Tuesday, January 31, 2012

Complete DHS Daily Report for January 31, 2012

Daily Report

Top Stories

• Heavy smoke from a wildfire caused a massive 19-car pileup on Interstate 75 near Gainesville, Florida, that killed 10 people and intermittently shut the highway down for several days. – Orlando Sentinel (See item 16)

16. January 30, Orlando Sentinel – (Florida) ‘Low visibility’ reported hours before Florida interstate pileup that killed 10. Troopers reopened Interstate 75 January 30 as the investigation continued into the massive pileup that killed 10 people on the highway near Gainesville, Florida the weekend of January 28. The Florida Highway Patrol (FHP) released an accident report January 30 showing there was a three-way crash at 11:55 p.m., involving a tractor-trailer and two SUVs, that preceded the massive pileup early January 29, according to the Associated Press. One person was seriously injured in the January 28 crash. A trooper noted in his report “there was heavy smoke in the area, causing low visibility.” The highway was closed to traffic a short time later. The 19-vehicle crash happened after the smoke- and fog-shrouded highway reopened at about 4 a.m. Besides the 10 people killed, 18 people were hospitalized. Wreckage, some of it burned and twisted, stretched for about a mile along the high-traffic road, the main transit route down the middle of the state. It was closed in both directions for hours. Troopers re-opened lanes the evening of January 29, but shut the interstate down again early January 30 because of smoke and visibility issues, a FHP spokesperson said. All lanes reopened at about 11 a.m. January 30. A 62-acre fire broke out January 28 in Paynes Prairie, a wildlife area that straddles the freeway just south of Gainesville, but a spokeswoman for the Florida Forest Service said it was not clear how it started. Source: http://www.chicagotribune.com/news/nationworld/os-florida-highway-deaths-killed-i-75-20120130,0,2598249.story

• The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google’s Android Market, Symantec said. – Computerworld. See item 44 below in the Information Technology Sector.

Details

Banking and Finance Sector

10. January 30, Coeur d’Alene Press – (Idaho; Oregon) Car dealers face fraud charges. A Post Falls, Idaho man is among three suspects accused of more than $6 million in bank fraud as a former auto dealership owner, the Coeur d’Alene Press reported January 30. The man and his brother owned three now-closed D&R auto dealerships formerly located in Hermiston and Enterprise, Oregon. The indictment alleges that from January 2007 through August 2008, the men conspired to defraud KeyBank in connection with a Floorplan Line of Credit and Security Agreement, known in the auto industry as a “flooring loan.” KeyBank extended a line of credit to the dealerships to purchase new inventory, but the men allegedly failed to repay KeyBank after they sold the inventory. The indictment alleges the three deceived KeyBank into believing the dealerships had not yet sold inventory, including asking customers to return recently purchased vehicles to receive a free service on the day of an audit, and misrepresenting to KeyBank that automobiles not present on the lot were being used as rental cars. The indictment also alleges the defendants submitted false vehicle identification numbers (VINs) to KeyBank to receive funding for inventory the dealerships never purchased, and that defendants “double floored” vehicles with more than one financial institution. Source: http://www.cdapress.com/news/local_news/article_1f155dcb-146c-59e2-ac14-324f674981de.html

11. January 30, Bloomberg – (California) FDIC sues ex-officers of Merced’s County Bank over $42 million in loans. The Federal Deposit Insurance Corp. (FDIC) January 27 sued former officials of County Bank in Merced, California, part of Capital Corp. of the West, claiming their mismanagement caused $42 million in losses through bad loans. Named in the suit, filed in federal court in Fresno, were County Bank’s former chief executive officer, three former vice presidents, and the former chief operating officer and bank president. “[The d]efendants caused or allowed County to make imprudent real estate loans,” the FDIC said in the complaint. The bank ailed in 2009, according to the complaint. The FDIC is receiver for the bank. “Management repeatedly disregarded the bank’s credit policies and approved loans to borrowers who were not credit worthy” or lacked sufficient collateral, the FDIC alleged. Source: http://www.bloomberg.com/news/2012-01-30/fdic-sues-ex-officers-of-merced-s-county-bank-over-42-million-in-loans.html

