Seattle.gov Home Page City Services Staff Directory [WEB GRAPHIC] About Seattle.gov City Contacts
Seattle.gov Home Page
 SEARCH: 
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Bill Schrier, CTO
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Secure Passwords
Securing Your Laptop
Protecting Your Home Computer
Spyware Solutions
Wireless Network Security Guidelines
Viruses, Worms & Other Pests
Glossary of IT Terms

Information Security Newsletter

Newsletter Posted 10/31/2008

This Week's Trends
We are reporting a lot of updates this week. Many different vendors with security patches that need to be applied if you have any of these apps.

On the E-mail scam front we're seeing more online pharmacies, elections fraud and offers of easy work, like the one noted in the next item.

Scary New 'Work Position' Scams
We have seen several examples recently of a new and very devious scam that looks like an excellent work opportunity where you can make a good salary, possibly in your spare time, with no qualifications and little training.

The most recent one had the subject line, "Work position". It lists the following requirements:

  • Be at least 21 years old.
  • Not (sic) special Qualifications Needed.
  • Have a minimal experience and knowledge of basic bank operations.
  • Ability to maintain confidentiality of all information.
  • Willingness to work from home, take responsibility, set up and achieve goals.
  • The Ability to create good administrative reporting.
  • Honesty, responsibility and promptness in operations.
  • The ability to operate with more than one task effectively, and have an adaptable, flexible, professional attitude.
  • The ability of stable communication with our company and on-time and detailed reporting.
  • Familiar to working online, Internet and e-mail skills.
Then they offer to pay over $3000 USD monthly plus "Social benefits" and medical insurance, free training and paid holidays with two weeks of "Paid Time Off (PTO)"

If this sounds too good to be true, that would be because it is!

We know of one person who was out of work who almost got caught by this scam or something very similar. They are very tricky and will lead you carefully down their garden path. Unfortunately, if you actually end up working for them you will be making purchases with stolen credit cards, re-shipping stolen goods, laundering money, or other criminal patsy work.

Yahoo’s HotJobs Site Vulnerable to Cross-site Scripting Attack
Internet research firm Netcraft’s toolbar has detected a cross-site scripting bug in Yahoo that could be exploited to steal authentication cookies. The flaw resides on Yahoo’s HotJobs search engine site, on which hackers embedded malicious JavaScript code, an employee of Netcraft said in a blog post on October 26. The pilfered credentials could enable the attackers access to the victims’ Yahoo accounts, including email.

This vulnerability is similar to another bug that affected Yahoo earlier this year, he said. “Simply visiting the malign URLs on Yahoo.com can be enough for a victim to fall prey to the attacker, letting him steal the necessary session cookies to gain access to the victim’s email the victim does not even have to type in their username and password for the attacker to do this,” the Netcraft employee wrote. “Both attacks send the victim to a blank webpage, leaving them unlikely to realize that their own account has just been compromised.” He said websites must protect cookie values. Netcraft notified Yahoo about the flaw.

Address Bar Spoofing Attacks Against Microsoft's Internet Explorer 6
US-CERT is aware of public reports regarding Address Bar Spoofing Attacks against Microsoft Internet Explorer 6. Two techniques were described. The first presents an URL in the address bar that is visually similar to the address bar of the expected domain by abusing the " " character. The second technique requires the registration of a "nonstandard" domain and using characters in the URL that the address bar cannot display creating an address bar that is visually identical to the genuine domain.

Virus Infections Via USB Increase Sharply
Antivirus software maker Trend Micro Inc. has found that reported computer virus infections via USB flash memory drives more than doubled in September. Infections in the month with the Otorun worm, which propagates via removal drives such as USB drives, surged 140 percent from the previous month to 347 cases, Trend Micro said in a monthly survey report.

The company’s monthly reports showed that viruses transmitted via USB drives began to rapidly increase in February, with the number of Otorun infections in January-June reaching 517, the most popular to far exceed 201 cases of the Agent, Trend Micro said. The company said that 53.7 percent of viruses newly found in September were capable of sneaking into computers via USB drives. Such viruses are becoming a great threat because most people are not aware of them, the security software firm warned.

Nine out of Ten E-mails are Spam
Only slightly more than nine per cent of all emails which arrived in companies' inboxes in the third quarter of 2008 were legitimate, according to research.

The claim comes from Panda Security, which also discovered in its analysis of 123 million emails that 1.43 per cent of all messages included malware.

The amount of infected emails increased dramatically in September, to 2.34 per cent, after being relatively low since April (just under one per cent).

In terms of spam, the worst month in the quarter was August, which saw 93.01 per cent of emails recorded as spam, compared with 90.43 and 91.89 per cent for July and September respectively.

OpenOffice.org Releases Two Security Bulletins
OpenOffice.org has released bulletins to address two vulnerabilities. These bulletins address heap-based buffer overflow vulnerabilities in the processing of WMF and EMF files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

Adobe Releases Security Advisory for PageMaker 7
Adobe has released a Security Advisory to address vulnerabilities in PageMaker 7.0.1 and 7.0.2. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe's Security Advisory ASPA08-10 and apply any necessary updates to help mitigate the risks. Note that the Adobe Security Advisory indicates that an additional vulnerability remains unaddressed by the update.

Another Opera Update - Second One in Two Weeks!
Opera has published version 9.62 of its browser to download which resolve a critical vulnerability. The hole became apparent at the end of last week after browser security specialist Aviv Raff published a demo that allowed the running of arbitrary local executable files.

Attackers could exploit the hole to make Opera download malware via FTP and execute it. The developers of Opera also fixed a Cross Site Scripting vulnerability in the browser.

Users are advised to update immediately.

Google Chrome Update to Third Beta
Google Inc. yesterday released the third beta version of Chrome, the browser it introduced nearly two months ago, to fix a single security vulnerability and address several other problems.

Chrome 0.3.154.9 will be automatically pushed to current users, said Mark Larson, the browser's product manager, in a note posted to a Google blog on Wednesday. Users who had set Chrome to receive the more frequent developer updates have had most of the fixes and changes in 0.3.154.9 for some time, however.

Apple Patches MobileMe
Apple Inc. said yesterday that it silently applied a major update to MobileMe last month and it outlined nearly 30 fixes to the problem-plagued online e-mail and sync service.

Users, however, continued to post a wide variety of complaints to the MobileMe support forum, including some related to issues Apple claimed it addressed.

In a document dated Wednesday, Apple announced that it had conducted a behind-the-scenes update to MobileMe sometime late last month, then listed 27 different fixes it applied to the service.

VMware Releases Security Advisory VMSA-2008-0017
VMware has released a Security Advisory indicating it has updated the ESX packages to address vulnerabilities in libxml2, ucd-snmp, and libtiff. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, spoof authenticated SNMPv3 packets, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2008-0017 and apply any necessary updates to help mitigate the risks.

Cybercrooks Use Google Name to Spread Facebook Worm
Malware writers are leveraging the trusted Google name to launch a new wave of worm attacks against Facebook users, researchers said this week.

The Koobface worm spreads by sending messages to "friends" from previously compromised, but legitimate, Facebook accounts, Guillaume Lovet, senior manager of threat research at Fortinet, told SCMagazineUS.com on Thursday. The messages, which are riddled with spelling errors to evade filters, tell users they were caught in a video on YouTube.

----------------------------------------
Last Updated: October 31, 2008
Website Contact: David Matthews
Seattle.gov: Services | Departments | Staff Directory | Mayor | City Council
Copyright © 1995-2009 City of Seattle Questions/Complaints | Privacy & Security Policy