Current Activity Calendar

	December 2007
Su	M	Tu	W	Th	F	Sa
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Please click on a date above to see current activity for that day.

December 04, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*December 4*	Microsoft Releases Security Advisory to Address Web Proxy Auto-Discovery Vulnerability
*November 29*	FBI Announces Results of Operation Bot Roast II
*November 29*	IBM Lotus Notes Email Attachment Vulnerability
*November 28*	Search Engines Results Linking to Malicious Web Sites
*November 27*	Vulnerability in Apple QuickTime
*November 21*	iFrame Attack Affects Monster.com
*November 20*	Department of Justice Fraudulent Spam Email Variant

Microsoft Releases Security Advisory to Address Web Proxy Auto-Discovery Vulnerability

added December 4, 2007 at 10:10 am

Microsoft has released Microsoft Security Advisory 945713 in response to a vulnerability in Web Proxy Auto-Discovery (WPAD). This vulnerability may allow an attacker to conduct a man-in-the-middle attack and gain access to sensitive information.

US-CERT encourages users to review Microsoft Security Advisory 945713 and apply the workarounds to mitigate risk.

More information will be provided as it becomes available.

FBI Announces Results of Operation Bot Roast II

added November 29, 2007 at 02:27 pm

Today the FBI announced the results of the second phase of its continuing investigation into a growing and serious problem involving criminal use of botnets. Operation "Bot Roast II" has successfully identified and captured eight individuals responsible for infecting over 1 million compromised computers.

For more information, visit http://www.us-cert.gov/press_room/botroast_200711.html.

IBM Lotus Notes Email Attachment Vulnerability

added November 29, 2007 at 10:58 am

US-CERT is aware of public reports stating the WorkSheet file processor in IBM Lotus Notes may be susceptible to a buffer overflow. According to the reports, the vulnerability affects users that view specially crafted email attachments. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands on a affected system.

To help protect against this type of attack, US-CERT recommends that users never open attachments from unsolicited email messages. More information on how to safely utilize email attachments can be found in the US-CERT "Using Caution with Email Attachments" Cyber Security Tip.

Search Engines Results Linking to Malicious Web Sites

added November 28, 2007 at 12:08 pm

US-CERT is aware of public reports of popular search engines returning results with links to malicious web sites. The reports suggest that attackers have utilized methods to increase the ranking of their web sites to facilitate these attacks.

More information regarding this can be found in the SANS Internet Storm Center.

US-CERT recommends the following to help mitigate the impact of these attacks:

Do not follow search results that link to unknown or questionable web sites.
Install anti-virus software, and keep its virus signature files up-to-date.
Maintain patches and updates for your operating system.

Vulnerability in Apple QuickTime

added November 26, 2007 at 11:19 am | updated November 27, 2007 at 11:13 am

US-CERT is aware of publicly available exploit code for a vulnerability in Apple QuickTime. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition on an affected system.

US-CERT encourages users and administrators to follow mitigation strategies in the Vulnerability Notes Database and consider following the best security practices found in the Securing Your Web Browser document.

iFrame Attack Affects Monster.com

added November 21, 2007 at 10:42 am

US-CERT is aware of an iFrame attack that affected Monster.com, causing it to take down a portion of its web site yesterday. Attackers embedded malicious iFrames that redirected users to another web site that when visited, could download and install malware on the user's system.

Monster.com has sanitized its web site and restored the portions of the site it had taken down. Monster.com believes that only a very small percentage of those visiting during this time were potentially infected. In addition, Monster.com has stated that users running Windows with the most recent updates applied were not affected.

US-CERT urges users and administrators to take the following preventative measures to help mitigate the security risks:

Configure your web browser as described in the Securing Your Web Browser document.
Install anti-virus software, and keep its virus signature files up-to-date.
Install latest versions of software to ensure that is is up-to-date

Department of Justice Fraudulent Spam Email Variant

added November 20, 2007 at 09:26 am

US-CERT is aware of reports of a variant of spam e-mail messages claiming to be from the Department of Justice (DOJ), previously reported in "Justice Depart Warns Public of Fraudulent Spam Email." These messages contain a malicious attachment that supposedly contains information regarding complaints filed against the recipient's company with the DOJ. The attachment launches malware on the user's system when opened.

To help protect against this type of attack, US-CERT recommends that users never open attachments from unsolicited email messages. More information on how to safely utilize email attachments can be found in the US-CERT "Using Caution with Email Attachments" Cyber Security Tip.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory