US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector. According to the reports, these attacks are being attributed to the hacker group Anonymous.

US-CERT encourages users and administrators to do the following to reduce the risk associated with this and other malware campaigns:

• Do not open attachments in email messages from unknown sources.
  
• Install anti-virus software and keep virus signatures files up to date.
  
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  
• Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks. 
  
• Refer to the Recovering from Viruses, Worms, and Trojan Horses document for additional information on how to recover from malware. 
  
• Refer to the Continuing Denial of Service Threats Posed by DNS recursion (v2.0) (pdf) document and Understanding Denial-of-Service Attacks document for additional information on denial-of-service attacks.

Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 16.0.912.77

Symantec has released an update for pcAnywhere to address multiple vulnerabilities for the following software versions running on Windows:

• pcAnywhere 12.5 SP3
• pcAnywhere Solutions 7.1 GA, SP 1, and SP 2

US-CERT encourages users and administrators to review the Symantec pcAnywhere hot fix and apply any necessary updates to help mitigate the risk.

US-CERT will provide additional information as it becomes available.

The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know.

Can Androids ever be secure enough for corporate use? Learn about Android security controls to enable effective Android enterprise security.

Cyber criminals can damage their victim’s computer systems and data by changing or deleting files, wiping hard drives, or erasing backups to hide some or all of their malicious activity and tradecraft. By wiping, or “zeroing out,” the hard disk drives, which overwrites good data with zeroes or other characters, the criminals effectively erase or alter all existing data, greatly impeding restoration. This sort of criminal activity makes it difficult to determine whether criminals merely accessed the network, stole information, or altered network access and configurations files. Completing network restoration efforts and business damage assessments may be also hampered.

The FBI and DHS encourage businesses and individuals to employ mitigation strategies and best practices such as.

• Implement a data backup and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks. 
• Regularly mirror and maintain an image of critical system files.
• Encrypt and secure sensitive information.
• Use strong passwords, implement a schedule for changing passwords frequently, and do not reuse passwords for multiple accounts.
• Enable network monitoring and logging where feasible.
• Be aware of social engineering tactics aimed at obtaining sensitive information.
• Securely eliminate sensitive files and data from hard drives when no longer needed or required. 

The US-CERT webpage at www.us-cert.gov hosts a wide range of tips, best practices, and threat information for business and home users.

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes:

• 2 for Oracle Database Server
• 1 for Oracle Fusion Middleware
• 3 for Oracle E-Business Suite
• 1 for Oracle Supply Chain Products Suite
• 6 for Oracle PeopleSoft Products
• 8 for Oracle JD Edwards Products
• 17 for Oracle Sun Products Suite
• 3 for Oracle Virtualization
• 27 for Oracle MySQL

US-CERT encourages users and administrators to review the January 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2012-0110 can be found in US-CERT Vulnerability Note VU#738961.

On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector
organizations as well as federal, state, and local governments.

US-CERT advises that users do not open the email or any of the attachments and promptly delete the email from their inboxes.

Reports indicate that SOC@US-CERT.GOV is the primary email address
being spoofed but other invalid email addresses are also being used.

The subject of the phishing email is: “Phishing incident report call number: PH000000XXXXXXX” with the “X” containing an incident report number that varies.

The attached zip filed is titled “US-CERT Operation Center Report XXXXXXX.zip”, with “X” indicating a random value or string. The zip attachment contains an executable file with the name “US-CERT Operation CENTER Reports.eml.exe”, which is a variant of the Zeus/Zbot Trojan known as Ice-IX.

Ice-IX is a slightly modified version of the 2.0.8.9 source code that was publicly released last year. Details of the malware were obtained via third party reporting and reveals a fast-flux hosting infrastructure known as the Avalanche bot-net, with callback to domains located in Russia.

US-CERT encourages users to do the following to reduce the risks associated with this and other phishing campaigns.

• Do not open the attachments in email messages from unknown sources.
• Install anti-virus software and keep virus signatures files up to date.
• Refer to Recognizing and Avoiding Email Scams (pdf) documents for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
• Refer to Recovering from Viruses, Worms, and Trojan Horses document for additional information on how to recover from malware.

Google has released Chrome 16.0.912.75 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 16.0.912.75.

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. 

The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is not affected by this attack. Additional information can be found in the ruby 1.8.7 patchlevel 357 release notes.

Microsoft has released a security advisory for ASP.NET containing a workaround. Additional information can be found in Microsoft Security Advisory 2659883.

More information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#903934 and n.runs Security Advisory n.runs-SA-2011.004.

US-CERT will provide additional information as it becomes available.