US-CERT Current Activity

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: February 27, 2012 14:48:53 EST

*February 23*	DNSChanger Malware
*February 16*	Adobe Releases Security Advisory for Adobe Flash Player
*February 16*	Google Releases Chrome 17.0.963.56
*February 15*	Cisco Releases Security Advisory for Cisco NX-OS
*February 14*	Oracle Releases Critical Patch Update for February 2012
*February 14*	Microsoft Releases February Security Bulletin
*February 14*	Adobe Releases Security Bulletins for Adobe Shockwave Player and RoboHelp
*February 13*	Mozilla Releases Firefox 10.0.1
*February 10*	U.S. Tax Season Phishing Scams and Malware Campaigns
*February 8*	Google Releases Chrome 17.0.963.46

DNSChanger Malware

added February 23, 2012 at 01:52 pm

In November 2011, U.S. Federal prosecutors announced Operation Ghost Click, an investigation that resulted in the arrests of a ring of seven people who allegedly infected millions of computers with DNSChanger malware.

The malware may prevent users' anti-virus software from functioning properly and hijack the domain name system (DNS) on infected systems. Systems affected by DNS hijacking may send internet requests to a rogue DNS server rather than a legitimate one.

To prevent millions of Internet users infected with the DNSChanger malware from losing Internet connectivity when the members of the ring where arrested, the FBI replaced rogue DNS servers with clean servers.

However, the court order allowing the FBI to provide the clean servers is set to expire on March 8, 2012. Computers that are infected with the DNSChanger malware may lose Internet connectivity when these FBI servers are taken offline.

US-CERT encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger malware. Computers testing positive for infection of the DNSChanger malware will need to be cleaned of the malware to ensure continued Internet connectivity.

Users and administrators are encouraged to implement the following preventative measures to protect themselves from malware campaigns:

Maintain up-to-date antivirus software.
Do not follow unsolicited web links in email messages.
Configure your web browser as described in the Securing Your Web Browser document.
Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
Implement best security practices as described in the Ten Ways to Improve the Security of a New Computer (pdf) document.

Adobe Releases Security Advisory for Adobe Flash Player

added February 16, 2012 at 09:56 am

Adobe has released a security advisory to alert users of vulnerabilities affecting the following software:

Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems
Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x
Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x

Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition, take control of the affected system, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Adobe Security Bulletin APSB12-03 and apply any necessary updates to help mitigate the risk.

Google Releases Chrome 17.0.963.56

added February 16, 2012 at 09:36 am

Google has released Chrome 17.0.963.56 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 17.0.963.56.

Cisco Releases Security Advisory for Cisco NX-OS

added February 15, 2012 at 02:47 pm

Cisco has released a security advisory to address a vulnerability in the following Cisco NX-OS Software Series:

Cisco Nexus 1000v Series Switches
Cisco Nexus 5000 Series Switches
Cisco Nexus 7000 Series Switches

Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20120215 and apply any necessary updates or workarounds to help mitigate the risk.

Oracle Releases Critical Patch Update for February 2012

added February 14, 2012 at 04:43 pm

Oracle released its February Critical Patch Update (CPU) containing 14 security fixes for the following products:

JDK and JRE 7 Update 2 and earlier
JDK and JRE 5 Update 30 and earlier
JDK and JRE 5.0 Update 33 and earlier
SDK and JRE 1.4.2_35 and earlier
JavaFX 2.0.2 and earlier

US-CERT encourages users and administrators to review the Oracle Java SE Critical Patch Update Advisory for February 2012 and apply any necessary updates to help mitigate the risk.

Microsoft Releases February Security Bulletin

added February 9, 2012 at 04:06 pm | updated February 14, 2012 at 02:04 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .Net Framework, Silverlight, Office, and Server Software as part of the Microsoft Security Bulletin Summary for February 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Adobe Releases Security Bulletins for Adobe Shockwave Player and RoboHelp

added February 14, 2012 at 01:34 pm

Adobe has released a security bulletins for Adobe Shockwave Player and RoboHelp to address multiple vulnerabilities affecting the following software versions:

Adobe Shockwave Player 11.6.3.633 and earlier versions for Windows and Macintosh
Adobe RoboHelp 9 or 8 for Word on Windows

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB12-02 and APSB12-04 and apply any necessary updates to help mitigate the risks.

Mozilla Releases Firefox 10.0.1

added February 13, 2012 at 12:23 pm

The Mozilla Foundation has released Firefox 10.0.1 to address a vulnerability. This vulnerability may cause a denial-of-service condition or potentially allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 10.0.1 and apply any necessary updates to help mitigate the risk.

U.S. Tax Season Phishing Scams and Malware Campaigns

added February 8, 2012 at 11:10 am | updated February 10, 2012 at 11:51 am

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include, but are not limited to, the following:

information that refers to a tax refund,
warnings about unreported or under-reported income,
offers to assist in filing for a refund, and
details about fake e-file websites.

These messages, which may appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing scams and malware campaigns:

Do not follow unsolicited web links in email messages.
Maintain up-to-date antivirus software.
Refer to the IRS website related to phishing, email, and bogus website scams for scam samples and reporting information.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Forward suspected phishing emails to phishing@irs.gov.

Google Releases Chrome 17.0.963.46

added February 8, 2012 at 03:16 pm

Google has released Chrome 17.0.963.46 for Linux, Mac, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code and cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 17.0.963.46.

Additional Information

Current Activity Archive

National Cyber Alert System

Technical Cyber Security Alerts
Cyber Security Alerts
Cyber Security Bulletins
Cyber Security Tips

General Tips

Apply vendor-supplied software patches in a timely manner

Disable features/services that are not explicitly required

Install anti-virus software and keep it up to date

Use caution when opening email attachments and following URLs

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory