January 09, 2008 - Current Activity

New iPhone Trojan Spreading

US-CERT has received reports of a new Trojan horse program that affects the Apple iPhone. This Trojan claims to be a tool used to prepare the device for an upgrade to firmware version 1.1.3. When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.

US-CERT strongly encourages users to install updates and application software only from trusted sources. 

Microsoft Releases January Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for January 2008.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-008A and in the Vulnerability Notes Database.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Microsoft Releases Advance Notification for January Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its January release cycle will contain 2 bulletins, one of which have a severity rating of Critical. The notification states that both of the bulletins are for the Windows operating system. The release is scheduled for Tuesday, January 8, 2008.

US-CERT will provide additional information as it becomes available.

Flash File Cross-Site Scripting Vulnerabilities

US-CERT is aware of reported vulnerabilities in Flash (SWF) files that may allow a remote, unauthenticated attacker to conduct cross-site scripting attacks on a vulnerable system. The flaws exist in the way that input is validated when passed to embedded ActionScript and JavaScript in the SWF file. Authoring tools that automatically generate Flash files may introduce these vulnerabilities.
 
More information regarding these vulnerabilities can be found in: 

• Vulnerability Note VU#249337
• Web site document "XSS Vulnerabilities in Common Shockwave Flash Files" 
  

Publicly Available Exploit Code for RealPlayer

US-CERT is aware of a public report stating that working exploit code is available for RealPlayer.  This exploit is reported to affect RealPlayer 11 build 6.0.14.748.

US-CERT will provide more information as it becomes available.

Storm Worm Activity Increases During Holiday Season

US-CERT is aware of an increase in Storm Worm related activity. The latest activity is centered around messages related to the New Year. This Trojan is spread via an unsolicited email message that contains a link to a malicious web site. When the malicious link is followed, the Trojan may attempt to exploit an unpatched vulnerability or continue to rely on social engineering to download and install the file on the user's system.

Subject lines can change at any time, but the following are currently being used:

• A fresh new year
• A fresh new year...
• As you embrace another new year
• Blasting new year
• Happy 2008 To You!
• Happy 2008!
• Happy New Year To (emailhere)
• Happy New Year To You!
• Happy New Year!
• It's the new Year
• Joyous new year
• Lots of greetings on new year
• Message for new year
• New Hope and New Beginnings...
• New Year Ecard
• New Year Postcard
• New Year wishes for you
• Opportunities for the new year
• Wishes for the new year
• Christmas Email
• Cold Winter Nights
• Feel the Holiday Spirit
• Find Some Christmas Tail
• Ho Ho Ho.s
• How.s It Goin
• I love this Carol!
• Jingle Bells, Jingle Bells
• Looking for something hot this Christmas
• Merry Christmas From your Secret Santa
• Merry Christmas To All
• Mrs. Clause
• Mrs. Clause Is Out Tonight!
• Santa Said, HO HO HO
• Seasons Greetings
• The Perfect Christmas
• The Twelve Girls of Christmas
• Time for a little Christmas Cheer.
• Warm Up this Christmas
• Your Secret Santa

• happy-2008.exe
• happy2008.exe
• stripshow.exe
• happynewyear2008.exe
  

• hxxp://newyearcards2008.com/
• hxxp://merrychristmasdude.com
• hxxp://ptowl.com
• hxxp://uhavepostcard.com
• hxxp://yxbegan.com
• hxxp://happycards2008.com

• Install anti-virus software, and keep its virus signature files up-to-date.
• Block executable and unknown file types at the email gateway.
• Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Adobe Flash Player Vulnerabilities

Adobe has released updates described in the Adobe Security bulletin to address multiple vulnerabilities in Flash Player. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, and cross-site scripting. The Adobe Security bulletin states that all platforms running a vulnerable version of Flash Player are affected.

Note that CVE-2007-4324 was addressed by providing additional functionality to ActionScript, which mitigates this vulnerability. See Adobe kb402956 for more information regarding this specific CVE.

More information regarding the vulnerabilities and remediation information can be found in the following:

• Technical Cyber Security Alert TA07-355A
• Vulnerability Notes Database
• Adobe Security bulletin