Current Activity Calendar

	August 2007
Su	M	Tu	W	Th	F	Sa
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Please click on a date above to see current activity for that day.

August 31, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*August 30*	USAJOBS and Monster Resume Database Compromise
*August 29*	Quiksoft EasyMail SMTP ActiveX Control Vulnerabilities
*August 29*	Cisco Releases Security Advisory for Vulnerabilities in Cisco CallManager and Unified Communications Manager
*August 28*	Several New Storm Worm Trojan Propagation Techniques
*August 28*	MSN Messenger Web Camera Stream Vulnerability
*August 23*	Multiple Vulnerabilities in Trend Micro Products
*August 17*	Yahoo! Messenger Web Camera Invitation Handling Vulnerability

USAJOBS and Monster Resume Database Compromise

added August 30, 2007 at 02:29 pm

US-CERT is aware of a database compromise affecting Monster.com. Reports indicate that the resume database was targeted and that subscriber names, addresses, phone numbers, and email addresses were disclosed to the attacker. This compromise also affects USAJOBS.gov subscribers as Monster Worldwide is the technology provider for USAJOBS. Monster states that social security numbers have not been compromised as USAJOBS has security policies in place to safeguard them.

More information may be found at the following:

Users are encouraged to take the following measures to protect themselves from potential phishing attacks that may result from this compromise:

    * Do not follow unsolicited web links received in email messages.
    * Contact your financial institution immediately if you believe your account and/or financial information has been compromised.
    * Verify the legitimacy of the email by contacting the company directly through a trusted contact number.
    * Visit the Anti-Phishing Working Group for more information on known phishing attacks.

For additional information regarding phishing, US-CERT recommends reading the following documents:

   1. Technical Trends in Phishing Attacks
   2. Recognizing and Avoiding Email Scams
   3. Avoiding Social Engineering and Phishing Attacks

Quiksoft EasyMail SMTP ActiveX Control Vulnerabilities

added August 29, 2007 at 03:56 pm

US-CERT is aware of publicly available exploit code for vulnerabilities in the Quiksoft EasyMail SMTP ActiveX control. This control is packaged with several applications, including Earthlink internet access software. These stack buffer overflow vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

More information about this vulnerability can be found in the Vulnerability Note VU#281977.

US-CERT recommends the workarounds as described in Vulnerability Note VU#281977 to help mitigate the security risks.

Cisco Releases Security Advisory for Vulnerabilities in Cisco CallManager and Unified Communications Manager

added August 29, 2007 at 02:18 pm

Cisco has issued a Security Advisory to address vulnerabilities in their CallManager and Unified Communications Manager products. These vulnerabilities may allow an attacker to perform cross-site scripting or SQL injection attacks.

More information regarding these vulnerabilities can be found in the Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page.

US-CERT strongly recommends that administrators review the Cisco Security Advisory above and follow best-practice security policies to determine what updates or workarounds should be applied.

Several New Storm Worm Trojan Propagation Techniques

added August 21, 2007 at 03:58 pm | updated August 28, 2007 at 11:19 am

US-CERT is aware of several new propagation techniques being used by the Storm Worm Trojan to spread. The new variants arrive as an email message claiming to contain a link to adult pictures, an erroneous YouTube video link, or as credentials for a membership-based website, asking you to login to change your temporary ID and password. The messages contain links to malicious websites that when visited, install malware on the user's system.

The latest variations may contain some of the following subject lines:

Dude, what if you wife finds this?
lol, what are you doing?
I can't believe you did this
LOL, that is too cool....
Sheesh man, what are you thinkin...
LMAO, your crazy man

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

Do not follow unsolicited links.
Configure your web browser as described in the Securing Your Web Browser document.
Install anti-virus software, and keep its virus signature files up-to-date.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

MSN Messenger Web Camera Stream Vulnerability

added August 28, 2007 at 10:44 am

MSN Messenger and Windows Live Messenger contain a heap overflow in the handling of malformed webcam streams. By convincing a user to accept a webcam invitation, a remote attacker may be able to execute arbitrary code with the privileges of the user on an affected system.

US-CERT is aware of publicly available exploit code for this vulnerability.

More information regarding this vulnerability can be found in Vulnerability Note VU#166521.

US-CERT recommends users upgrade to Windows Live Messenger 8.1 to mitigate the security risk.

Multiple Vulnerabilities in Trend Micro Products

added August 22, 2007 at 12:58 pm | updated August 23, 2007 at 03:54 pm

Trend Micro has released updates to address several vulnerabilities in their ServerProtect, AntiSpyware, and PC-cillin Internet Security products. By sending a crafted RPC request or creating a file on the local file system with an overly long path, an attacker may be able to cause a denial-of-service condition or execute arbitrary code on an affected system.

US-CERT is aware of reports of activity that may indicate attempts to exploit one or more of these vulnerabilities.

More information regarding the vulnerabilities, affected products, and fixes can be found in the following:

Technical Cyber Security Alert TA07-235A
Vulnerability Notes Database
ServerProtect Security Patch 4 - Build 1185 README
Trend Micro Solution Detail 1035845

To mitigate the security risks, US-CERT recommends that users and administrators apply the patches and hot fixes as described in the above documents as soon as possible.

Yahoo! Messenger Web Camera Invitation Handling Vulnerability

added August 16, 2007 at 10:05 am | updated August 17, 2007 at 11:21 am

US-CERT is aware of a publicly reported heap overflow vulnerability in Yahoo! Messenger. By enticing a user to accept a specially crafted web camera invitation, a remote attacker may be able to cause a a denial-of-service condition or execute arbitrary code on an affected system.

More information regarding this vulnerability can be found in Vulnerability Note VU#515968.

Until a fix is available, US-CERT recommends that users reject all web camera invitations and block outgoing network traffic on TCP port 5100.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory