June 29, 2007 - Current Activity

New Storm Worm Variant Spreads through Social Engineering

US-CERT is aware of a new variant of the Trojan Worm known as "Storm Worm" that uses social engineering with mass mailing to spread to unsuspecting victims. This variant of Storm Worm arrives as an email message with the subject line "You've received a postcard from a family member!", and contains a link to a malicious website that, when visited, installs malware on the user's system.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Block executable and unknown file types at the email gateway.
• Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  

Publicly Available Exploit Code for a Vulnerability in RealNetworks Media Players

US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in RealNetworks media players. By supplying a user with a crafted media file or stream, a remote unauthenticated attacker could execute arbitrary code or cause a denial-of-service condition on a vulnerable system.

More information regarding this vulnerability can be found in Vulnerability Note VU#770904 and iDefense Labs Public Advisory: 06.26.07.

To help mitigate the security risk, US-CERT recommends users upgrade their media player to the latest version as soon as possible.

Justice Department Warns Public of Fraudulent Spam Email

The United States Department of Justice has released information warning the public of a recent surge in fraudulent spam e-mail messages claiming to be from the DOJ.  The messages contain a malicious attachment that supposedly contains information regarding complaints filed against them with the DOJ and IRS, but instead launches malware on the user's system when opened.

More information regarding these messages can be found in the DOJ  Justice Department Alerts Public about Fraudulent Spam Email Press Release.

To help protect against this type of attack, US-CERT recommends that users never open attachments from unsolicited email messages. More information on how to safely utilize email attachments can be found in the US-CERT Using Caution with Email Attachments Cyber Security Tip.

Multiple Vulnerabilities in Kerberos Administration Daemon

US-CERT is aware of multiple vulnerabilities in the Kerberos administration daemon that may allow a remote user to execute arbitrary code or cause a denial-of-service condition on an affected system.

More information regarding these vulnerabilities may be found in the following:

• Technical Cyber Security Alert TA07-177A
• Vulnerability Notes Database
• MIT krb5 Security Advisory 2007-004
• MIT krb5 Security Advisory 2007-005

Apple Releases Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to Address Multiple Vulnerabilities

Apple has released Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to address multiple vulnerabilities in WebCore, WebKit, and Safari 3 Beta. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or alter the contents of the address bar in the Safari web browser.

More information regarding the vulnerabilities and remediation information can be found in the following:

• Vulnerability Notes Database
• Apple Security Update 2007-006
• Safari Beta 3 Download Site

CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database

Computer Associates has released updates to address several vulnerabilities in products that use the Ingres database. These vulnerabilities may allow an attacker to execute arbitrary code on an affected system.

More information regarding these vulnerabilities and which applications are affected can be found in the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document.

US-CERT strongly encourages users to review the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document and follow best-practice security policies to determine what updates should be applied.

Cerulean Studios Trillian Instant Messenger Vulnerability

US-CERT is aware of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger. The vulnerability may be exploited by viewing a malicious message containing a specially crafted UTF-8 string. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code with the credentials of the currently logged on user.

More information about this vulnerability can be found in Vulnerability Note VU#187033.

US-CERT encourages users to upgrade to Trillian 3.1.6.0 which has been released to address this vulnerability.