Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
April 2008
 Right Arrow
Su M Tu W Th F Sa
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    April 04, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    April 4RealPlayer Update Released
    April 4CA BrightStor ARCserve Backup Vulnerabilities
    April 4Cisco Unified Communication Disaster Recovery Framework Vulnerability
    April 3Microsoft Releases Advance Notification for April Security Bulletin
    April 3Opera 9.27 Released
    April 3Apple Releases QuickTime 7.4.5
    April 1PayPal Phishing Attack
    April 1Macrovision InstallShield ActiveX Vulnerability
    April 1Internal Revenue Service Scams
    April 1Storm Worm Activity Related to April Fools Day


    RealPlayer Update Released

    added April 4, 2008 at 02:35 pm

    RealPlayer has released an update to address an ActiveX vulnerability. This vulnerability is due to improper handling of  multiple properties of the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. At this time, US-CERT has seen reports of active exploitation of this vulnerability.

    US-CERT encourages users to do the following to help mitigate the risk:

    US-CERT will provide more information as it becomes available.


    CA BrightStor ARCserve Backup Vulnerabilities

    added April 4, 2008 at 11:36 am

    CA has released updates to address multiple vulnerabilities in BrightStor ARCserve Backup and other CA products. These vulnerabilities are due to boundary errors within the CA Alert Notification Server service. These vulnerabilities may allow a local attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users to review the CA Security Notice for Alert Notification Server for a complete list of affected products and apply any necessary updates.


    Cisco Unified Communication Disaster Recovery Framework Vulnerability

    added April 4, 2008 at 08:23 am

    Cisco has released a patch to address a vulnerability in the Unified Communication Disaster Recovery Framework. This vulnerability is due to improper authentication of requests received over the network. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, gain control of the affected system, obtain and modify system configuration parameters, or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review Cisco advisory cisco-sa-20080403-drf and apply the patch or use the workarounds.


    Microsoft Releases Advance Notification for April Security Bulletin

    added April 3, 2008 at 01:47 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that its April release cycle will contain eight bulletins, five of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Office. The release is scheduled for Tuesday, April 8.

    US-CERT will provide additional information as it becomes available.


    Opera 9.27 Released

    added April 3, 2008 at 10:35 am

    Opera Software has released Opera 9.27 to address multiple vulnerabilities. These vulnerabilities are cause by errors that occur when the user is prompted to add newsfeeds and by issues in the processing of HTML CANVAS elements. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users to review Opera knowledgebase advisories 881 and 882 and upgrade to Opera 9.27 to help mitigate the risks.


    Apple Releases QuickTime 7.4.5

    added April 3, 2008 at 08:54 am

    Apple has released QuickTime 7.4.5 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or obtain sensitive information.

    US-CERT encourages users to review Apple knowledgebase article HT1241 and upgrade to Quicktime 7.4.5 to help mitigate the risks.


    PayPal Phishing Attack

    added April 1, 2008 at 10:22 am

    US-CERT has seen reports of a phishing attack that targets PayPal users. The attack arrives via an unsolicited email message containing an HTML attachment. The message indicates that the attachment is a verification form intended to offer the user protection from fraudulent activity. Users who open the attachment are instructed to enter their email address and PayPal password. This information is then sent to an attacker.

    US-CERT encourages users to do the following to help mitigate the risks:


    Macrovision InstallShield ActiveX Vulnerability

    added April 1, 2008 at 10:21 am

    US-CERT has seen reports of a vulnerability in Macrovision InstallShield. This vulnerability is due to an error in the One-Click Install ActiveX control for InstallScript projects. This ActiveX control is used for loading DLL files. If a user visits a specially crafted website, a maliciously crafted DLL file may be loaded onto the user's system, allowing an attacker to execute arbitrary code.

    US-CERT encourages users to do the following to help mitigate the risks:

    • Review Macrovision Knowledge Base article Q113640 and apply the appropriate hotfix.
    • Set the kill bit for CLSID {53D40FAA-4E21-459f-AA87-E4D97FC3245A}.
    • Disable ActiveX as described in the Securing Your Web Browser document.


    Internal Revenue Service Scams

    added March 31, 2008 at 03:27 pm | updated April 1, 2008 at 10:20 am

    US-CERT is aware of a series of email scams circulating that are related to the United States Internal Revenue Service. Attacks have been observed that use email to convince users to perform the following actions:

    • open an email attachment containing bogus tax documents that are embedded with malicious code
    • follow a link to an unofficial tax website that contains malicious code
    • follow a link to an unofficial tax website that requests personal information from the users as part of a phishing attack
    • call an unofficial phone number that requests personal information from the user as part of a phishing attack
    US-CERT encourages users to do the following to help mitigate the risks:


    Storm Worm Activity Related to April Fools Day

    added April 1, 2008 at 08:29 am

    US-CERT is aware of a recent increase in Storm Worm activity. The latest activity is related to April Fools Day (April 1). This Trojan is spread via unsolicited email messages that attempt to convince users to follow a link to a malicious website. If a user follows this link, the Trojan may attempt to download and install itself on the user's system.

    Currently, this variant of the Storm Worm Trojan is being observed as having the following file names:

    • aromis.exe
    • foolsday.exe
    • funny.exe
    • kickme.exe
    Subject lines can change at any time, but the following are currently being seen:
    • All Fools' Day
    • Doh! All's Fool
    • Doh! April's Fool
    • Gotcha!
    • Gotcha! All Fool!
    • Gotcha! April Fool!
    • Happy All Fool's Day
    • Happy All Fools Day!
    • Happy All Fools!
    • Happy April Fool's Day
    • Happy April Fools Day!
    • Happy Fools Day!
    • I am a Fool for your Love
    • Join the Laugh-A-Lot!
    • Just You
    • One who is sportively imposed upon by others on the first day of April
    • Surprise!
    • Surprise! The joke's on you
    • Today You Can Officially Act Foolish
    • Today's Joke!
    US-CERT encourages users and administrators to do the following to help mitigate the risk: