Fake FDIC Emails Spread Malware

Security researchers from Sophos reported a wave of malicious e-mails posing as official notifications from the Federal Deposit Insurance Corporation (FDIC) August 30. The rogue e-mails bear a subject of “FDIC notification” and have their headers spoofed to appear as originating from a no.reply@fdic.gov address.

As most spam e-mails, the body message is full of mistakes, which should serve as indication that it did not originate from a government agency. The fake emails contain an attachment named FDIC_document.zip as well as an executable file of the same name. The file has a PDF icon and since Windows 7 does not display known file extensions, it might easily trick users. The file is actually a computer Trojan that serves as a distribution platform for other malware. This means that running it will probably result in multiple infections.

Read the full story at Softpedia.com.


Apache Warns of Denial-of-Service Attack Vulnerability

A warning has been issued to owners of websites powered by the Apache webserver software of a vulnerability which can be exploited using a relatively low number of requests directed at the server to cause a Denial of Service condition.  A tool to exploit the vulnerability called “Apache Killer” has been released onto the Internet.

The vulnerability was originally identified over four years ago and impacts servers running all versions in the 1.3 and 2.0 releases.  A patch for the vulnerability should be released by the evening of August 26, but as release 1.3 is no longer supported, the patch will only apply to versions 2.0 and 2.2.

Read the full story at TheRegister.com or at Computerworld.com.

Apache developers posted an official advisory.

[Article source: SANS.org]

Browsers with Updates

On August 23, 2011, Google released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases page and update to Chrome 13.0.782.215 to help mitigate the risks.

On August 17, 2011 Mozilla Released Firefox 6 and 3.6.20 to address multiple vulnerabilities.  These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information. US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 6 and Firefox 3.6.20 and apply any necessary updates to help mitigate the risks.

NOTE to MIT: IS&T is not yet supporting Firefox 6 and is in the process of testing IS&T supported applications to make sure they are compatible with the newest version of Firefox. If you rely on MIT administrative browser-based software, you are advised to WAIT to upgrade to Firefox 6.

Security Breach at Yale Exposes 43,000 People’s Data

Yale University notified about 43,000 staff, students and alumni that their personal data, including their names and Social Security numbers, were publicly available on a FTP server.  The breach occurred when the sensitive personal data stored on the FTP server became publicly available after Google made changes in September 2010 regarding how its search engine indexes and finds FTP servers.  Yale personnel were not aware of this change and discovered the breach in June of this year.

The breach impacts anyone affiliated with Yale University in 1999.  Yale has “secured” the file and Google has confirmed it no longer stores the data.

Read the full story at Yaledailynews.com.

Best Practices for Securing Your Home Network

The National Security Agency (NSA) just released a useful guide called “Best Practices for Securing Your Home Network” that goes beyond home networks and wireless to cover email and traveling with mobile devices and more.  It’s worth making copies and distributing to your co-workers and employees.  What makes it particularly useful is that it reflects the real-world knowledge of the NSA Blue Teams and Red Teams.

On the back page are references to five additional guides: Social Networking, Defense Against Drive By Downloads, Defense Against Malicious E-mail Attachments, Mac OSX 10.6 Hardening Tips, and Data Execution Prevention.

You’ll find the PDF at the NSA web site.

Adobe Updates for Multiple Vulnerabilities


Here is some more information on the vulnerability in Photoshop. If a user opens a malicious GIF file with Photoshop CS 5.1 or earlier, the application could crash and an attacker could take control of the affected system.

The update for Adobe Photoshop CS 5.1 and earlier is unusual in that you can not install it through the “check for updates” tool in Photoshop, nor is it accessible through the Adobe Application Manager, which is how other updates for the Adobe products are installed.

To obtain the standard multiplugin update for Adobe Photoshop CS 5.1 and earlier, click on the appropriate link below for your system:

Photoshop CS5/CS5.1 for Windows

Photoshop CS5/CS5.1 for Windows (Win64)

Photoshop CS5/CS5.1 Macintosh

Be sure to follow the installation instructions on the downloads page.



There are multiple vulnerabilities found in various Adobe products. This month Adobe released updates to address these vulnerabilities.

Systems affected:

  • Shockwave Player 11.6 and earlier
  • Flash Media Server 4 and earlier
  • Adobe Flash Player 10.3 and earlier
  • Adobe AIR 2.7 and earlier
  • Adobe Photoshop CS5.1 and earlier
  • RoboHelp 9 and earlier

Users of these Adobe products should review the relevant security bulletins and follow the recommended solutions, which in most cases involves installing the newest update. An attacker may use these vulnerabilities to run malicious code (malware) or cause a denial of service on an affected system.

Click the links below to access the security bulletins for the affected systems:

Adobe Shockwave Player

Adobe Flash Media Server

Adobe Flash Player and AIR

Adobe Photoshop CS5



Updating Your Software

Security professionals and educators repeat this slogan again and again: Update, update, update! Your software, that is. This month SANS, a great resource for everything computer security related, covers this exact topic in OUCH!, the organization’s newsletter.

In this issue they start off with why keeping your software current is so important and how this is not just for computers, but also for mobile devices and even plug-ins for your browser. They also provide examples of how users can easily update their systems, and how they can verify if they are current.

OUCH! is the free monthly security awareness newsletter provided by SANS.