Current Activity Calendar

	November 2007
Su	M	Tu	W	Th	F	Sa
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Please click on a date above to see current activity for that day.

November 29, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*November 29*	FBI Announces Results of Operation Bot Roast II
*November 29*	IBM Lotus Notes Email Attachment Vulnerability
*November 28*	Search Engines Results Linking to Malicious Web Sites
*November 27*	Vulnerability in Apple QuickTime
*November 21*	iFrame Attack Affects Monster.com
*November 20*	Department of Justice Fraudulent Spam Email Variant
*November 19*	Trojan Spreading via MSN Messenger

FBI Announces Results of Operation Bot Roast II

added November 29, 2007 at 02:27 pm

Today the FBI announced the results of the second phase of its continuing investigation into a growing and serious problem involving criminal use of botnets. Operation "Bot Roast II" has successfully identified and captured eight individuals responsible for infecting over 1 million compromised computers.

For more information, visit http://www.us-cert.gov/press_room/botroast_200711.html.

IBM Lotus Notes Email Attachment Vulnerability

added November 29, 2007 at 10:58 am

US-CERT is aware of public reports stating the WorkSheet file processor in IBM Lotus Notes may be susceptible to a buffer overflow. According to the reports, the vulnerability affects users that view specially crafted email attachments. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands on a affected system.

To help protect against this type of attack, US-CERT recommends that users never open attachments from unsolicited email messages. More information on how to safely utilize email attachments can be found in the US-CERT "Using Caution with Email Attachments" Cyber Security Tip.

Search Engines Results Linking to Malicious Web Sites

added November 28, 2007 at 12:08 pm

US-CERT is aware of public reports of popular search engines returning results with links to malicious web sites. The reports suggest that attackers have utilized methods to increase the ranking of their web sites to facilitate these attacks.

More information regarding this can be found in the SANS Internet Storm Center.

US-CERT recommends the following to help mitigate the impact of these attacks:

Do not follow search results that link to unknown or questionable web sites.
Install anti-virus software, and keep its virus signature files up-to-date.
Maintain patches and updates for your operating system.

Vulnerability in Apple QuickTime

added November 26, 2007 at 11:19 am | updated November 27, 2007 at 11:13 am

US-CERT is aware of publicly available exploit code for a vulnerability in Apple QuickTime. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition on an affected system.

US-CERT encourages users and administrators to follow mitigation strategies in the Vulnerability Notes Database and consider following the best security practices found in the Securing Your Web Browser document.

iFrame Attack Affects Monster.com

added November 21, 2007 at 10:42 am

US-CERT is aware of an iFrame attack that affected Monster.com, causing it to take down a portion of its web site yesterday. Attackers embedded malicious iFrames that redirected users to another web site that when visited, could download and install malware on the user's system.

Monster.com has sanitized its web site and restored the portions of the site it had taken down. Monster.com believes that only a very small percentage of those visiting during this time were potentially infected. In addition, Monster.com has stated that users running Windows with the most recent updates applied were not affected.

US-CERT urges users and administrators to take the following preventative measures to help mitigate the security risks:

Configure your web browser as described in the Securing Your Web Browser document.
Install anti-virus software, and keep its virus signature files up-to-date.
Install latest versions of software to ensure that is is up-to-date

Department of Justice Fraudulent Spam Email Variant

added November 20, 2007 at 09:26 am

US-CERT is aware of reports of a variant of spam e-mail messages claiming to be from the Department of Justice (DOJ), previously reported in "Justice Depart Warns Public of Fraudulent Spam Email." These messages contain a malicious attachment that supposedly contains information regarding complaints filed against the recipient's company with the DOJ. The attachment launches malware on the user's system when opened.

To help protect against this type of attack, US-CERT recommends that users never open attachments from unsolicited email messages. More information on how to safely utilize email attachments can be found in the US-CERT "Using Caution with Email Attachments" Cyber Security Tip.

Trojan Spreading via MSN Messenger

added November 19, 2007 at 11:12 am

US-CERT is aware of reports of a Trojan spreading via MSN Messenger. The Trojan arrives as a chat message that appears to contain an image file, that when opened, downloads and installs a Internet Relay Chat Bot. These messages may appear to come from a known contact.

US-CERT urges users and administrators to take the following preventative measures to help mitigate the security risks:

Install anti-virus software, and keep virus signature files up-to-date.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory