| CONNECTIONS |
IDAHO
ITD
HOME
511 TRAVEL SERVICES
IDAHO
DMV
ITD
NEWS
HIGHWAY
SAFETY
IDAHO STATE POLICE
STATE OF IDAHO
NIATT
NATIONAL
AASHTO
AAMVA
AAA of IDAHO
FEDERAL HIGHWAYS
FEDERAL AVIATION
IDAHO STATE POLICE
NHTSA
NTSB
TRB
U.S. DOT
TRANSPORTER
Archives
Milestones
Comments
Idaho
Transportation
Department
Office of Communications
P.O. Box 7129
Boise, ID 83707
208.334.8005
Fax: 208.334.8563
Computer users cautioned about malware
related to Olympic protests
Would-be computer saboteurs are trying to capitalize on the summer Olympics to introduce hidden code that compromises computers, warns ITD Cyber Security Officer Forrest Anderson.
Although the vulnerability is greatest for home computer users, anyone who has the authority to download applications from the Internet also could be at risk. The department’s computers are less vulnerable because few users have the authority to download “.exe” files, and download attempts by employees who are not authorized are blocked.
“It is really a greater risk to the home user, although we hope people have learned that opening .exe attachments is risky,” Anderson says.
Computer intruders recently tried a second-wave of Olympics-related malware that comes in the form of a movie file circulating on the Internet. The file poses as a cartoon ridiculing the effort of a Chinese gymnast at the games, followed by images that support a free Tibet. The file is “booby-trapped” with malware, Anderson says.
While the Flash-based movie runs, a keystroke-logging tool is installed on the victim’s Windows PC. The malware contains a hidden “rootkit functionality,” making it harder to detect and remove.
“The malicious cartoon is distributed as an e-mail attachment called “RaceForTibet.exe”. Data captured by the keystroke logger is sent to a computer in China. McAfee warns that pro-Tibet Web sites are being modified by attackers to host malicious software.
Idaho’s cyber security program Websense blocks the malicious sites and the .exe files that have been reported. It is being updated as new sites are identified, Anderson said.
“There may still be sites being exploited that Websense has not yet identified or blocked,” Anderson said. “Department employees need to be especially careful about the sites they visit and should not download any applications or content from the Internet that is not specifically needed for work.”
Users who have administrative authority on their computers are even more at risk because the malicious applications can take advantage of the user’s elevated permissions to further compromise the computer.
Report any suspicious Web sites to: cybersecurity@itd.idaho.gov
Published 4-18-8