NewsBits for April 22, 2005 ************************************************************ Widespread Internet Attack Cripples Computers with Spyware Experts say at least 20,000 PCs already have been affected. Is your company next? An insidious new Internet attack that hijacks a victim's Internet connection and stealthily installs a barrage of adware and spyware is targeting businesses and organizations across the United States. http://www.pcworld.com/news/article/0,aid,120448,00.asp - - - - - - - - - - Hynix - Agrees to Plead Guilty to Price Fixing and Agrees to Pay $185 Million Fine for Role in DRAM Conspiracy. Hynix Semiconductor Inc., a Korean manufacturer of dynamic random access memory (DRAM), has agreed to plead guilty and to pay a $185 million fine for participating in an international conspiracy to fix prices in the multi-billion dollar DRAM market, the Department of Justice today announced. Hynixs fine is the third-largest criminal antitrust fine in U.S. history and the largest in five years. http://www.usdoj.gov/opa/pr/2005/April/05_at_207.htm - - - - - - - - - - Kraft sued over alleged Gevalia spam A small California Internet service provider has sued Kraft Foods Inc., alleging the firm is responsible for thousands of illegal spam messages. Hypertouch.com founder Joe Wagner said his company has in the past 12 months received 8,500 copies of an e-mail pitching Kraft's high-end coffee subscription service, Gevalia. http://www.msnbc.msn.com/id/7602542/ - - - - - - - - - - A life sentence for Olmsted Falls child molester The speakers of a laptop computer broadcast the soft, sweet voice of the 9-year-old girl on the computer's screen as she cheerfully warbled a Britney Spears song. Moments later Thursday morning, the high-pitched voice went silent. Cuyahoga County Common Pleas Judge Eileen A. Gallagher stared at the computer, her face twisting in revulsion. Defendant Jimmy Ray Thompson, 40, buried his face in his hands as the judge watched the video Thompson had recorded about two years ago. http://www.cleveland.com/news/plaindealer/index.ssf?/base/cuyahoga/1114162565159261.xml - - - - - - - - - - Paedophiles Jailed for Child Sex and Porn Offences A self-confessed paedophile monster and a former Boys Brigade leader were today jailed after admitting a string of child sex attacks and internet pornography offences. Jonathan Scarcliffe and David Bell pleaded guilty to 26 charges earlier this year, ranging from making, taking, possessing and distributing thousands of images of young boys to gross indecency and sexual assault. http://news.scotsman.com/latest.cfm?id=4439358 - - - - - - - - - - Ex-girlfriend wants more charges filed in child porn case When Renee Chennell of Superior started opening files on the computer she shared with her live- in boyfriend, she was disgusted. On the computer screen was an image of a 4- or 5-year-old girl being raped, she said. Chennell, the mother of 9-year-old twins living in West Virginia with their father, turned in the man she lived with for 21 months, 29-year-old Matthew Craig Larson. http://www.duluthsuperior.com/mld/duluthsuperior/news/local/11460167.htm - - - - - - - - - - Mercer viewed graphic child porn at work The discovery of 51 explicit images of child pornography on the work computer of a former Fond du Lac city official prompted the Wisconsin Department of Justice (DOJ) to seize the mans home computer. http://www.wisinfo.com/thereporter/news/archive/local_20740096.shtml http://www.wisinfo.com/thereporter/news/archive/local_20737325.shtml - - - - - - - - - - MoD laptop found on rubbish tip The Ministry of Defence is to hold an investigation after a laptop containing Army records was found on a rubbish tip. Car parts dealer Martin Dunn found the laptop, along with an Army manual, at the Bar End tip in Winchester. The laptop's hard drive contained documents on Worthy Down, a Royal Army Pay Corps near Winchester, and HMS Sultan in Gosport, Hampshire. http://www.vnunet.com/news/1162671 The mysterious link between security, laptops and rubbish dumps http://www.theregister.co.uk/2005/04/22/letters_2204/ - - - - - - - - - - MP3 zapping malware worms onto P2P network The Nopir-B worm, which appears to have originated in France, poses on P2P networks as a program to make copies of commercial DVDs. In reality the application offers no such function. Instead it attempts to delete MP3 music files on infected PCs. Nopir-B also attempts to disable various system utilities and wipe .COM programs whilst displaying an anti-piracy graphic. Nopir-B only infects Windows machines. http://www.theregister.co.uk/2005/04/22/nopiracy_worm/ http://news.zdnet.co.uk/internet/security/0,39020375,39195963,00.htm - - - - - - - - - - Statewide initiative set to fight cyber crime Most cyber criminals in New Hampshire are not sleazy peddlers of child pornography. Rather, they are electronic pickpockets and thugs who use the Internet to rob, defraud, impersonate and even harass regular people, according to a survey of police departments statewide. http://www.theunionleader.com/articles_showa.html?article=53686 - - - - - - - - - - New cyberterrorism security center opens A new cybersecurity operations center at the University of Pennsylvania in Philadelphia has been set up to continuously monitor and report cyberattacks against computer networks related to critical infrastructure. http://www.gcn.com/vol1_no1/daily-updates/35632-1.html - - - - - - - - - - 'Pharmers' hit online bank users with fraud scam It's the next Internet scam, and it could be the most menacing. The reason: Even experienced Internet users can become victims and not know it. The ploy is called pharming a play on "phishing," another type of Internet fraud and it involves highly skilled hackers who secretly redirect users' computers from financial sites to the scammers' fake ones, where they steal passwords and other personal information. Even the Web address looks the same. http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-04-22-pharming_x.htm From Pfishing to Pfarming: The Top Five Spam Scams http://www.ksbitv.com/technology/1497427.html Phishers turn their aim on corporate networks http://www.it-observer.com/news.php?id=4961 - - - - - - - - - - UK police tackle mounting internet porn caseload British police are refining their crackdown on internet paedophiles as a swelling caseload of offences involving the downloading of images of child abuse pushes computer forensics teams to their limits. According to police sources over 300 people a month are still being referred to special police paedophile units. This is despite the success of 'Operation Ore' which led to the names of 7,272 suspects being passed to forces in the UK after US police broke up a paedophile website operation. http://www.theregister.co.uk/2005/04/22/uk_police_internet/ - - - - - - - - - - Porn swallows 20% of NZ police IT capacity Randy coppers in New Zealand waste so much time surfing for porn while on the job that fully 20 per cent of police computer system capacity is devoted to storing the images, an official audit has revealed. The investigation, begun five months ago, found vast reams of sexually-explicit material, some involving violence or simulated violence, and some even involving bestiality. The material in question was discovered accidentally, during an investigation of alleged police misconduct unrelated to porn surfing. http://www.theregister.co.uk/2005/04/22/coppers_love_porn/ - - - - - - - - - - Credit card firms push cybersecurity Large online merchants will have to abide to a new, stricter set of standards from credit card firms after June 30. The stricter guideline from MasterCard, Visa, American Express and other major credit card companies are designed to improve the security practices of online merchants and guard against fraud. Merchants that fall foul of the Payment Card Industry (PCI) Data Security Standard could face fines. http://www.channelregister.co.uk/2005/04/22/credit_card_cybersecurity_push/ - - - - - - - - - - Hackers double Symbian attack Some 52 previously unknown trojans targeting mobile phone operating system Symbian appeared in the 24 hours ending 20 April, a security firm said. Aaron Davidson, chief executive at mobile phone-focused anti-virus vendor SimWorks, said the company had identified 52 previously unknown Symbian trojans in one day -- twice the number of all malware targeting Symbian identified to date. http://www.it-observer.com/news.php?id=4958 - - - - - - - - - - TCS, Satyam to conduct security audit Tata Consultancy Services (TCS) and Satyam Computers are among 18 firms empanelled as security auditors by Indian Computer Emergency Response Team (CERT-In) to tackle the rising number of cyber crimes and ensure network security. These auditors will review the information security infrastructure of organisations to make them foolproof. http://sify.com/finance/equity/fullstory.php?id=13724795 - - - - - - - - - - Do Firefox browser bugs matter? Open source means you can fix it yourself, if you like. No program is perfect, but bugs in open source software are less of a problem, says technology analyst Bill Thompson. The Firefox open source browser is full of bugs, some of which are rather serious. In March Danish security firm Secunia reported that it had found eight. Some could be used to trick users into giving away confidential information. http://news.bbc.co.uk/2/hi/technology/4472219.stm - - - - - - - - - - CA Drafts New Policy for Spyware Vendor Appeals Computer Associates International Inc. is changing its policy for handling appeals from suspected spyware vendors. CA's eTrust PestPatrol unit will no longer remove detection signatures for suspected spyware from its database of known spyware and adware programs while it considers appeals filed by the makers of those programs, said Tori Case, director of eTrust Security Management at CA. The change follows criticism from customers and other anti-spyware vendors after PestPatrol temporarily removed signatures for the ubiquitous Gator family of spyware and adware programs. http://www.eweek.com/article2/0,1759,1788832,00.asp?kc=EWRSS03129TX1K0000614 - - - - - - - - - - Firewall to zap XML viruses Web services security specialist Forum Systems has teamed up with Computer Associates to create an antivirus device to protect XML applications, an area expected to see a rise in attacks. The licensing deal will allow Forum to include CA's eTrust antivirus software in its XML firewall for blocking unwanted traffic into company networks, Forum said on Friday. The product, called Forum XWall, will be able to scan traffic for viruses, worms and other malicious software in applications that use XML code. http://news.zdnet.com/2100-1009_22-5681424.html - - - - - - - - - - Lawmakers challenge need for biometric chips in passports Leading members of the House Judiciary Committees Immigration, Border Security and Claims subcommittee yesterday challenged the widespread view that U.S. requirements on foreign passports mean that those passports will have a biometric chip as an identifier. http://www.gcn.com/vol1_no1/daily-updates/35626-1.html - - - - - - - - - - Defense requires ID tags on delivered items The Defense Department is requiring contractors to mark items delivered under Defense contracts with unique identification tags. Effective today, the final ruling, published in the Federal Register follows an interim ruling issued in December 2003 concerning items valued at $5,000 or above. The identifiers must include bar codes, contact memory buttons, radio frequency identification tags or optical memory cards, the rule said. http://www.gcn.com/vol1_no1/daily-updates/35628-1.html - - - - - - - - - - Lack of testing 'threatening stability of Linux' One of the maintainers of the Linux kernel has said that a lack of 'credit or money or anything' for those who test the open source OS could threaten its long-term stability. A lack of commitment to testing by the Linux community may ultimately threaten the stability of the operating system, Linux kernel co-maintainer Andrew Morton has warned. http://news.zdnet.co.uk/software/linuxunix/0,39020390,39195957,00.htm - - - - - - - - - - Hotspot Hacking And How To Fight It Use of public wireless hotspots is increasing, giving mobile workers and others access to essential data. The bad news: Security threats against hotspot users also are increasing. That's the word from Richard Rushing and he should know since he is chief security officer for AirDefense, which specializes in security of mobile workers. http://www.mobilepipeline.com/161500845;jsessionid=JVGLVDVFA4ZC2QSNDBCCKH0CJUMEKJVN - - - - - - - - - - International Lottery Scams "Congratulations! You may receive a certified check for up to $400,000 U.S. CASH! One Lump sum! Tax free! Your odds to WIN are 1-6." "Hundreds of U.S. citizens win every week using our secret system! You can win as much as you want!" Sound great? It's a fraud. Scam operators often based in Canada are using the telephone and direct mail to entice U.S. consumers to buy chances in high-stakes foreign lotteries from as far away as Australia and Europe. These lottery solicitations violate U.S. law, which prohibits the cross-border sale or purchase of lottery tickets by phone or mail. http://www.crime-research.org/news/22.04.2005/1173/ - - - - - - - - - - Security Series: Building Preparation A remote location to meet at and to perform the recovery process needs to be established. This is necessary because in the event of a disaster completely obliterating the building, there is a predefined meeting place typically a remote building that the staff members are familiar with. http://www.it-observer.com/news.php?id=4962 Retailers feel security heat http://news.zdnet.com/2100-1009_22-5680788.html In the security hot seat http://news.com.com/In+the+security+hot+seat/2008-7355_3-5681205.html - - - - - - - - - - phpBB-Auction SQL Injection and Path Disclosure Vulnerabilities Two vulnerabilities were reported in phpBB-Auction, which may be exploited by attackers to execute arbitrary SQL commands or disclose the full web path. The first flaw is due to an SQL injection error in the "auction_rating.php" and "auction_ offer.php" scripts when handling specially crafted "u" and "ar" parameters. The second vulnerability is due to an input validation error in the "auction_myauctions.php" script when handling a specially crafted "mode" parameter, which may be exploited to display the installation path. http://www.frsirt.com/english/advisories/2005/0372 - - - - - - - - - - Java System Web Proxy Server Buffer Overflow Vulnerabilities A new vulnerability was identified in Sun Java System Web Proxy Server, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to an unspecified buffer overflow error which may allow a remote attacker to compromise a vulnerable system and execute arbitrary code with the privileges of the server process. Note: The default UID for the Web Proxy Server is "nobody". http://www.frsirt.com/english/advisories/2005/0367 *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2005, NewsBits.net, Campbell, CA.