12. January 30, WLS 7 Chicago – (Illinois) Wicker Park Bandit hits 9th bank. The bank robber dubbed the Wicker Park Bandit struck again in Chicago January 28. No one has been hurt in any of the robberies. Most recently, a Chase Bank was hit. Authorities said it is the ninth bank to be robbed by the Wicker Park Bandit, at least one robbery every week since December 20. The face of the suspect is visible in surveillance photos and with Area 3 police headquarters only 2 blocks away from the latest robbery, it shows just how bold the robber has become. Source: http://abclocal.go.com/wls/story?section=news/local&id=8523865

13. January 28, Associated Press – (Iowa) Bank robber threatens clerk with Molotov cocktail. Authorities in Crawford County, Iowa, are looking for a suspect who they said threatened a teller at the Westside State Bank in Vail with an explosive device before fleeing with an undisclosed amount of cash. The robbery occurred just after 9 a.m. January 28. The Crawford County sheriff said the man threatened a teller with a Molotov cocktail, but did not use the homemade bomb. The sheriff said the suspect took an undisclosed amount of cash and fled on foot. Source: http://www.kcci.com/r/30323507/detail.html

14. January 28, Norwalk Hour – (Connecticut) Stamford bank teller, N.Y. man plead guilty to tax fraud scheme. A Stamford, Connecticut bank teller and a New York City man pleaded guilty January 26 and 27, respectively, in a U.S. district court in Hartford to fraudulently obtaining and cashing dozens of tax return checks. The defendants both played roles in the conspiracy, which defrauded the Internal Revenue Service (IRS) of nearly $200,000. They both pleaded guilty to one count of conspiracy to defraud the IRS. The New York man and his co-conspirators, who were not named, obtained 35 tax return checks under false pretenses, and the employee cashed the checks while working as a teller at a bank in Stamford, prosecutors said. The scheme cost the IRS $120,195.77, according to an indictment. Members of the fraud scheme also cashed $19,000 in fraudulent tax return checks at other locations, according to court documents. Both defendants face 10 years in prison and $400,000 in fines. Source: http://www.thehour.com/story/518719/stamford-bank-teller-n-y-man-plead-guilty-to-tax-fraud-scheme

15. January 27, ABC News – (National) New Fed task force subpoenas 11 in mortgage fraud probe. A new federal and state task force was created January 27 to investigate mortgage fraud that contributed to the 2008 financial crisis, and the panel immediately subpoenaed 11 financial institutions. The U.S. attorney general said the new unit would consist of 55 Justice Department lawyers and analysts and 10 FBI agents to work with state attorney general’s offices to investigate how mortgage backed securities were created, sold, and valued by financial institutions. The creation of the unit was announced by the U.S. President in his State of the Union address January 24. Making the announcement the attorney general disclosed that the Justice Department has sent civil subponeas to 11 financial institutions as part of the investigation. They did not identify the targets of the subpoenas. Although the FBI, U.S. Securities and Exchange Commission, and Justice Department have been investigating numerous aspects of the financial crisis, officials hope the new group may be able to use New York State’s Martin Act, which gives investigators broad powers to investigate fraud. The act allows New York to bring criminal and civil fraud charges without needing to show intent to commit fraud. Source: http://abcnews.go.com/blogs/politics/2012/01/new-fed-task-force-subpoenas-11-in-mortgage-fraud-probe/

For more stories, see items 41 and 42 below in the Information Technology Sector.

