Thursday, February 2, 2012

Complete DHS Daily Report for February 2, 2012

Daily Report

Top Stories

• Four men inspired by al-Qa’ida admitted planning to detonate a bomb at the London Stock Exchange, and considered targeting the U.S. Embassy. – BBC News, See item 14 below in the Banking and Finance Sector.

• Police found several bombs and ingredients to make more explosives inside an apartment in Fort Wayne, Indiana, while the man who lived there remained hospitalized after his hand was blown off in an explosion January 29. – Fort Wayne Journal Gazette (See item 56)

56. January 31, Fort Wayne Journal Gazette – (Indiana) Bombs found after apartment blast. Police found several bombs and ingredients to make more explosives inside an apartment in Fort Wayne, Indiana, while the man who lived there remained hospitalized after his hand was blown off in the explosion, the Fort Wayne Journal Gazette reported January 31. Fort Wayne’s hazardous devices unit collected several chemicals, fuels, and powders used to make bombs and several bombs from an apartment at the River Cove Apartment complex, a police spokeswoman said. Police responded January 29 after the man made an explosive mixture that became rocklike and he “began to engage” the mixture with a chisel, causing the explosion. The man’s hand took the full force of the explosion. The mixture that exploded was not believed to be a massive explosive device. The police spokeswoman said the man will probably face criminal charges because of the bombs found in his home. The man lived in the home with his teenage son and daughter. The daughter also was injured in the explosion, police said. Source:


Banking and Finance Sector

14. February 1, BBC News – (International) Four men admit London Stock Exchange bomb plot. Four men inspired by al-Qa’ida admitted planning to detonate a bomb at the London Stock Exchange, BBC News reported February 1. The men all pleaded guilty in court in England to engaging in conduct in preparation for acts of terrorism. The men, from London and Cardiff, were arrested in December 2010. Five other men linked to the plot pleaded guilty to other terrorism offenses and all nine will be sentenced the week of February 6. It emerged that those who targeted the London Stock Exchange wanted to send five mail bombs to various targets during the run up to Christmas 2010, and discussed launching a “Mumbai-style” atrocity. A hand-written target list discovered at the home of one of the men listed the names and addresses of London’s mayor, two rabbis, the U.S. embassy, and the stock exchange. The conspiracy was stopped by undercover anti-terror police before firm dates could be set for attacks. The terrorists met because of their membership of various radical groups and stayed in touch over the Internet, through mobile phones, and at specially arranged meetings. The quartet talked about leaving homemade bombs in the toilets of their city’s pubs and discussed traveling abroad for terror training. Source:

15. February 1, Help Net Security – (International) Malware redirects bank phone calls to attackers. Trusteer has discovered a concerning development in new configurations of Ice IX, a modified variant of the ZeuS financial malware platform, that are targeting online banking customers in the United Kingdom (UK) and United States. “In addition to stealing bank account data, these Ice IX configurations are capturing information on telephone accounts belonging to the victims ... allow[ing] attackers to divert calls from the bank intended for their customer to attacker controlled phone numbers,” the chief technology officer (CTO) of Trusteer said. He believes “the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank’s post-transaction verification phone calls to professional criminal caller services that approve the transactions.” In one captured attack, at login the malware steals the victim’s user ID and password, memorable information/secret question answer, date of birth, and account balance. Next, the victim is asked to update phone numbers and select the name of their service provider from a drop-down list. To enable the attacker to modify phone service settings, the victim is then asked by the malware to submit telephone account number. The fraudsters justify this request by stating this data is required as a part of verification process caused by “a malfunction of the bank’s anti-fraud system with its landline phone service provider.” Source:

16. February 1, H Security – (International) Hacker extracts RFID credit card details. The widespread use, especially in U.S. credit cards, of radio frequency identification (RFID) chips which can be read through clothing or wallets for contactless payments can lead to cards being read without the owners knowledge or permission, H Security reported February 1. Forbes reported January 30 that a hacker at the Shmoocon security conference in Washington D.C. demonstrated the ability to read data on RFID chipped credit cards and make a payment that had not been authorized by the card owner. With about 100 million RFID cards issued, this could now be done without card owners handing over their cards. No security measures such as card reader authentication are in place. However, the RFID data does not include the three-digit CVV number printed on the back of the card that is usually required when making an online transaction. Instead, the chip issues a one-time CVV that is only valid for one transaction. Using this CVV repeatedly will cause the card to be blocked. In the United States, Visa markets RFID credit cards as payWave, and in the United Kingdom (UK) as Contactless by Visa. Mastercard markets their RFID credit cards as Paypass in the United States and UK. Source:

