Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
April 2007
 Right Arrow
Su M Tu W Th F Sa
1
 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    April 18, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    April 18 Oracle Releases Critical Patch Update for April 2007
    April 17Virginia Tech Tragedy May Spawn Phishing Sites
    April 17 New Rinbot Variant Attempting to Exploit Microsoft Windows DNS RPC Vulnerability
    April 16New Storm Worm Variant Spreads through Social Engineering
    April 16 Publicly Available Exploit Code for Vulnerability in RPC on Windows DNS Server
    April 13Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
    April 12Cisco Releases Security Advisories to Address Multiple Vulnerabilities in Cisco Wireless Products


    Oracle Releases Critical Patch Update for April 2007

    added April 18, 2007

    Oracle has released the Oracle Critical Patch Update (CPU) for April 2007. This update contains 36 new security fixes for multiple vulnerabilities in various Oracle products and components. The impacts of these vulnerabilities vary depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, disclosure of sensitive information, and denial of service.

    More information is available in the Critical Patch Update for April 2007.

    We strongly encourage Oracle administrators to review, test, and install the patches within the April 2007 CPU.


    Virginia Tech Tragedy May Spawn Phishing Sites

    added April 17, 2007

    In recent years, US-CERT has received reports of an increased number of phishing sites set up in the wake of tragedies and natural disasters. US-CERT reminds users to remain cautious when receiving unsolicited email that could be a potential phishing attempt.

    Phishing emails may appear as requests for donations from a charitable organization asking the users to click on a link that will then take them to a fraudulent web site that appears to be a legitimate charity. The users are then asked to provide personal information that can further expose them to future compromises.

    Users are encouraged to take the following measures to protect themselves from this type of phishing attack:

    • Do not follow unsolicited web links received in email messages.
    • Contact your financial institution immediately if you believe your account and/or financial information has been compromised.
    • Verify the legitimacy of the email by contacting the company directly through a trusted contact number.
    • Visit the Anti-Phishing Working Group for more information on known phishing attacks.

    For additional information regarding phishing, US-CERT recommends reading the following documents:

    1. Technical Trends in Phishing Attacks
    2. Recognizing and Avoiding Email Scams
    3. Avoiding Social Engineering and Phishing Attacks

    New Rinbot Variant Attempting to Exploit Microsoft Windows DNS RPC Vulnerability

    added April 17, 2007

    US-CERT is aware of a new variant of the Rinbot worm that is currently scanning for port 1025/tcp and attempting to exploit the recent buffer overflow vulnerability in the Microsoft Windows DNS service RPC management interface. Like other variants of Rinbot, this variant is an Internet Relay Chat controlled backdoor that may provide an attacker unauthorized remote access to a compromised machine.

    US-CERT recommends the following actions to help mitigate the security risks:

    • Install anti-virus software, and keep its virus signature files up-to-date.
    • Review Microsoft Security Advisory 935964 for additional information and workarounds.

    New Storm Worm Variant Spreads through Social Engineering

    added April 12, 2007 | updated April 16, 2007

    US-CERT is aware of a new variant of the Trojan Worm known as "Storm Worm" that uses social engineering with mass mailing to spread to unsuspecting victims. This variant of Storm Worm arrives as an email attachment and also propagates through network file shares. Clicking on the executable file in the email installs a rootkit that may mask the malicious software from virus scans and shut down running security programs. This virus then scans the machine's hard drive to harvest email addresses that can be used to launch a spam attack.

    Understanding that the subject lines can change at any time, we are currently aware of the following:

    • Worm Alert!
    • Worm Detected
    • Virus Alert
    • ATTN!
    • Trojan Detected!
    • Worm Activity Detected!
    • Spyware Detected!
    • Dream of You
    • Virus Activity Detected!

    The message body typically contains an image with text that warns of a worm and states that the attached .zip file is a patch for the worm. The .zip file is generally password-protected with the password given in the image. Passwords may differ among samples.

    US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:


    Publicly Available Exploit Code for Vulnerability in RPC on Windows DNS Server

    added April 16, 2007

    US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the Microsoft Windows DNS service RPC management interface. We are also aware of reports indicating this vulnerability is being actively exploited.

    More information about this vulnerability can be found in the following:

    US-CERT recommends the following actions to help mitigate the security risks:

    • Disable the RPC interface used by the Microsoft Windows DNS service
    • Block or Restrict access to RPC at the network perimeter

    Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution

    added April 13, 2007

    Microsoft has released a security advisory regarding a vulnerability in the Domain Name System (DNS) Server Service. This vulnerability affects Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.

    More information about this vulnerability can be found in the following:

    US-CERT will continue to investigate and provide additional information as it becomes available.


    Cisco Releases Security Advisories to Address Multiple Vulnerabilities in Cisco Wireless Products

    added April 12, 2007

    Cisco has released Security Advisories cisco-sa-20070412-wcs and cisco-sa-20070412-wlc to address multiple vulnerabilities in Cisco Wireless Control System, Wireless LAN Controller, and Lightweight Access Points. The impacts of these vulnerabilities include denial of service, information disclosure, access control list changes, privilege escalation, unauthorized access through fixed authentication credentials, and the ability to gain full administrative access.

    More information about these vulnerabilities is located in the following:

    • Cisco Security Advisory cisco-sa-20070412-wcs - Multiple Vulnerabilities in Cisco Wireless Control System
    • Cisco Security Advisory cisco-sa-20070412-wlc - Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points

    US-CERT encourages administrators to apply the fixes and workarounds as described in Cisco Security Advisories cisco-sa-20070412-wcs and cisco-sa-20070412-wlc