Information Technology

41. January 30, BBC News – (International) Technology firms create DMarc to fight phishing. A crackdown on “phishing” scams has been announced by 15 of the top technology companies. E-mail providers such as Google and Microsoft will work with companies like Paypal and the Bank of America to improve authentication. The Domain-based Message Authentication, Reporting and Conformance (DMarc) coalition has released plans to produce a “feedback loop” between e-mail receivers and senders. The initiative is the first significant attempt to bring together e-mail and service providers along with key security organizations. DMarc said this industry-wide involvement — which covers the receivers, senders, and intermediaries of e-mail use — will mean e-mail providers will for the first time be able to reliably filter out unwanted e-mails, rather than use “complex and imperfect measurements” to determine threats. Source: http://www.bbc.co.uk/news/technology-16787503

42. January 28, Dark Reading – (International) New drive-by spam infects those who open email — no attachment needed. Attackers have developed a new way to infect a user’s PC through e-mail. According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an e-mail is opened in the e-mail client. The user does not have to click on a link or open an attachment — just opening the e-mail is enough. The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the e-mail client allows HTML e-mails to be displayed, the HTML code is immediately activated. Source: http://www.darkreading.com/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

43. January 27, IDG News Service – (International) Drive-by-download attack exploits critical vulnerability in Windows Media Player. Security researchers from antivirus vendor Trend Micro have come across a Web-based attack that exploits a known vulnerability in Windows Media Player, a threat response engineer said in a blog post January 26. The security flaw can be exploited by tricking the victim into opening a specially crafted MIDI (Musical Instrument Digital Interface) file in Windows Media Player. Microsoft released a security fix for it January 10, as part of its monthly patch cycle. If successful, the exploit downloads and executes a computer Trojan on the targeted system, which Trend Micro detects as TROJ_DLOAD.QYUA. “[So] far we’ve been seeing some serious payload, including rootkit capabilities,” the Trend Micro engineer said. The attack is not widespread at the moment, but it is possible other attackers will start exploiting the same vulnerability in the near future, a senior antivirus researcher said. Source: http://www.computerworld.com/s/article/9223768/Drive_by_download_attack_exploits_critical_vulnerability_in_Windows_Media_Player

44. January 27, Computerworld – (International) Massive Android malware op may have infected 5 million users. The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google’s Android Market, Symantec said January 27. Dubbed “Android.Counterclank” by Symantec, the malware was packaged in 13 different apps from three different publishers, with titles ranging from “Sexy Girls Puzzle” to “Counter Strike Ground Force.” “They don’t appear to be real publishers,” a director with Symantec’s security response team said in an interview. “These aren’t rebundled apps, as we’ve seen so many times before.” Symantec estimated the impact by combining the download totals of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high. When installed on an Android smartphone, Android. Counterclank collects a wide range of information, including copies of the bookmarks and the handset maker. Italso modifies the browser’s home page. Source: http://www.computerworld.com/s/article/9223777/Massive_Android_malware_op_may_have_infected_5_million_users

45. January 27, H Security – (International) Cisco Security Appliances at risk from Telnet bug. Cisco has warned of a vulnerability in the telnet server used in its IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA) monitoring solutions. The vulnerability could be exploited by an attacker to remotely execute code on a system by sending a specially crafted command to the telnet daemon (telnetd). A buffer overflow in the encrypt_keyid() function causes the server to execute the injected code with system privileges. Updates are available for many distributions, including Red Hat and Debian. Kerberos 5 (krb5-appl) up to and including version 1.0.2 and Heimdal up to and including version 1.5.1 are also affected.The vulnerability is already being actively exploited and an exploit for the vulnerabilityis freely available. Source: http://www.h-online.com/security/news/item/Cisco-Security-Appliances-at-risk-from-Telnet-bug-1423741.html

For another story, see item 48 below in the Communications Sector.