17. January 31, Infosecurity – (National) Trymedia breach exposes credit card numbers of 12,000 digital game customers. Trymedia’s ActiveStore Web-based storefront application, which processes digital game purchases made by customers on its partners’ Web sites, was recently breached, exposing credit card numbers and other personal information of more than 12,000 customers, Infosecurity reported January 31. Trymedia told the New Hampshire Attorney General’s Office it believes hackers were able to obtain credit card numbers, expiration dates, security codes, and postal and e-mail addresses to optional users accounts for transactions between November 4 and December 2. Trymedia said it would notify the 12,456 customers affected by postal mail about the potential breach and offer to provide a 12-month subscription to a credit-monitoring and identity-theft protection product. Source:

18. January 31, Associated Press – (International) Hackers attack large Brazilian Bank. A group of Internet hackers said January 31 it took down the Web site of Brazil’s second largest private sector bank, one day after it did the same with the country’s largest private bank. The group that calls itself “Anonymous Brasil” said on Twitter: “Attention sailors: Target hit! The is sinking. TANGO DOWN.” Banco Bradesco SA said in a statement its site suffered “momentary interruptions,” due to high traffic, but that it was never forced offline. The group said on Twitter its attacks were a protest against corruption and would continue for at least a week. The group attacked the website of Itau Unibanco Banco Multiplo SA , Brazil’s largest private sector bank, January 30, saying it was the first of several such attacks. That bank said in a statement its site was offline for part of the day, but that it was re-established after the problem was detected. Source:

19. January 31, U.S. Securities and Exchange Commission – (Illinois; New York) SEC charges brothers with short selling violations. The U.S. Securities and Exchange Commission (SEC) January 31 charged two brothers living in Chicago and New York with naked short selling for failing to locate and deliver shares involved in short sales to broker-dealers. While short selling is legal, SEC rules require short sellers to locate shares to borrow before selling them short, and they must deliver the securities by a specified date. According to the SEC’s order instituting administrative proceedings against the brothers, they generated more than $17 million in ill-gotten gains. The SEC’s alleges one of the men engaged in illegal naked short sales while working as a broker-dealer and later as the principal trader at a now defunct Chicago-based broker-dealer. His brother conducted illegal naked short sales while trading through Golden Anchor Trading II LLC, a New York-based broker-dealer, which the SEC has also charged. According to the order, the brothers engaged in two types of transactions from July 2006 to July 2007. The first type of transaction – a “reverse conversion” or “reversal” – involves selling stock short and simultaneously selling a put option and buying a call option on the stock. The second type was a stock and option combination that created the illusion he party subject to a close-out obligation had satisfied that obligation by buying the same kind and quantity of securities it had sold short. However, the brothers knew or had reason to know the shares purchased in the sham transactions would never be delivered because they were purchased from another seller who also did not have the stock. Source:

20. January 31, Associated Press – (National) IRS says federal sweep against identity theft targets 105 people in 23 states in past week. The federal government has swooped down on 105 people in 23 states in the past week as part of a nationwide crackdown on identity theft and tax refund fraud timed to warn cheats to beware this tax season, the Internal Revenue Service (IRS) said January 31. The sweep, which ranged from Alaska to Florida and included 80 complaints and indictments and 58 arrests, has already produced a handful of guilty pleas and sentencings. Besides the IRS, the Justice Department’s Tax Division, the Postal Service, and local U.S. attorney’s offices were involved after investigations that lasted months and, in some cases, years. In 2011, the agency said it found 260,000 income tax returns with confirmed attempts at identity fraud and blocked the payment of $1.4 billion worth of refunds. Over the past week, IRS officials have also visited 150 money services businesses to see if they are involved in identity theft or filing for bogus refunds. This sweep was conducted in nine metropolitan areas the IRS considers high risk: Atlanta; Birmingham, Alabama.; Chicago; Los Angeles; Miami; New York; Phoenix; Tampa, Florida; and Washington, D.C. In addition, the agency is auditing more than 250 check-cashing operations around the United States, in part to try to spot any identity theft activity. The IRS’s deputy commissioner for services and enforcement said in 2012 the IRS installed new filters on its computers in an attempt to spot identify fraud before the agency pays a phony refund. Source:,0,585346.story

21. January 31, Boulder Daily Camera – (Colorado) FBI: Two Boulder bank robberies committed by ‘Face Off Bandit’. The FBI now believes that two bank robberies this winter in Boulder, Colorado, were committed by the same robber, who they believe also targeted banks in Golden and Thornton, the Boulder Daily Camera reported January 31. The FBI said a man they are calling the “Face Off Bandit” is likely responsible for robberies at a Great Western Bank December 16, and a First Bank January 19 in Boulder. Investigators also believe the robber hit a Wells Fargo Bank in Golden in September, and a Key Bank in Thornton in November. In all four cases, the suspect entered the banks with some sort of fake facial hair, presented a note demanding money, and left. In one of the Boulder robberies, police believe he also used a hat with hair attached to it. Source:

22. January 30, U.S. Securities and Exchange Commission – (Arizona; International) Relationship partner at accounting firm charged with fraud and barred for five years; former Syntax-Brillian Corp. executive ordered to pay more than $48 million for insider trading and financial fraud. The U.S. Securities and Exchange Commission (SEC) January 30 filed settled charges against a partner at an accounting firm for aiding and abetting a fraudulent revenue recognition scheme at Syntax-Brillian Corporation, a developer of high-definition LCD televisions. In addition, a district court judge in Arizona January 12 entered a default judgment against the chief procurement officer and a director of Syntax. The court permanently enjoined the director from future violations of the antifraud, reporting, books and records, internal controls, and misrepresentation to auditor provisions of securities laws, and ordered him to pay disgorgement, prejudgment interest, an insider trading penalty, and a civil penalty totaling more than $48 millions for his role in the scheme. He was also permanently barred from serving as an officer or director of a publicly traded company. As alleged in the SEC’s complaint against the director, from at least June 2006 through April 2008, he and other Syntax senior executives engaged in a complex scheme to overstate Syntax’s revenues and earnings and artificially inflate its stock price. The scheme included the creation of fictitious sales and shipping documents and coordinating the circular transfer of funds among and between Syntax, its primary manufacturer in Taiwan, and its purported distributor in Hong Kong. In its complaint against the partner, the SEC alleged he instructed Syntax executives on how to create a backdated distribution agreement to assist them in improperly recognizing revenue. Source:

Information Technology

45. February 1, H Security – (International) Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey. Following the release of new versions of its open source Firefox Web browser, Thunderbird e-mail client, and SeaMonkey suite, Mozilla detailed the security fixes included in each of the updates. According to the project’s Security Center page for Firefox, version 10.0 closes a total of eight security holes in the browser, five of which are rated as “Critical” by Mozilla. The critical issues include an exploitable crash when processing a malformed embedded XSLT stylesheet, potential memory corruption when decoding Ogg Vorbis files, XPConnect security checks being bypassed by frame scripts, a use after free error in child nodes from nsDOMAttribute, and various memory safety hazards. These vulnerabilities could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim’s system. Additionally, Firefox 10 closes two “High” impact issues that could lead to information disclosure or an attacker violating the HTML5 frame navigation policy by replacing a sub-frame for phishing attacks. A moderate severity bug when exporting a user’s Firefox Sync key to a “Firefox Recovery Key.html” file that caused it to be saved with incorrect permissions was also fixed. Source:

46. January 31, H Security – (International) Security hole in Sudo’s debug option closed. A hole in the sudo command’s debug options was fixed by the developers, H Security reported January 31. The problem, discovered by joernchen of phenoelit, affects sudo versions 1.8.0 to 1.8.3p1. The sudo command is used extensively by Linux distributions, Mac OS X, and other Unix operating systems to allow users to execute commands with super user privileges without logging in as root. The security hole appeared in version 1.8.0 when a new simple debugging option was added. Source:

