Author Archives: Ian Burke

Security Notification: Ransomware Delivered Through Phishing Attacks

Leave a reply

A year ago the Internet saw a rash of malware known as ransomware. This malicious form of cyber attack is known for infecting a computer and encrypting a drive. The victim is then unable to recover their data until paying a ransom to the attacker. Middlebury, like many other institutions was not immune to this form of attack.

A week ago the FBI announced a new variant on a common form of these attacks known as CryptoWall. This form of ransomware is known to have four methods of infecting a computer.

  • Phishing: the attacker may lure a victim into downloading an infected attachment through a phishing campaign and thereby compromising the drive on their system.
  • Phishing: the attacker lures the victim into clicking on a link to a malicious web site where the victim unknowingly downloads the malicious software onto their system and compromises their drive.
  • Infected ad: the attacker posts and infected ad on a website which a user might click thereby causing the download of malicious software.
  • Compromised website: the attacker compromises a website so when a user visits the website they unknowingly download malicious software and compromise their system.

According to the FBI, by far the most common method of attack is phishing, particularly with attachments in the message.

What you can do to protect yourself:

  • Never open attachments or click links in emails that you do not recognize or trust.
  • Know what a phishing attack is and how to spot one. visit http://go.middlebury.edu/phish or http://phishing.org
  • If you think you have fallen for a phish change your password. then call x2200
  • If you believe you system is compromised, unplug it from the power and the network. Shut it down immediately. Do not worry about saving your work. then call x2200.
  • Backup your data routinely. If you save your data to Middfiles or your home directory it will be backed up automatically.
  • Never disable your antivirus software.
  • Send any suspect emails to phishing@middlebury.edu
  • Only download software from known vendor sites.
  • Don’t click on ads in web sites. Visit vendor websites directly.

Sources:

Open RoadShow on Information Security

5 Replies

LIS Information Security and the LIS Security Team will be hosting a lunch time RoadShow on information security and basic ways to protect yourself while working on Internet connected computers. This discussion is open to the full College community. Please join us Aug. 28th at noon in Davis Family Library room 145. For more information please visit: http://www.middlebury.edu/offices/technology/infosec/education/CBT/RoadShow

FakeAV a leading threat in 2013

Leave a reply

What is FakeAV: FakeAV is a virus designed to look like real anti-virus software in the hopes that the victim will click a link and download a malicious package. The malware often does not stop there. Many FakeAV packages continue the con by disabling true anti-virus packages claiming that they are harming the system they are intended to protect. These viruses come in many forms but are well crafted to present like a trusted virus prevention source.

Read more about FakeAV at: http://www.middlebury.edu/offices/technology/security/InfosecArticle. 

Learn more about security threats and awareness at http://go.middlebury.edu/infosec

 

Phishing on campus!

Leave a reply

Over the last week Middlebury experienced a dramatic increase in the number of successful phishing attacks that resulted in Middlebury user accounts being compromised. A phishing attack is the effort of maliciously using email or a web site to try to unwittingly gain information about another individual. These recent attacks resulted in two distinct outcomes. The first was that many of these accounts were leveraged to generate large amounts of spam. The second result from these compromised accounts is that the attackers attempted to connect to the Middlebury network with the exposed user’s credentials.

This past week many individuals across our campus received an email that looked similar to the one below:

————————————–

Message with “Middlebury” as the display name

 

Dear Member,

You Have 1 New Message

Click here to read

Sincerely,
Middlebury Webmail Service

————————————

The link in this message redirected people to copy of the Middlebury CAS Logon page. Two important things to know about email from Middlebury IT Services. First, Library and Information Services will never ask for your user credentials in an email. Second, if you find yourself on any web page that is asking for credentials, always verify the address in your web browser’s address bar, to ensure that the web page is where you really want to be. Just because a web page has the Middlebury logo does not mean it is always a Middlebury web site.

To protect against phishing remember the following rules:

  1. Never click on any links in a suspicious email.
  2. If you ever receive an unsolicited email  and you do not recognize the sender delete the message.
  3. If you receive an email that requests your credentials or asks you to click a link which takes you to a web site that requests your credentials, do not click the link but rather go to the web site through the institution home page, Middlebury.edu for example.
  4. If you suspect an email is fraudulent delete the message.
  5. If you ever have questions regarding phishing or the content of an email call the Helpdesk.

The Helpdesk will help you determine if the email is legitimate. Please do NOT click on any links in a suspect email message.

If you suspect that you may have recently provided your Middlebury credentials to a fraudulent web site or email address, you should immediately reset your password at go/activate and then contact the Helpdesk.

If you become aware that your Middlebury account has been disabled, you must contact the Helpdesk to resolve.

More information is available at the Middlebury College Information Security web site at go/infoSec or contact the InfoSec office at infosec@middlebury.edu.

 

Ian Burke

Network Security Administrator

Middlebury College

infosec@middlebury.edu

Does My Computer Need More Than Sophos Anti-Virus?

Leave a reply

Since the College’s switch from Symantec to Sophos anti-virus software, other  anti-spyware/malware products should no longer be installed on computers as they can conflict with Sophos and cause performance issues.  In the past, LIS recommended the use of products such as Malwarebytes, Spybot and Ad-Aware; this is no longer the case.  Why this change?  Newer anti-virus/anti-spyware products typically include a feature called “on-access” scanning that watches all changes to files on your computer’s hard drive.  Sophos performs on-access monitoring so the use of additional programs such as Malwarebytes can slow down your computer or cause it to crash due to conflicts between the competing scans.

If you have additional av/malware software installed and need assistance with their removal — or aren’t sure and have questions — please contact the Technology HelpDesk at 802-443-2200.  For security resources, Sophos FAQs, virus alerts and more, visit go/infosec.

Sophos Update Issue – False Positive – SHH\Updater-B

Leave a reply

On 9-19-12 around 5:40PM Sophos pushed an updated signature file which triggered a false positive virus detections identified as SHH\Updater-B. This signature may have fired on a number of different update files including Flash, Google, and most notably Sophos itself. Sophos has corrected this problem. For additional information please see the security website at http://Go/InfoSec.

Java 7 Update 6 Vulnerability

Leave a reply

You may have recently heard or read about a new wide-spread exploit concerning Java in mainstream media outlets. LIS is aware of this risk. The major systems used by the College that depend upon Java (e.g. Banner, Hyperion, Nolij, Famis) use an earlier version of Java and are not vulnerable to this exploit. This vulnerability impacts Java 7 update 6 and possibly other versions of Java 7; Java 6 and below are not vulnerable to this exploit.

Java is used for many different applications and you should be thoughtful about your actions before patching, upgrading or removing your version of Java. While Oracle has released a patch for the current vulnerability it has also opened up a new loophole to a known older vulnerability.

Our advice at this time is to NOT update or patch your Java client to version 7. If your Java client has already been updated or patched to version 7, please remove Java completely from your Mac or Windows computer, and then visit http://java.com/en/download/manual_v6.jsp to reinstall version 6. If you are not sure what version of Java you are running  you may visit this URL to verify, http://www.java.com/en/download/installed.jsp.

LIS continues to remain vigilant in safeguarding our critical systems. If you have questions or concerns regarding this post, please contact infosec@middlebury.edu.

Virus Alerts

Leave a reply

Two new threats are facing computers today that researchers are reporting as perhaps the biggest threats on the Internet. While current anti-virus definitions are catching these threats and our Sophos anti-virus solution protects the campus, many individuals, both Mac and PC owners, do not have their systems adequately protected.

Learn more at http://www.middlebury.edu/offices/technology/security