Communications Sector

46. January 30, KTBS 3 Shreveport – (Louisiana; Texas) Verizon customers experiencing outages. The work week was off to a bad start for many Verizon Wireless customers in northeast Texas and northwest Louisiana January 30. According to a Verizon Wireless spokeswoman, an outage was impacting both 3G and voice service customers in parts of the Arklatex. As of the afternoon of January 30, there was no word on how many customers were affected or when the problem might be resolved. Source: http://www.ktbs.com/news/30330961/detail.html

47. January 29, Hunterdon County Democrat – (New Jersey) CenturyLink landline telephone service restored to northern Hunterdon County after outage. Phone service in northern Hunterdon County, New Jersey, was back to normal around 11 p.m. January 28, according to a CenturyLink spokesman. At about 8:15 p.m., an electronic card failed, affecting customers in the Clinton, Califon, Hampton, and High Bridge exchanges, he said. Phone calls could be made within those exchanges, but there was no landline communication in or out of those exchanges. Affected exchanges were 537, 638, 238, 328, 735, 730, 713, and 832. Phone service at Hunterdon Medical Center in the Raritan Township-Flemington area had also been disrupted. Hunterdon County Office of Emergency Management officials were advising residents to use cell phones to call 911 if they had an emergency, and fire and rescue companies were advised to have crews standing by, apparently to keep response time low to compensate for any delays in receiving word of emergencies. Source: http://www.nj.com/hunterdon-county-democrat/index.ssf/2012/01/centurylink_landline_telephone.html

48. January 29, TechCrunch – (International) DreamHost’s unhappy January continues: First, a database breach, now an outage. DreamHost, the low-cost hosting provider and domain name registrar found some unauthorized activity in its databases January 20, which they later admitted were a series of attacks that may have led to the theft of some FTP passwords. The company required mandatory password resets for all their Shell/FTP accounts. Dreamhost’s problems continued January 29, as they have been reporting outages, as Web, SSH, and FTP services were down for many of the firm’s virtual private servers (VPS), shared, and dedicated machines. The outage was reported at 4 a.m. Pacific Standard Time January 29, and continued throughout the day. In the company’s initial blog post, the team said “the apache (web), SSH, and FTP services on a subset of our VPS and dedicated servers are currently down. FTP services on some shared servers are also experiencing downtime.” Furthermore, the post said the outage only affected Web VPS/dedicated and shared web server FTP services, while other services or servers were unaffected. Judging from the parade of comments and subsequent updates, users were experiencing problems with MySQL and Webmail services as well. The majority of the large problems seemed to have been addressed as of 6:30 p.m. DreamHost plays host to thousands of small Web sites and personal blogs across the Web. Most of the sites are back up, but from what these site owners have learned from DreamHost, the VPS server was damaged by new software they were installing the morning of January 29, leading to a sizable outage with ripple effects. Even though the outage lasted nearly 24 hours for some, many could not even access files to move to another host. Source: http://techcrunch.com/2012/01/29/dreamhosts-unhappy-january-continues-first-a-database-breach-now-an-outage/

49. January 27, KOSA 7 Odessa – (Texas) Downed power lines cause power, Internet outages. Cableone Internet service was restored to some customers in west Texas after outages January 27. A truck hauling an oil rig was hauling a bigger load than permitted, which downed power lines the morning of January 27. Power was out for several hours but has since been restored. However, a fiber line was also cut. Internet service was affected for Cableone, Grande, and AT&T customers. Source: http://www.cbs7.com/news/details.asp?ID=32137

For more stories, see items 41 and 44 above in the Information Technology Sector.

Monday, January 30, 2012

Complete DHS Daily Report for January 30, 2012

Daily Report

Top Stories

• The Securities and Exchange Commission (SEC) claimed a trader in Latvia, as well as four U.S. trading firms and their executives, used an online account intrusion scheme to manipulate the prices of more than 100 U.S.-exchange listed securities, causing more than $2 million in harm. – U.S. Securities and Exchange Commission (See item 16)

16. January 26, U.S. Securities and Exchange Commission – (National; International) SEC charges Latvian trader in pervasive brokerage account hijacking scheme. The Securities and Exchange Commission (SEC) January 26 charged a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 New York Stock Exchange (NYSE) and Nasdaq securities and caused more than $2 million in harm to customers of U.S. brokerage firms. The SEC also instituted related administrative proceedings against four electronic trading firms and eight executives charged with enabling the trader’s scheme by allowing him anonymous and unfiltered access to U.S. markets. According to the complaint, the defendant broke into online brokerage accounts of customers at large U.S. broker-dealers and drove stock prices up or down by making unauthorized purchases or sales. This occurred on more than 150 occasions over 14 months. The defendant – using the direct, anonymous market access provided by various unregistered firms – traded those same securities at artificial prices and reaped more than $850,000 in illegal profits. According to the SEC, the four electronic trading firms allowed the defendant to trade through their electronic platforms without first registering as brokers. These firms gave the defendant a gateway to U.S. securities markets while circumventing the protections of federal securities law. The SEC’s complaint alleges the defendant violated the anti fraud provisions of federal securities law and seeks injunctive relief, disgorgement with prejudgment interest, and financial penalties. Source: http://www.sec.gov/news/press/2012/2012-17.htm

• Two spans of a heavily-traveled Benton, Kentucky bridge collapsed after being struck by a cargo ship carrying aviation parts. – Associated Press (See item 19)

19. January 27, Associated Press – (Kentucky) Officials: Portion of Kentucky bridge collapses. Two spans of a Benton, Kentucky bridge collapsed after being struck by a cargo ship that carried aviation parts. No injuries were immediately reported, state transportation officials said. The Delta Mariner struck the main span of the Eggner Ferry Bridge January 26 at U.S. Highway 68 and Kentucky Highway 80, said a spokesman for the Kentucky Transportation Cabinet. State inspectors are on their way to determine how much of the bridge, which opened to traffic in 1932, was damaged. Officials said the bridge was closed to traffic, causing vehicles needing to cross the Kentucky Lake reservoir and the Tennessee River to be detoured for dozens of miles. The U.S. Coast Guard also blocked access to boat traffic at the bridge site. Officials say about 2,800 vehicles travel daily on the bridge, which already was in the process of being replaced, although the new bridge has not been built yet. Motorists were advised to take alternate routes. Source: http://www.foxnews.com/us/2012/01/27/officials-portion-kentucky-bridge-collapses/

Details

Banking and Finance Sector

12. January 27, Buffalo News – (New York) 4 men charged after Black Money swindle goes awry. A West African currency scam arrived in Cheektowaga, New York, the weekend of January 21, landing three men in hot water along with their alleged victim, who later tried to take back his money at gunpoint, Cheektowaga police said January 26. Police said the incident began when three Liberian natives targeted a Buffalo man under what police call a Black Money Scam. The scam is a popular fraud in which the victim is presented with black construction paper reported to be real U.S. currency that had been dyed black through a chemical process. The con men told the victim they needed money to buy another chemical to wash away the black dye and make the currency usable. He turned over $21,000 to the three scammers in exchange for half of the black paper, police said. After he realized he had been scammed, the victim called the scammers and told them he had some friends who also wanted in on the “investment” in order to set up another meeting. At that meeting, which took place somewhere in Buffalo late January 21 or early January 22, the three con men were ambushed at gunpoint by the victim and up to three other men and forced into the basement of an unknown address. One of the men was taken back to his hotel room by the original victim, who demanded a return of his money. The three scammers were charged with fraudulent accosting and criminal possession of a forgery instrument. The original victim was charged with conspiracy and robbery. Source: http://www.buffalonews.com/city/communities/cheektowaga/article716451.ece

13. January 27, Somerset Courier News – (New Jersey) FBI nabs would-be Westfield bank robber. FBI agents arrested a TD Bank employee at his Elizabeth, New Jersey home January 26 on charges he conspired to commit bank robbery, according to authorities. According to the complaint, an individual entered a TD Bank in Westfield September 11, and passed a deposit slip across the counter to a bank teller. As the teller stepped back from the counter upon reading the note, the person reached across the counter and grabbed the money the teller had been counting, about $5,721. Between September and December, seven additional bank robberies occurred at TD Bank locations throughout New Jersey, a U.S. attorney said. According to the investigation, the alleged bank robber exchanged text messages in November and December with the arrested TD Bank employee. The two discussed when and how the vault of the Westfield branch could be robbed. During an interview with law enforcement, the employee acknowledged he discussed robbing the vault with the alleged bank robber and others, the U.S. attorney said. The employee said the robber agreed to give him up to $50,000 of the money from the vault. The charge of criminal conspiracy carries a maximum potential penalty of 5 years in prison and a fine of up to $250,000, officials said. Source: http://www.mycentraljersey.com/article/20120126/NJNEWS/301260036/FBI-nabs-would-Westfield-bank-robber?odyssey=nav|head

14. January 27, St. Augustine Record; Florida Times-Union – (Florida) Guilty verdict sparks relief, regret for victims. A jury in a U.S. district court in Jacksonville, Florida, January 26 convicted a woman on all 14 counts in a Ponzi scheme through which she defrauded investors of as much as $100 million. She faces up to 20 years on each of the 14 counts for which she was found guilty. A bankruptcy attorney said all of the investors are to be given stock in Integrity Auto Finance, the new company formed in Chapter 11 bankruptcy from the remains of the woman’s corporation. A cash disbursement is also coming on May 4, the first of an annual disbursement from a creditor trust. That trust is funded by whatever remained of the woman’s assets after the formation of Integrity. Source: http://staugustine.com/news/local-news/2012-01-26/cladeks-guilty-verdict-sparks-relief-regret-victims#.TyLNqIEhxI5

15. January 26, Minneapolis Star Tribune – (National) Bloomington duo accused of mortgage fraud. Two Bloomington residents were arraigned January 26 in Minneapolis on charges they ran an $8 million equity-stripping scheme under the guise of a nonprofit that claimed to help troubled homeowners avoid foreclosure. The residents were each charged January 19 in a sealed indictment with conspiracy, fraud, and money laundering involving transactions that took place from 2005 through October 2007. One of the defendants owned and operated Unified Home Solutions (UHS) and American Mortgage Lenders (AML), a mortgage brokerage that facilitated the transactions, the indictment says. It notes the UHS owner told homeowners facing foreclosure that he offered a rescue program backed by investors who would buy their homes and sell them back after they had regained their financial footing. The indictment says the mortgages were obtained with fraudulent financial information. Investors collected a “risk fee,” generally 3 percent of the purchase price, but most of the equity in the home went to UHS and AML, according to an affidavit filed in the case by an Internal Revenue Service (IRS) criminal investigator. She said UHS, AML, and their owner facilitated the sale of about 79 properties; fewer than five avoided foreclosure. Source: http://www.startribune.com/business/138169374.html

16. January 26, U.S. Securities and Exchange Commission – (National; International) SEC charges Latvian trader in pervasive brokerage account hijacking scheme. The Securities and Exchange Commission (SEC) January 26 charged a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 New York Stock Exchange (NYSE) and Nasdaq securities and caused more than $2 million in harm to customers of U.S. brokerage firms. The SEC also instituted related administrative proceedings against four electronic trading firms and eight executives charged with enabling the trader’s scheme by allowing him anonymous and unfiltered access to U.S. markets. According to the complaint, the defendant broke into online brokerage accounts of customers at large U.S. broker-dealers and drove stock prices up or down by making unauthorized purchases or sales. This occurred on more than 150 occasions over 14 months. The defendant – using the direct, anonymous market access provided by various unregistered firms – traded those same securities at artificial prices and reaped more than $850,000 in illegal profits. According to the SEC, the four electronic trading firms allowed the defendant to trade through their electronic platforms without first registering as brokers. These firms gave the defendant a gateway to U.S. securities markets while circumventing the protections of federal securities law. The SEC’s complaint alleges the defendant violated the anti fraud provisions of federal securities law and seeks injunctive relief, disgorgement with prejudgment interest, and financial penalties. Source: http://www.sec.gov/news/press/2012/2012-17.htm