47. January 31, Threatpost – (International) Kelihos botnet resurfaces. The Kelihos botnet, which researchers at Kaspersky Lab and Microsoft disrupted last fall by sinkholing the control channel, sprung back to life and is using only slightly different versions of the original malware and controller list, Threatpost reported January 31. In late September, researchers from Kaspersky and Microsoft worked together on a coordinated takedown of the botnet, which involved sinkholing. This tactic involves researchers directing bots on infected computers to contact a server they control, rather than one controlled by the attackers. At the time of the takedown, a Kapersky researcher said the sinkholing was not a permanent answer because the peers in the network would eventually begin communicating with other controllers and the sinkhole peer would lose its dominant position. The real solution would have been to push an update to the infected machines that removed the infection or disabled the bot, but there are legal and ethical obstacles to that course of action. What happened since the takedown in September is essentially what the researcher predicted. The Kelihos network reformed and is back in action, in only slightly modified form. The encryption routine the malware uses is slightly different from the old version, shuffling around the spots in which Blowfish and Triple-DES keys are used. The signing keys for certain components of the malware also changed. Source:

48. January 30, ZDNet – (International) Android malware makes use of steganography. Security firm F-Secure released details on how Android malware makes use of steganography to hide the control parameters for rogue code. Steganography is the technique of hiding messages within something else, in this case, an icon file. F-Secure first suspected Android malware was making use of steganography when researchers came across a particular line of code. Further research revealed more code, and it soon became clear the image file being referenced was the icon file bundled with the rogue application. The hidden dtata is used to control how and when premium rate SMS messages are sent from the victim’s handset, which is the primary purpose of the rogue application. Source:

For more stories, see items 13, 15, 17, and 18 above in the Banking and Finance Sector.

Communications Sector

49. February 1, Ardmore Daily Ardmoreite – (Oklahoma) Cable system target of vandalism. The cable system in the Healdton, Oklahoma area has been the subject of controversy in recent months and a target of vandalism over the past week, the Ardmore Daily Ardmoreite reported February 1. The Healdton city manager said the head end station, located near Ratliff City, has been targeted since January 27. The resulting vandalism has caused damage to the cable and Internet in terms of financial loss and service.”They moved the dish and cut some of the wires. It appears they scaled the fence,” the city manager said. The Carter County Sheriff’s Department is investigating the vandalism, which the city manager believes was a deliberate attempt to sabotage the cable system. “They had to know what they were doing,” he said. “The average Joe wouldn’t know to go cut some of the wires and some of the lead wires. They also pulled the T1 wire which affected the Internet.” Reports of cable problems began filtering in January 27. Repairs were made, but another incident caused much more significant problems. “It happened somewhere between noon [January 30] and 6 a.m. January 31,” the city manager said. Based on information relayed to the city manager, it will take 16 to 20 hours of labor to get the system back up fully. There will be additional hours needed to realign some of the channels. He said any charges could also fall into the realm of the Federal Communications Commission. Source:

For more stories, see item 15 above in the Banking and Finance Sector and 48 above in the Information Technology Sector.

Wednesday, February 1, 2012

Complete DHS Daily Report for February 1, 2012

Daily Report

Top Stories

• A new report found that most ships involved in reported cases of sanctions-busting or illicit transfers of arms, drugs, and equipment that could be used in the development of missiles and weapons of mass destruction are owned by companies based in the world’s richest countries, including the United States. – London Guardian (See item 17)

17. January 29, London Guardian – (International) Sea trafficking report reveals how ships move guns and drugs. Most ships involved in reported cases of sanctions-busting or illicit transfers of arms, drugs, and equipment that could be used in the development of missiles and weapons of mass destruction are owned by companies based in the world’s richest countries, according to the first comprehensive study of maritime trafficking. The ships are primarily commercial lines based in Germany, Greece, and the United States, according to the report, released January 30 by the Stockholm International Peace Research Institute. “This doesn’t mean the ship owners, or even the captains, know what they are carrying. But it is relatively easy for traffickers to hide arms and drugs in among legitimate cargoes,” said the report’s co-author. The report shows the methods adopted by arms trafficking networks in response to United Nations embargoes on Iran and North Korea were pioneered by drug traffickers. They included hiding goods in sealed shipping containers that claim to carry legitimate items; sending the goods on foreign-owned ships engaged in legitimate trade; and using circuitous routes to make the shipments harder for surveillance operations to track. The report shows that in cases where the ship owners, operators, and captains appear to have been directly involved in the trafficking attempt, the ships tended to be older and to be sailing under “flags of convenience.” They regularly performed badly in safety and pollution inspections when they entered ports. Source:

• Tanker trucks loaded with water have become the lifeline for a Texas village that came close to becoming the state’s first community to run out of drinking water during a historic drought. – Associated Press (See item 23)

23. January 31, Associated Press – (Texas) Texas town relying on tanker trucks for water after wells nearly run dry amid drought. Tanker trucks loaded with water have become the lifeline for a Texas lakefront village that came close to becoming the state’s first community to run out of drinking water during a historic drought. Spicewood received its first 8,000-gallon water delivery January 30, after it became clear wells could no longer produce enough water to meet the needs of the community’s 1,100 residents and elementary school, a spokeswoman of the Lower Colorado River Authority said. The manager of water operations for the authority said it plans to truck water into the central Texas town for several more weeks while exploring alternatives, including drilling a new well or piping water from Lake Travis. But the agency does not want to rush into any project, and prefers for now to pay $200 per truckload of water while ensuring the tens of thousands of dollars it will cost to find a permanent solution are well spent. Several towns and villages in Texas have come close to running out of water during the driest year in state history, but until now none has had to truck in water. The Lower Colorado River Authority realized the week of January 23 how dire the situation was, and informed a commissioner in Burnet County January 30. By the next day, the well had dropped an additional 1.3 feet overnight. The severest forms of water restrictions have been put in place, and the authority said there would be no new hookups to the town’s water supply. Trucks, including at least one 6,000 gallon tanker, will make about four or five deliveries a day, officials said. Source:


Banking and Finance Sector

11. January 31, Fort Wayne Journal-Gazette – (Indiana; International) Ex-Symmetry execs accused in books fraud. The U.S. Securities and Exchange Commission (SEC) January 30 charged four former executives at a British subsidiary of Warsaw, Indiana’s Symmetry Medical with accounting fraud and ordered current executives to pay back profits based on earnings from before the alleged fraud was discovered. The complaint filed in a South Bend, Indiana district court charged four people with years of fraud. The current Symmetry president of business development also agreed to reimburse Symmetry for bonuses, incentive pay, and stock profits he garnered during the time of the fraud. That agreement, subject to approval, will result in $450,000 in reimbursements, the SEC said. Symmetry’s chief financial officer agreed to pay a $25,000 penalty and reimburse $185,000 for failing to provide an internal audit status report. According to court documents, the scheme at Thornton Precision Components began in 1999, 4 years before it was acquired by Symmetry. Those named generated premature invoices for products not complete, recorded fictional sales, created fake documentation, and manipulated inventories. In 2003, Thornton Precision passed the phony information on to Symmetry. When Symmetry restated its earnings from that period, the numbers dropped from 39 percent to 421 percent. In the fiscal year 2005, Symmetry initially reported $31.8 million in income, but in reality lost $9.9 million, court documents said. “The fraud caused Symmetry’s share price to be fraudulently inflated by as much as 20.4 percent, with a corresponding loss to Symmetry and its investors รข€¦ of as much as $120 million in market capitalization,” SEC attorneys allege. Two auditors at the British branch of the accounting firm Ernst & Young were found to have engaged in improper professional conduct by failing to properly audit Thornton Precision. The two have been barred from practicing before the SEC for at least 2 years. Source:

12. January 31, Associated Press – (California; Missouri) Calif. man pleads guilty in $8.5M mortgage fraud. A California man pleaded guilty January 30 in federal court in Kansas City, Missouri, to his role in a mortgage scheme that defrauded a western Missouri bank of more than $8.5 million. He admitted defrauding American Sterling Bank in Sugar Creek in a scheme that ran from October 2006 to January 2007, about 18 months before the suburban Kansas City bank was closed. Prosecutors said the defendant submitted fraudulent loan applications for borrowers on behalf of a California mortgage broker. American Sterling approved nearly $8.6 million in loans for 19 properties in California. He could be sentenced to up to 30 years in prison without parole and fined up to $1 million. Source:

13. January 31, Cleveland Plain Dealer – (Ohio; International) ‘Koljo the American’ pleads guilty in federal court for his role in St. Paul Croatian Credit Union collapse. A man described in Macedonian newspapers as an organized crime figure pleaded guilty to 18 counts of bribery, bank fraud, and money laundering January 30 in a federal court in Cleveland for his role in the collapse of the St. Paul Croatian Federal Credit Union in Eastlake, Ohio, a U.S. Department of Justice spokesman said. The spokesman said that between 2003 and 2009, the man, working with the credit union’s chief operating officer (COO), fraudulently obtained loans of $5.6 million that were never repaid. Federal law enforcement officials called it one of the largest credit union failures in American history. It cost the National Credit Union Share Insurance Fund $170 million. Of the $5.6 million the man obtained for himself and family members, the spokesman said, $2 million was sent to bank accounts in the Balkan Republic of Macedonia. The spokesman said officials recovered about $850,000 of the $2 million. Source:

14. January 30, Atlanta Journal-Constitution – (Georgia; Hawaii) DeKalb woman admits scamming U.S. Senator in credit card fraud. A DeKalb County, Georgia woman pleaded guilty January 30 to her part in a credit card fraud ring that victimized, among other people, a U.S. Senator. The defendant was indicted in May on identity fraud and financial transaction card fraud for helping two other people purchase $12,000 in Wal-Mart gift cards and other merchandise with bogus credit cards encoded with real account numbers on the magnetic strip. The woman was an accomplice in a credit card skimming scam for which authorities are seeking the mastermind, court officials said. The mastermind was arrested in March 2010 and released on bond with the promise he would cooperate with the Secret Service. But he instead fled and is being sought by authorities. The mastermind’s involvement stretched farther than the store where the woman worked. First Hawaiian Bank officials told police the U.S. Senator’s Mastercard account was used at other Wal-Mart locations. Also, when police searched the man’s hotel room before he was arrested, they found documentation showing he had just deposited two checks worth more than $100,000 into a bank account, the district attorney said in court. The checks were counterfeited from a New York-based non-profit, she said. Also in the hotel room were a computer, a re-encoding machine for making counterfeit credit cards, Wal-Mart and American Express gift cards, and stolen debit cards. Source:

For another story, see item 42 below in the Information Technology Sector

Information Technology

39. January 31, SC Magazine UK – (International) Symantec declares pcAnywhere safe to use. Symantec announced its pcAnywhere software is now safe to use, with free upgrades offered to users, SC Magazine UK reported January 31. According to Reuters, the company determined the current version of pcAnywhere is safe, provided it has been updated with a security patch released January 23. A Symantec spokesman said it is offering free upgrades to pcAnywhere 12.5 to all customers, even those using old editions. He also said that while Symantec is advising all users to upgrade, they can safely continue using versions 12.0 and 12.1 if they download a second software patch released January 27. Symantec advised users the week of January 23 to disable pcAnywhere as they were at increased risk of being hacked after the blueprints to the software were stolen. However, according to the chief security officer at Rapid7, more than 140,000 computers appear to remain configured to pcAnywhere to allow direct connections from the Internet, especially point-of-sale machines, putting them at risk. Source:

40. January 31, The Register – (International) Virus-slingers abuse WordPress vulns, dose punters with exploit. Malware-spreaders are hacking into vulnerable WordPress-powered sites to drive traffic towards pages loaded with exploits, The Register reported January 31. Hundreds of Web sites based on WordPress 3.2.1 have been compromised so that surfers directed to the Wordpress-built sites via e-mail links are exposed to the Phoenix exploit kit, M86 Security warned. To lure users to compromised pages, the attacker has spammed out thousands of malicious e-mails querying an unfamiliar bill and asking recipients to click on a link. The link points to a page on compromised WordPress sites (the sites appear legitimate to spam filters) that includes a hidden iFrame, which loads the Phoenix exploit kit from a Russian-hosted server. Arriving at the page puts surfers in the firing line of a page that attempts exploit multiple vulnerabilities in Microsoft Internet Explorer, Adobe PDF, Flash, and Oracle Java. The attack is ultimately designed to distribute a information-harvesting Trojan, dubbed Cridex-B. Source:

41. January 31, Softpedia – (International) Facebook Valentine’s Day Theme Leads to Trojan. Trend Micro researchers came across a Valentine’s Day-themed Facebook scam that attempts to dupe victims into downloading a malicious Trojan that later places itself in the browser with the purpose of helping crooks make money, Softpedia reported January 31. Facebook customers who fall for the phony advertisement and click it are taken to a Web site that displays a large Install button. Once clicked, the page prompts the user to download a file called FacebookChrome.crx, identified by the security firm as Troj.Fookbace.A. Upon execution, the Trojan executes a script that is capable of displaying ads from other sites, as well as installing itself on the browser as an extension named Facebook Improvement. After it is successfully installed, the malicious extension monitors Web activities, redirects sessions to survey pages that request sensitive data, performs like-jacking attacks, and posts ill-intended messages onbehalf of the victim. Experts believe these attacks are specially designed to target Chrome users, but note they also work with Mozilla Firefox. Facebook members that utilize Internet Explorer are directly taken to the survey site because the extension does not work that browser. Source:

42. January 30, Softpedia – (International) Cidrex trojan breaks CAPTCHA to create Yahoo! email account. Security experts found a component of the ZeuS-like Cidrex trojan was able to break the security tests to create e-mail accounts, Softpedia reported January 30. Websense researchers came across a variant of Cidrex, a banking trojan, that not only infects computers with the purpose of stealing sensitive data from their owners, but it also manages to create Yahoo! e-mail accounts to spam others. This certain version of the malware spreads via e-mails containing a shortened link that points to the Blackhole exploit kit. If the exploit is successful, the trojan is downloaded to the infected machine. Normally, if CAPTCHAs were strong, automated tools would have a hard time creating accounts, but experts showed that with just six attempts, this malevolent element breaks the security test and creates a Yahoo e-mail account without much difficulty. This is done by harvesting the image that represents the CAPTCHA and sending it with an HTTP POST request to a CAPTCHA-breaking server that outputs a response in JSON format. Source:

43. January 30, The H – (International) Samba update closes DoS hole. The developers ofSamba released a security update to the Samba Windows interoperability suite for Unix, H Security reported January 30. Version 3.6.3 of Samba was published only 4 days after releasing the new stable version, Samba 3.6.2. The security update addressed a memory leak that consumes a small amount of memory when the smbd daemon is handling connection requests. If an attacker made repeated connection requests, this flaw could be exploited to cause a denial of service. Source:

For another story, see item 45 below in the Communications Sector.

Communications Sector

44. January 31, Lynchburg News & Advance – (Virginia) Service outage strikes nTelos Wireless customers. A service outage lasting about three hours affected nTelos Wireless customers in western parts of Virginia January 31. The outage started at 7:04 a.m. due to an equipment failure, the director of public relations for the Waynesboro-based cell phone company said. The equipment failure took out three circuits that transport all calls or text messages. The outage affected customers from Lynchburg and Charlottesville to the western part of the state. All calls routed back to the Waynesboro area, where the equipment failure occurred. The equipment was repaired by 10 a.m. and the public relations director said customers should have restored service. There were no numbers on how many customers were affected. Source:

45. January 30, KYTV 3 Springfield – (Missouri) Internet outage at Mediacom affects 30,000+ customers in southern MO. Mediacom said a problem connecting to another company caused an Internet service outage for 30,000 - 60,000 Mediacom customers January 30, including KY3 and KSPR. The outage started about 1:30 p.m. January 30 and was still ongoing 4 hours later. Mediacom said it did not know how long the problem would last. The outage affected customers in Springfield and other areas of southern Missouri. Source:,0,575163.story

For more stories, see items 41 and 42 above in the Information Technology Sector