Targeted Phishing Attack – Fake Security Update

Posted by ddevlin on January 27th 2010 to Alerts

What Happened

Earlier today selected members of the Brandeis community received phishing email with the heading “MADATORY (sic) SECURITY UPDATE – JANUARY 2010″ claiming to be a mandatory security update from the Brandeis IT department.  The message requested that the recipient “click here to protect your account”.  Doing so brings up a screen that looks like a valid UNet login page, but instead captures the user ID and password entered by the victim.

In spite of the spelling error in the subject line, the email message is somewhat sophisticated.  Brandeis Information Security has blocked the IP addresses associated with the message and notified all recipients of the message.  Anyone who inadvertently responded has successfully changed their password and no unauthorized logins have taken place as a result of this phishing attack.

What YOU Can You Do to Protect Yourself (and Brandeis)

  • Library and Technology Services will NEVER ask you to provide your password in an e-mail.
  • If you receive a suspicious email message, forward it to security@brandeis.edu and then delete it.
  • DO NOT reply to, click on a web link, or provide personal information in response to suspicious email of any kind. 
  • If you have doubts about a web link type in the correct address of the intended website yourself.
  • If you accidentally respond to phishing CHANGE YOUR PASSWORD immediately and call the Help Desk.

LTS is able to block almost all fraudulent messages before they ever reach your e-mail account. We need your help with the very few that get through. Please be vigilant by adhering to these recommendations.

Dennis Devlin
Chief Information Security Officer
Library and Technology Services

No Comments

Targeted Attack Using “Operation Aurora” as the Lure

Posted by gmoore on January 22nd 2010 to Notifications

**Re-posting from the F-Secure blog**

In the middle of all the attention to the “Operation Aurora” attacks, we’re now seeing new targeted attacks that are using this very event as the lure to get the targets to open a malicious attachment!

Here’s the e-mail we saw (the mail was forged to look like it came from gwu.edu):

From: david████@gwu.edu
Date: Wed, 20 Jan 2010 09:26:24
To: (email addresses of the targets)
Subject: Chinese cyberattack

Colleagues,

Attached is a short piece I just wrote for the Far Eastern Economic Review about Chinese cyberattack.
I hope you find it interesting.

If you have any good idea / comments, are warmly welcome to feedback.

Best,

David
Attachment: .pdf Chinese cyberattack.pdf

The attachment Chinese cyberattack.pdf (md5: 238ecf8c0aee8bfd216cf3cad5d82448) is a PDF file which exploits the CVE-2009-4324 vulnerability in Adobe Reader (again, this is the one which was patched last week).

The exploit drops and runs a backdoor called Acrobat.exe (md5: 72170fc42ae1ca8a838843a55e293435). We detect this as W32/PoisonIvy.NQ. The PDF is detected as Trojan.Script.256073.

No Comments

** LTS Security Alert – Your Action Needed **

Posted by gmoore on January 21st 2010 to Alerts

I’m posting to notify you of a serious vulnerability in Microsoft’s Internet Explorer that has already been widely exploited by online criminals and vandals.  I strongly encourage you to install a critical security update without delay using the instructions below.  If you have trouble installing this update please contact the LTS Help Desk at 781-736-HELP.

Instructions

If your computer is on the Brandeis.edu Windows domain, LTS will deliver the update to your computer automatically.  Please allow it to install itself.

If you are unsure whether your computer is on the domain, follow the instructions below to install the update. These same instructions will apply to your home computers.

  1. Connect to the Internet, and then start Windows Internet Explorer.
  2. On the Tools menu, click Windows Update.
  3. If Microsoft Update is not installed, click Microsoft Update. Otherwise, go to step 7.
  4. On the Try Microsoft Update today Web page, click Start Now, and then click Continue on the Review the license agreement Web page.
  5. In the Security Warning dialog box, click Install to install Microsoft Update.
  6. On the Welcome to Microsoft update Web page, click Check for Updates
  7. On the Keep your computer up to date Web page, click Express to install high priority updates.
  8. On the Review and Install Updates Web page, click Install Updates, and then follow the instructions on the screen to complete the installation.

Links

Microsoft Advisory: http://www.microsoft.com/technet/security/advisory/979352.msp

Detailed MS security blog posting: http://blogs.technet.com/srd/archive/2010/01/18/additional-information-about-dep-and-the-internet-explorer-0day-vulnerability.aspx

Metasploit announcement providing exploit code: http://blog.metasploit.com/2010/01/reproducing-aurora-ie-exploit.htm

No Comments

Critical Adobe Updates for January

Posted by gmoore on January 13th 2010 to Alerts

LTS recommends that you install this update as soon as you can.  Adobe Reader and Acrobat versions prior to 9.3 contain a vulnerability that can be easily exploited.  Without patching attackers can easily remotely install malicious software on your computer.  Most attackers are no longer focusing on vulnerabilities in Windows and turning to 3rd party applications that most people install.

Follow the steps below to patch Adobe Reader or Acrobat on Windows XP.

  1. Open Adobe by clicking Start > Program Files > Adobe Reader or Acrobat.A
  2. From the Help menu click on “Check for Updates“.BB
  3. A window will open asking you to download the update. Click the button labeled “Download and Install Updates” for Reader. If you are patching Acrobat the screen is similar except the button you need to click is labeled “Yes“.CC

If you have trouble installing this update please contact the Help Desk at 781-736-HELP/4357.

No Comments

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)