November 19, 2007 - Current Activity

Trojan Spreading via MSN Messenger

US-CERT is aware of reports of a Trojan spreading via MSN Messenger.  The Trojan arrives as a chat message that appears to contain an image file, that when opened, downloads and installs a Internet Relay Chat Bot. These messages may appear to come from a known contact.

US-CERT urges users and administrators to take the following preventative measures to help mitigate the security risks:

• Install anti-virus software, and keep virus signature files up-to-date.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Mac OS X Leopard Firewall Changes

Apple's Mac OS X Leopard includes an application-based firewall feature. US-CERT is aware of ambiguities in the way the firewall components supplied with Leopard report the status of the firewall configuration. Users may be misinformed of the status of their firewall rule set, thus placing listening network services at an increased risk.

Apple has published Mac OS X v10.5.1 Update to address this issue.  US-CERT encourages users to apply this update to mitigate this risk.

Apple Releases Security Updates to Address Multiple Vulnerabilities

Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to address multiple vulnerabilities.  These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or access the system with escalated privileges.

More information regarding the vulnerabilities and remediation information can be found in:

• Technical Cyber Security Alert TA-07-319A
• Vulnerability Notes Database
• Apple Support Article ID: 307041

False Microsoft Update Emails Circulating

US-CERT is aware of false Microsoft Update email messages being publicly circulated.  These messages contain multiple links that may direct a user to a malicious web site.  The impact of following these links is currently unknown, more information will be provided as it becomes available.

US-CERT encourages users to take the following measures to protect themselves:

• Do not follow unsolicited web links in email messages
• Follow the Microsoft guidelines for recognizing fraudulent email messages
  

Microsoft Releases November Security Bulletins

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for November 2007.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA07-317A.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Public Exploit for Oracle Database Server Vulnerability

US-CERT is aware of publicly available exploit code for a vulnerability that affects Oracle Database Server. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code on affected systems. 

US-CERT will provide more information as it becomes available.

Microsoft Releases Advance Notification for November Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release cycle will contain two bulletins, one of which has a severity rating of Critical. The notification states that both bulletins are for Windows.  The release is scheduled for Tuesday, November 13, 2007.

US-CERT will provide additional information as it becomes available.