typically uses demand notes. No weapon has been used so far. The robber is white, believed to be in his 40s,and weighs about 200 pounds. Source: http://www.760kfmb.com/story/15597540/fbi-seeks-publics-help-in-iding-mr-magoo-bandit

16. October 2, Miami Herald – (Florida) Fire official, 2 others from Broward convicted of $7M mortgage fraud. A federal jury October 2 found a Miami assistant fire chief guilty on three counts of conspiracy to commit wire and mail fraud in a mortgage scheme that cost lenders $7 million. The 44-year-old and her co-defendants were charged in February 2010 in a multi-million-dollar mortgage-fraud scheme involving condos in Aventura, Florida. A licensed mortgage broker, the woman was the department’s first black female firefighter. She went on paid administrative leave after the indictment. It accused the woman and her co-defendants of using straw buyers, submitting false mortgage-application paperwork to lenders, and profiting from money made on the deals. She had been earning $184,336 a year to oversee the fire department’s payroll, and entered the deferred retirement option program in September 2010, with a $166,687 pension. According to the U.S. sttorney’s office, she netted about $317,000 “in fraud proceeds in less than a month’’ from phony deals involving the Hidden Bay Condominium Complex at 3370 NE 190th Street. As the conspiracy progressed about $11 million in fraudulent loans were issued, resulting in a loss to lenders of about $7 million, a press release said. All three defendants were taken into custody after the verdict. They face up to 20 years in prison on each count. Source: http://www.sun-sentinel.com/news/local/florida/mh-miami-fire-official-fraud-20111002,0,5218699.story

17. October 2, Houston Chronicle – (Texas) Man accused of stealing ATM with forklift. A 40-year-old wore a ski mask as he apparently worked alone October 2 to unbolt an ATM from Bank of America at 18505 Champion Forest in Spring, Texas, the Harris County Precinct 4 constable assistant chief said. He said the suspect then used a stolen forklift to load the machine into a stolen U-Haul. A witness called authorities, who arrived seconds after the man pulled away. He was arrested less than a mile from the bank. The suspect’s criminal history already included two jail stints for felony theft, and criminal mischief charges. He now faces charges for felony theft of over $200,000, and criminal mischief. Each charge could result in jail time of between 5 and 99 years in prison, police said. Because the targeted bank property is insured by the Federal Deposit Insurance Corporation, the incident may result in federal charges, police said. Source: http://www.chron.com/news/houston-texas/article/Man-caught-after-stealing-ATM-with-forklift-2199315.php

18. September 30, Associated Press – (National) FTC: Debit card scheme defrauded merchants. The Federal Trade Commission (FTC) said September 30 it is paying $350,000 in refunds to 100 small U.S. merchants defrauded in a debit and credit card scheme. The scheme involved several firms that falsely promised they would save small businesses money in credit and debit card processing fees by offering lower rates than those of other card-processing services. However, the firms failed to disclose fees and concealed pages of fine print until after the merchants had signed contracts for their services, the FTC said. The FTC identified the firms that perpetrated the scheme as Merchant Processing Inc., Direct Merchant Processing Inc., Vequity Financial Group Inc., and PPI Services Inc. The agency reached settlements with two defendants that banned them from marketing card processing goods or services for sale or lease. Merchants due to receive refunds were to get between $100 and more than $25,000, depending on how much the merchant paid, the FTC said. Source: http://www.forbes.com/feeds/ap/2011/09/30/business-us-debit-card-fraud_8710414.html

19. September 30, Reuters – (National) SEC finds failures at credit raters. U.S. Securities and Exchange Commission (SEC) staff found “apparent failures” at each of the 10 credit rating agencies they examined, including Standard & Poor’s, Moody’s, and Fitch, the agency said September 30 in its first annual report on credit raters. The SEC sent letters outlining concerns to each ratings firm and demanded a remediation plan with 30 days, an agency official said in a conference call with reporters. SEC staff said concerns include failures to follow ratings methodologies, failures in making timely and accurate disclosures, and failures to manage conflicts of interest. The report was required by last year’s Dodd-Frank financial oversight law. The staff report did not single out by name any credit-rating agency for questionable actions, but it did describe specific problems it found. Two of the three largest firms, for example, did not have specific policies in place to manage conflicts of interest when rating an offering from an issuer who is also a large shareholder of the firm. One of the large firms, the report said, did not have effective procedures in place to prevent leaks of ratings before they are published, the report said. One of the three firms also failed to follow its methodology in rating certain asset-backed securities, was slow to discover, disclose and fix the errors, and may have let business interests influence its mistakes, the report said. It said the SEC has not determined that any of the findings constituted a “material regulatory deficiency”, but said it might do so in the future. Source: http://www.reuters.com/article/2011/09/30/us-sec-raters-idUSTRE78S50920110930?feedType=RSS&feedName=topNews

For another story, see item 41 below in the Information Technology Sector

Information Technology Sector

38. October 3, The Register – (International) Crazy square barcodes can point your phone to malware. Russian VXers have begun using QR codes as a launchpad for mobile malware. A recently identified malicious Quick Response code on a Russian Web site links through a series of redirections to a site punting a trojan version of the Jimm mobile ICQ client. Android users who follow the links and install the application will be infected with malware that sends text messages to premium-rate SMS numbers, net security firm Kaspersky warned. Source: http://www.theregister.co.uk/2011/10/03/qr_code_mobile_malware_risk/

39. October 3, Help Net Security – (International) Symantec IM Manager multiple vulnerabilities. Multiple vulnerabilities have been reported in Symantec IM Manager, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, according to Secunia. Input passed to the “refreshRateSetting” parameter in IMManager/Admin/IMAdminSystemDashboard.asp, “nav” and “menuitem” parameters in IMManager/Admin/IMAdminTOC_simple.asp, and “action” parameter in IMManager/Admin/IMAdminEdituser.asp is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a browser session in context of an affected site. Also, an input validation error exists within the Administrator Console. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior. Source: http://www.net-security.org/secworld.php?id=11716

40. October 3, Help Net Security – (International) iPhone 5 spam emails lead to malware. Apple expects to unveil the next iteration of its popular iPhone during a press event scheduled for October 4. As the excitement regarding the release of the new iPhone slowly reaches its peak, malware peddlers are taking advantage of the hype. E-mails containing an offer to preview the new device were hitting inboxes October 3, and were luring users into clicking on the link, which takes them to a Windows executable. The file — iphone5(dot)gif(dot)exe — is hosted on a compromised server. Once downloaded and executed, the file shows to the user a bogus “iPhone5” image while installing an IRC bot in the background, which connect to a remote server. “Infected machines can be centrally controlled via this server and are exposed to things such as credit card theft,” according to F-Secure. Source: http://www.net-security.org/malware_news.php?id=1861

41. October 2, H Security – (International) Chrome updates to repair Microsoft false alarm damage. A new version of Google Chrome is now available; the latest stable release has the version number 14.0.835.187 and the latest beta version, 15.0.874.58. The update stops Microsoft Security Essentials (MSE) virus scanner from incorrectly classifying the browser as part of the banking trojan PWS:Win32/Zbot (Zeus). A bad patch for Microsoft Security Essentials, Microsoft Forefront, and Microsoft Defender meant the scanners were identifying chrome.exe as malware and proposing to delete the browser. Microsoft released an unscheduled signature update September 30 to halt the false detection. The Chrome update should assist those who have been affected by MSE’s incorrect detection and deletion by repairing the installed versions of Chrome. Source: http://www.h-online.com/security/news/item/Chrome-updates-to-repair-Microsoft-false-alarm-damage-1353162.html

42. October 1, Softpedia – (International) Mobile malware masqueraded as Opera Mini. Cybercriminals are taking advantage of the fact that Opera Mini is one of the most popular mobile browsers and creating a fake Web site which stores a piece of malware that looks like a genuine installation file. Trend Micro discovered the site that resembles the official Opera page and that was specially made to be accessed from mobile devices. The content of the page is in Russian so that is the most likely origin of the hackers. The visitor is immediately alerted that “Your version of Opera Mini browser is out of date, further work may not be correct and lead to enexpected errors and crashes! You need to urgently upgrade Opera Mini to version 6.1!” The java file that is downloaded was detected as being J2ME_FAKEBROWS.A. Upon execution, the virus checks if the mobile device uses specific message service centers and if a match is found, it starts sending simple text messages to a phone number encoded in the data.res file. The string “424626 357 OX” is sent to specified premium numbers using the SMS service of the machine. Devices that support MIDlets are the ones vulnerable in front of this piece of malware. Source: http://news.softpedia.com/news/Mobile-Malware-Masqueraded-as-Opera-Mini-224863.shtml

Communications Sector

43. October 3, Winter Haven News Chief – (Florida) Eloise man, 35, accused of stealing wire. An Eloise, Florida man has been accused of climbing telephone poles in Bartow, Florida, to steal wire to sell as scrap. The 35-year-old cut the wire from atop poles in the area near Cox Road according to his arrest reports. The theft caused about $13,000 in damage, and interrupted telephone service. He was booked September 29 into Polk County Jail on theft, criminal mischief, and dealing in stolen property. His arrest reports said he gave the stolen wire to another man to sell to a recycler and they then shared the profits. Online jail records show the accomplice was booked September 28 on charges of theft, and defrauding a second-hand metal dealer. Source: http://www.newschief.com/article/20111003/NEWS/110035001/1003/NEWS?Title=Eloise-man-35-accused-of-stealing-wire

For more stories, see items 38, 40, and 42 above in the Information Technology Sector