17. January 26, Costa Mesa Daily Pilot – (California) Couple pleads guilty to bank fraud. Two Newport Coast, California residents pleaded guilty January 26 to bank fraud in connection with seven different financial institutions. The couple gained a revolving line of credit from multiple banks, including Bank of America, in the amount of $130 million by falsifying their business revenue for Anaheim-based Galleria USA, according to a news release from the U.S. Department of Justice. The banks lost about $4.7 million because of the fraud between 2008 and 2009. They face a maximum of 40 years in federal prison. Source: http://articles.dailypilot.com/2012-01-26/news/tn-dpt-0127-fu-20120126_1_galleria-usa-thomas-chia-fu-bank-fraud

18. January 26, Associated Press – (International) US hits German-Moroccan brothers, German-Turk with terrorism sanctions. The U.S. Presidential administration is hitting two German-Moroccan brothers and a German-Turk man with financial sanctions for their involvement in terrorist activities in central Asia, the Middle East, and Europe, the Associated Press reported January 26. The State Department and Treasury Department said the brothers are identified as “specially designated global terrorists” along with the third man. The move freezes any assets they have in U.S. jurisdictions and bars Americans from financial dealings with them. The brothers are affiliated with the Islamic Movement of Uzbekistan, a designated foreign terrorist organization that claims responsibility for numerous attacks in Afghanistan. The third man is affiliated with the Islamic Jihad Union, another designated foreign terrorist organization, which was implicated in a 2007 bomb plot targeting U.S. military installations and American citizens in Germany. Source: http://www.washingtonpost.com/politics/us-hits-german-moroccan-brothers-german-turk-with-terrorism-sanctions/2012/01/26/gIQATzb0SQ_story.html

For another story, see item 50 below in the Information Technology Sector

Information Technology

46. January 27, Help Net Security – (International) Facebook scammers leverage the Amazon Cloud. Recently, spammers began using Amazon’s cloud services for hosting fake Facebook pages leading to surveys because it is cheap and because is less likely Facebook will block links from an Amazon domain. Users are usually reeled in with offers to see a funny/amazing/shocking video, and click on the offered URL (often a shortened one). In a recently spotted scam, users who click the link are taken to a fake Facebook page where those who use Chrome and Firefox are asked to install a fake YouTube plug-in to view the video. The offered plugin is not what it claims to be. “Upon installing the plugin, a redirector URL is generated by randomly selecting from the usernames, mo1tor to mo15tor, in the Amazon web service,” explain F-Secure researchers. “Then, the link generated is shortened through bitly.com via the use of any of the 5 hardcoded userID and API key-pairs. These key-pars gives a spammer the ability to auto-generate bit.ly URLs for the Amazon web service link. This ultimately leads to a redirection to the fake Facebook page.” These users are, therefore, responsible for propagating the scam further by unknowingly posting the scam message on their Facebook profiles, and are not asked to fill out surveys. Users who use other browsers are spared from inadvertently spamming their friends but are redirected to surveys provided by affiliate marketers. Source: http://www.net-security.org/secworld.php?id=12301

47. January 27, Help Net Security – (International) Unwanted apps on Android smartphones. Third-party Android Markets have always been the favorite means of malicious app dissemination, especially in regions where users do not have access to the official repository. This is also the case with the latest campaign laid out by cyber criminals to lure users into installing well-known applications on the genuine Android Market, but which have been tampered with to launch additional services along with the original app. Simply put, the original Android application downloaded from a third-party contains the legitimate app as well as a trojanized service (usually called “GoogleServicesFrameworkService”), which is launched with the host application. Identified by Bitdefender as Android.Trojan.FakeUpdates.A, this piece of malware connects to a command and control server and fetches a list of links to different Android application packages (APKs). After that, the malware downloads each APK from the list and then displays a notification in the status bar area, reading “In order to have access to the latest updates, click Install).” This approach confuses the user, as they do not know where the message came from. This trojan requires an extensive array of privileges upon installing, to make sure it can take full control over the smartphone whenever necessary. Depending on the APKs to be downloaded and installed, the application may require up to 10 privileges prior to installation. Most of the users will accept it without any second thoughts, since they believe what is to be installed is an update to one of the applications they already installed. Android applications posted on third-party Android Markets are not new; however, what is particularly important is the attackers’ modus operandi: they publish a legitimate application on the respective Market, let it live for a several days to get the positive ratings and gain users’ trust, and then change the APK with a trojanized one in order to fulfill their malicious goals. Most of the repackaged applications analyzed have low detection rates, which poses a danger even to smartphone users who run a mobile security solution. Android.Trojan.FakeUpdates.A poses a threat to the smartphone user as it can download and install anything, from trial versions of software in pay-per-install campaigns to spyware and other trojans. Source: http://www.net-security.org/malware_news.php?id=1976

48. January 27, Softpedia – (International) XSS vulnerability found in Google, Forbes, Myspace, MTV and Ferrari. A researcher from the Vulnerability Laboratory came across a cross-site scripting vulnerability in the Google Apps Web page, hosted on the google.com domain, but also in other popular Web sites. Longrifle0x found the flaw in Google Apps and reported it to Google. Even though the risk level is estimated as low, if unresolved, the security hole present in one of the search modules could allow a remote attacker to hijack cookies and even steal accounts. However, the attacker would have to social engineer the victim into performing certain tasks for the session hijacking to be successful. The vulnerability was reported January 21 and the vendor responded January 23, but as of January 27 the bug still exists on the Google page. This is not the only vulnerability found by longrifle0x in the past several days. The Forbes search page, Ferrari’s official online store, MTV, and MySpace also contain the same type of vulnerability. None of these pages are currently patched up and reports from XSSed reveal the domains were already cross-site scripted. Source: http://news.softpedia.com/news/XSS-Vulnerability-Found-in-Google-Forbes-Myspace-MTV-Ferrari-248996.shtml

49. January 27, Threatpost – (International) Attackers targeting Windows Media bug with malware. Security researchers saw attackers going after the newly patched CVE-2012-0003 vulnerability in the Windows Media Player. The flaw, which was patched earlier in January by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems. When the patch was released, Microsoft officials recommended customers install it immediately as there was a decent chance of attackers leveraging it in the near future, which is exactly what happened. Researchers at the IBM ISS X-Force saw malicious attacks against the MIDI vulnerability going on in the wild in recent days, and said because exploitation of the flaw is not considered difficult, there may well be more on the horizon. To exploit this vulnerability, an attacker must entice a user into opening a specifically formatted media file. Once the exploit code executes, the attacker would then have full control of the system. There are now pieces of malware circulating online capable of exploiting this vulnerability. The specific attack Trend Micro’s researchers analyzed uses the shellcode to download an encrypted binary, which it then decrypts and executes. The payload in this attack includes some malware with rootkit capabilities, which is installed on the victim’s machine. That rootkit also then connects to a remote server and downloads another component, a backdoor. Source: http://threatpost.com/en_us/blogs/attackers-targeting-windows-media-bug-malware-012712

Communications Sector

50. January 26, WHIZ 40 Zanesville – (Ohio) 9-1-1 emergency service restored in New Concord. New Concord, Ohio, had problems January 25 after a barn fire cut service to 9-1-1 and thousands of cell phones. The New Concord fire chief said the early morning fire happened at 3739 Glenn Highway along U-S 40 in Guernsey County. The fire burned through the main trunk line. As a result, anyone with an 826 exchange was not able to call long distance, outside the village, or 9-1-1. Also, cell service was down to all providers, except Verizon. Due to the outages, Muskingum University, banks, and a number of other business were forced to shut down. Repair crews from Frontier Communications worked nearly all day to repair the damaged cables but the fire chief said the problem could have been prevented by having a back-up 9-1-1 connection — saving the county both money and potential lives. The Muskingum County Emergency Management Agency director said 9-1-1, and most of the other phone service were restored by the afternoon of January 25. Source: http://www.whiznews.com/content/news/local/2012/01/26/9-1-1-emergency-service-restored-in-new-concord-0

For more stories, see items 46, 47, and 48 above in the Information Technology Sector