Forbidden Web

Apr 04, 2008 CA BrightStor ARCserve Backup Vulnerabilities
CA has released updates to address multiple vulnerabilities in BrightStor ARCserve Backup and other CA products. These vulnerabilities are due to boundary errors within the CA Alert Notification Server service. These vulnerabilities may allow a local attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the CA Security Notice for Alert Notification Server for a complete list of affected products and apply any necessary updates.
Apr 04, 2008 Cisco Unified Communication Disaster Recovery Framework Vulnerability
Cisco has released a patch to address a vulnerability in the Unified Communication Disaster Recovery Framework. This vulnerability is due to improper authentication of requests received over the network. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, gain control of the affected system, obtain and modify system configuration parameters, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco advisory cisco-sa-20080403-drf and apply the patch or use the workarounds.
Apr 03, 2008 Microsoft Releases Advance Notification for April Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its April release cycle will contain eight bulletins, five of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Office. The release is scheduled for Tuesday, April 8.

US-CERT will provide additional information as it becomes available.
Apr 03, 2008 Opera 9.27 Released
Opera Software has released Opera 9.27 to address multiple vulnerabilities. These vulnerabilities are cause by errors that occur when the user is prompted to add newsfeeds and by issues in the processing of HTML CANVAS elements. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Opera knowledgebase advisories 881 and 882 and upgrade to Opera 9.27 to help mitigate the risks.
Apr 03, 2008 Apple Releases QuickTime 7.4.5
Apple has released QuickTime 7.4.5 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users to review Apple knowledgebase article HT1241 and upgrade to Quicktime 7.4.5 to help mitigate the risks.
Apr 01, 2008 Macrovision InstallShield ActiveX Vulnerability
US-CERT has seen reports of a vulnerability in Macrovision InstallShield. This vulnerability is due to an error in the One-Click Install ActiveX control for InstallScript projects. This ActiveX control is used for loading DLL files. If a user visits a specially crafted website, a maliciously crafted DLL file may be loaded onto the user's system, allowing an attacker to execute arbitrary code.

US-CERT encourages users to do the following to help mitigate the risks:
  • Review Macrovision Knowledge Base article Q113640 and apply the appropriate hotfix.
  • Set the kill bit for CLSID {53D40FAA-4E21-459f-AA87-E4D97FC3245A}.
  • Disable ActiveX as described in the Securing Your Web Browser document.
Apr 01, 2008 PayPal Phishing Attack
US-CERT has seen reports of a phishing attack that targets PayPal users. The attack arrives via an unsolicited email message containing an HTML attachment. The message indicates that the attachment is a verification form intended to offer the user protection from fraudulent activity. Users who open the attachment are instructed to enter their email address and PayPal password. This information is then sent to an attacker.

US-CERT encourages users to do the following to help mitigate the risks:
Apr 01, 2008 Storm Worm Activity Related to April Fools Day
US-CERT is aware of a recent increase in Storm Worm activity. The latest activity is related to April Fools Day (April 1). This Trojan is spread via unsolicited email messages that attempt to convince users to follow a link to a malicious website. If a user follows this link, the Trojan may attempt to download and install itself on the user's system.

Currently, this variant of the Storm Worm Trojan is being observed as having the following file names:
  • aromis.exe
  • foolsday.exe
  • funny.exe
  • kickme.exe
Subject lines can change at any time, but the following are currently being seen:
  • All Fools' Day
  • Doh! All's Fool
  • Doh! April's Fool
  • Gotcha!
  • Gotcha! All Fool!
  • Gotcha! April Fool!
  • Happy All Fool's Day
  • Happy All Fools Day!
  • Happy All Fools!
  • Happy April Fool's Day
  • Happy April Fools Day!
  • Happy Fools Day!
  • I am a Fool for your Love
  • Join the Laugh-A-Lot!
  • Just You
  • One who is sportively imposed upon by others on the first day of April
  • Surprise!
  • Surprise! The joke's on you
  • Today You Can Officially Act Foolish
  • Today's Joke!
US-CERT encourages users and administrators to do the following to help mitigate the risk:
Mar 31, 2008 Internal Revenue Service Scams
US-CERT is aware of a series of scams circulating that are related to the United States Internal Revenue Service.

The first of these attacks, attempts to convince users to open bogus tax documents that may contain malicious code. Additional attacks attempt to convince users to follow a link in an email message to an unofficial tax website that may contain malicious code or request personal information as part of a phishing scam.

US-CERT encourages users to do the following to help mitigate the risks:
Mar 26, 2008 Cisco Releases Security Advisories
Cisco has released five security advisories to address multiple vulnerabilities in Cisco IOS. These vulnerabilities may allow a remote, unauthenticated attacker to cause a denial-of-service condition on the affected device.

US-CERT encourages users to review the Cisco Security Advisories and apply the appropriate updates or workarounds.