US-CERT has received reports of new Storm Worm related activity. The
latest activity is centered around messages related to the recent
earthquake in China and the upcoming Olympic Games. This Trojan is
spread via an unsolicited email message that contains a link to a
malicious website. This website contains a video that when opened may
run the executable file "beijing.exe" to infect the user's system with
malicious code.

Subject lines can change at any time, but the following subject lines
are noted as being used:
  * The most powerful quake hits China
  * Countless victims of earthquake in China
  * Death toll in China is growing
  * Recent earthquake in china took a heavy toll
  * Recent china earthquake kills million
  * China is paralyzed by new earthquake
  * Death toll in China exceeds 1000000
  * A new powerful disaster in China
  * A new deadly catastrophe in China
  * 2008 Olympic Games are under the threat
  * China's most deadly earthquake

US-CERT encourages users and administrators to take the following
preventative measures to mitgate the security risks:
  * Install anti-virus software, and keep its virus signature files
    up-to-date.
  * Do not follow unsolicited web links received in email messages.
  * Refer to the Recognizing and Avoiding Email Scams (pdf) document
    for more information on avoiding email scams.
  * Refer to the Avoiding Social Engineering and Phishing Attacks
    document for more information on social engineering attacks.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Vulnerability Summary for the Week of May 12, 2008 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.

Entries may include additional information provided by organizations and efforts sponsored by US-CERT.

This information may include identifying information, values, definitions, and related links.

Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

In the following report by ICANN, you can see how the whole global Botnet service operates globally.

You will learn how anyone, even those without the skills to create a Botnet, can still hire their services.

Fast and Double Flux Attacks 2
Version 1.0 January 2008
Introduction
"Fast flux" is an evasion technique that cyber-criminals and Internet miscreants use to evade identification and to frustrate law enforcement and anticrime efforts aimed at locating and shutting down web sites used for illegal purposes.

Fast flux hosting is an application of technology that supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today.

Basic fast flux hosting uses rapid modification of IP addresses associated with a system that hosts a malicious activity to evade detection and take down efforts.

This technique is also used to rapidly modify the IP addresses of the name servers that resolve the domain names of the fluxed malicious hosts (this variant is sometimes called NS fast flux).

A particularly troublesome variant of fast flux hosting, "double flux",
fluxes addresses of both name servers and malicious (web server) hosts.

This Advisory describes the technical aspects of fast flux hosting and fast flux service networks.

It explains how the DNS is exploited to abet criminal activities that employ fast flux hosting, identifying the impacts of fast flux hosting, and calling particular attention to the way such attacks extend the malicious or profitable lifetime of the illegal activities conducted using these fast flux techniques.

It describes current and possible methods of mitigating fast flux hosting at various points in the Internet. The Advisory discusses the pros and cons of these mitigation methods, identifies those methods that SSAC considers practical and sensible, and recommends that appropriate bodies consider policies that would make the practical mitigation methods universally available to registrants, ISPs, registrars and registries (where applicable for each).

National Cyber Alert System
Cyber Security Bulletin SB08-070 

Vulnerability Summary for the Week of March 3, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

Vulnerability Summary for the Week of January 28, 2008

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The Department of Homeland Security (DHS) Office of Security (OS) uses the Integrated Security Management System (ISMS) to automate the tracking of Personnel Security related activities at DHS headquarters and component sites.

ISMS is an update system to the Personnel Security Activities Management System (PSAMS). ISMS will help manage DHS personnel and security case records by adding to the existing functionality of PSAMS.

This bulletin provides a summary of new vulnerabilities that have beenrecorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) the week of January 7, 2008.