Current Activity Calendar

	April 2008
Su	M	Tu	W	Th	F	Sa
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Please click on a date above to see current activity for that day.

April 24, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*April 24*	IRS Rebate Phishing Scam
*April 23*	Apple QuickTime Vulnerability Report
*April 22*	ICQ Vulnerability
*April 18*	Microsoft Releases Security Advisory (951306)
*April 17*	Apple Releases Safari 3.1.1
*April 17*	Mozilla Releases Firefox 2.0.0.14
*April 16*	Federal Subpoena Spear-Phishing Attack
*April 15*	Oracle Releases Critical Patch Update for April 2008
*April 15*	Multiple ClamAV Vulnerabilities
*April 14*	Oracle Issues Pre-Release Announcement for April Critical Patch Update

IRS Rebate Phishing Scam

added April 24, 2008 at 09:31 am

US-CERT is aware of a public report indicating that a phishing scam is circulating. This scam is related to the U.S. Internal Revenue Service economic stimulus rebate and arrives via email messages that appear to be from the IRS. The messages include text that attempts to convince users to follow a link to a website before a deadline to expedite the rebate process. This website requests that the user provide bank account information.

US-CERT encourages users to do the following to help mitigate the risks:

Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks (pdf) document for more information on social engineering attacks.
Refer to the Internal Revenue Service Service Suspicious e-Mails and Identity Theft website for more information on current scams.

Apple QuickTime Vulnerability Report

added April 23, 2008 at 06:33 pm

US-CERT is aware of a public report of a new vulnerability in Apple QuickTime. The report indicates that if a user opens a specially crafted QuickTime file, an attacker may be able to execute arbitrary code. This vulnerability may have several attack vectors, such as visiting a malicious or compromised website. US-CERT is currently investigating this report and will provide additional details as needed.

US-CERT encourages users to use caution when opening QuickTime files, and apply the best security practices described in the Securing Your Web Browser document, to help mitigate the risks.

ICQ Vulnerability

added April 22, 2008 at 01:10 pm

US-CERT is aware of public reports of a vulnerability in ICQ 6. This vulnerability is due to a heap buffer overflow condition in the "Personal Status Manager" feature that occurs when processing specially crafted status messages. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to update to ICQ 6.0.0.6059 to help mitigate the risks.

Microsoft Releases Security Advisory (951306)

added April 18, 2008 at 01:30 pm

Microsoft has released a Security Advisory to address a vulnerability in Windows. This vulnerability may allow an authenticated attacker to execute code with LocalSystem privileges.

US-CERT encourages users to review Microsoft Security Advisory 951306 and apply the workarounds.

Apple Releases Safari 3.1.1

added April 17, 2008 at 08:57 am

Apple has released Safari 3.1.1 to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or spoof the contents of the browser address bar.

US-CERT encourages users to review Apple's About the security content of Safari 3.1.1 document and upgrade to Safari 3.1.1 to help mitigate the risks.

Mozilla Releases Firefox 2.0.0.14

added April 17, 2008 at 08:57 am

Mozilla has released Firefox 2.0.0.14 to address a vulnerability in the JavaScript engine. This vulnerability is due to memory corruption errors during JavaScript garbage collection. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Products that use the Mozilla rendering engine, such as Thunderbird and SeaMonkey, may also be affected.

US-CERT encourages users to review Mozilla Foundation Security Advisory 2008-20 and apply any necessary updates or workarounds.

Federal Subpoena Spear-Phishing Attack

added April 15, 2008 at 08:31 am | updated April 16, 2008 at 09:34 am

US-CERT is aware of public reports of a spear-phishing attack circulating via email messages that claim to be federal subpoenas. These messages appear to be legitimate because they can contain very specific information about the message recipient. The message requests that the user follow a link to download additional information about the case, but if a user clicks on this link, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risk:

Review the alert posted by the U.S. Courts regarding this issue.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Install anti-virus software and keep virus signature files up to date.

Oracle Releases Critical Patch Update for April 2008

added April 15, 2008 at 04:30 pm

Oracle has released their Critical Patch Update for April 2008 to address 41 vulnerabilities across several products. This update contains the following security fixes:

17 updates for Oracle Database
3 updates for Oracle Enterprise Manager
11 updates for Oracle E-Business Suite
1 update for the Oracle Enterprise Manager
3 updates for Oracle PeopleSoft Enterprise products
6 updates for Oracle Siebel SimBuilder products

US-CERT encourages users to review the April Critical Patch Update and apply any necessary updates.

Multiple ClamAV Vulnerabilities

added April 14, 2008 at 03:32 pm | updated April 15, 2008 at 12:45 pm

Clam AntiVirus has released ClamAV 0.93 to address multiple vulnerabilities. Two of these vulnerabilities are due to buffer overflow conditions in the handling of Upack executables in libclamav/pe.c and PeSpin packed executables in libclamav/spin.c. There are two additional vulnerabilities due to improper handling of ARJ and RAR archives. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the changelog and update to ClamAV 0.93 to help mitigate the risks.

Oracle Issues Pre-Release Announcement for April Critical Patch Update

added April 14, 2008 at 03:17 pm

Oracle has issued a Pre-Release Announcement indicating that its April Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products.

The announcement further states that there are:

17 updates for Oracle Database
3 updates for Oracle Enterprise Manager
11 updates for Oracle E-Business Suite
1 update for the Oracle Enterprise Manager
3 updates for Oracle PeopleSoft Enterprise products
6 updates for Oracle Siebel SimBuilder products

The release is scheduled for Tuesday, April 15, 2008.

We will provide additional information as it becomes available.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory