Fordham Information Technology - Secure IT: October 2008

Friday, October 31, 2008

Legitimate Email from Postini


The following example is a legitimate email from Postini , Fordham Univeristy's Message
Center. The message is a first time message for account setup for Postini's Anti-Spam and
Anit-Virus service. Please be assured that this is NOT a Phishing scam.

Dear user@fordham.edu,

Fordham University has activated your virus and junk mail protection
services.

You should log in to your personal, password-protected
Fordham University Message Center as soon as possible.

Your login address is: user@fordham.edu
Your temporary password is: pigtail (You will be asked to create a new
password after first log in.)

To log in to your Fordham University Message Center, use the link:
http://login.postini.com/exec/login?email=user@fordham.edu

You may also modify your default settings or deavtivate any services.

Thank You! Fordham University

Legitimate Email from Enrollment Services


The following example is a legitimate email from Enrollment Services for connecting to
their Enrollment FAQ solution. Please be assured that this is NOT a Phishing scam.

Please do not reply to this e-mail. To update your question, click the
link below and update your question via your Web browser.An account has
been created for you with the following User ID and
password:
E-mail Address: your_email@fordham.edu
Password:
We encourage you to login to our support site and change your
password, by clicking the following link, or pasting it into your
browser:

http://fordham.custhelp.com/cgi-bin/fordham.cfg/php/enduser/acct_login.php

Thursday, October 30, 2008

Data-Stealing Trojan Exploiting Just-Patched Windows Flaw


Microsoft Windows users who have not yet applied the security update that Redmond released yesterday should take a minute to do that now: Security experts are warning that at least one Trojan horse program with apparent spreading capabilities is in circulation, and that we are likely to see additional malware exploiting the flaw in the coming days. The ThreatExpert Blog has the skinny on Gimmiv.A, a Trojan that appears to have worm-like ability to spread to other systems on a network. This is likely to be more of a threat for large, enterprise networks than for individual home users. On an unpatched corporate network, all it would take is for an employee to plug an infected laptop into the network, and without firewalls enabled on each machine inside of the network or some type of host-based intrusion detection software running, that network could be in real trouble very quickly. Oddly

Data-Stealing Trojan Exploiting Just-Patched Windows Flaw

Saturday, October 25, 2008

Microsoft to Issue Emergency Security Update Today


Microsoft said late Wednesday that it plans to break out of its monthly patch cycle to issue a security update today for a critical vulnerability in all supported versions of Windows. Redmond rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month. The software giant isn't providing many details yet, but the few times it has departed from its Patch Tuesday cycle it has always done so to stop the bleeding on a serious security hole that criminals were using to break into Windows PCs on a large scale. By Security Fix's count, this would be the fourth time since January 2006 that Microsoft has deviated from its monthly patch cycle to plug security holes. As shown by the stories in the linked examples above, Microsoft has fixed problems, each time, that were being actively exploited by bad guys to break into PCs. Microsoft's advanced notification

Microsoft to Issue Emergency Security Update Today

Tuesday, October 21, 2008

Legitimate Email from Fordham IT (AccessIT ID Password Expiration)

The following is a real message from Fordham IT informing you of a pending password
expiration of your AccessIT ID. The email will be sent to your Fordham e-mail address and
from the account: infosec@fordham.edu. The email will be addressed to your full name, First
and Last name as recorded in the University's system of record.

If you have any questions or concerns about this email's legitimacy please feel free to contact
the University Help Desk at (718) 817-3999 or via email: helpdesk@fordham.edu.

To: your_e-mail_address@fordham.edu
From: infosec@fordham.edu
Subject: Your AccessIT ID Password Is Expiring
Dear Last Name, First Name:
You are receiving this message because your AccessIT ID password is
about to expire on XX/XX/20XX. Please go to the Fordham University
portal to initiate your password change. Once the password expires you
will be unable to log in. If your password does expire you can still reset
your password using the instructions below.
Password has not yet expired:
1. Manually type the following URL into a web browser:
portal.fordham.edu
2. Click the link "Manage Your AccessIT ID"
3. Log in to the Fordham Identity Manager with your current AccessIT ID
and password
4. Click "Change Password"
5. Enter a new password as instructed and click "Continue"
Password has already expired or you forgot your password:
1. Manually type the following URL into a web browser:
portal.fordham.edu
2. Click the link "Having problems logging in? Click here."
3. Click the link "3. Forgot your Password?"
4. Enter your AccessIT ID and click the Submit button
5. Enter the answers to your previously defined challenge questions and
select Login
6. Enter a new password as instructed and click "Change Password"
Should you feel you have received this message in error, please contact the
University Help Desk at 718-817-3999 or via e-mail to:
helpdesk@fordham.edu to assist you.
For more information about this password change requirement, please visit
the Fordham University IT Security Web Site: www.fordham.edu/itsecurity
Please note that whenever you change your password, the expiration period
is reset for another 90 days. This means that you must go through this
process within 90 days from each password reset.
Thank you,
Shannon Ortiz
Fordham University Information Security Office
Director of IT Security

**** This e-mail has been auto-generated. Please do not respond. ****

Saturday, October 18, 2008

Friday, October 17, 2008

ST05-019: Preventing and Responding to Identity Theft


Preventing and Responding to Identity Theft

ST05-019: Preventing and Responding to Identity Theft

Spear Phishing Scam Targets LinkedIn Users


About 10,000 users of LinkedIn.com, the social networking site for professionals, recently were targeted by a tailor-made scam that urged recipients to open a malicious file masquerading as a list of business contacts. Most e-mail-based malware attacks and phishing campaigns designed to trick people into handing over personal and financial data generally are blasted out indiscriminately. But so-called "spear phishing" attacks - such as the bogus LinkedIn campaign -- address recipients by name in the subject line and body of the message to appear more legitimate. The messages in this campaign were of course spoofed to look like they were sent from support@linkedin.com, with the subject line "Re: business contacts." The message read: [recipient's name] We managed to export the list of business contacts you have asked for. The name, address, phone# , e-mail address and website are included. The list is attached to this message. After you you check...

Spear Phishing Scam Targets LinkedIn Users

TA08-288A: Microsoft Updates for Multiple Vulnerabilities


Microsoft Updates for Multiple Vulnerabilities

TA08-288A: Microsoft Updates for Multiple Vulnerabilities

Phishers, Virus Writers Exploit Global Financial Crisis


Security experts and the federal government are warning that scam artists are leveraging public concern over the global financial crisis to steal sensitive financial data and spread malicious software. In an alert posted Thursday, the Federal Trade Commission urged Internet users to be on guard against e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage. "In fact, these messages may be from 'phishers' looking to use personal information -- account numbers, passwords, Social Security numbers -- to run up bills or commit other crimes in a consumer's name," the FTC said. Security firm Arbor Networks details two recent malware attacks that try to trick recipients into opening an e-mail attachment. One e-mail, claiming to have been sent by the Federal Deposit Insurance Corp., warns recipients that their bank accounts were involved in fraudulent activity. The attached file.....

Phishers, Virus Writers Exploit Global Financial Crisis

October is Cyber Security (Un)Awareness Month


October is Cyber Security Awareness Month, and it seems many people are in need of some serious awareness-raising on this front. A recent survey indicates that while more than 80 percent of computer users thought they had firewall software installed, follow-up inspections found that only half of those users actually had the software installed or running on their PCs. The data comes from a poll of 3,000 Americans conducted by Zogby International, with security vendor Symantec conducting follow-up manual computer scans on computers belonging to 400 of those surveyed. While the study suggests that Americans seem to be well aware of whether they have up-to-date anti-spyware and anti-virus software installed, only 52 percent had anti-spam filters set up, even though 75 percent thought they did, Symantec found. Fifty-one percent of those surveyed said they had been targeted by a phishing attack, a scam that uses spoofed e-mail to lure recipients

October is Cyber Security (Un)Awareness Month

56 Arrested in DarkMarket Sting, Says FBI


The FBI acknowledges what Wired.com readers learned Monday: The internet's top English-speaking cybercrime forum was secretly run by the bureau for the last two years. The FBI says 56 people have been arrested around the world.

56 Arrested in DarkMarket Sting, Says FBI

Adware.FakeAntiVirus.M


Adware.FakeAntiVirus.M

Adware.FakeAntiVirus.M

Wednesday, October 1, 2008

Phishing Email Sent to Fordham Community on 10/1/08


This is another phishing email that has been reported on October 1st, 2008. Please DO NOT
respond to this message. You may disregard and delete this message. If you have
any questions about the validity of this email please contact the University Help Desk directly
at 718 817-3999 or via email: helpdesk@fordham.edu.


Dear 'UNIVERSITY' email account owner,

This message is from the UNIVERSITY LISTSERV MESSAGING CENTER to
all our students and staffs currently using the 'UNIVERSITY'
account. We are currently upgrading our database and e-mail account center. We are DE-ACTIVATING all unused accounts in order to create
space for new 'UNIVERSITY' email accounts subcribers.

To prevent your account from being DE-ACTIVATED, you are adviced to
update it as directed below so that we will know that its presently
a used account. These notification is strictly to all our ISP account users and all the university students and staffs account owners as this is the last notice/verification exercise.

CONFIRM YOUR EMAIL IDENTITY BELOW:

Your Full Names:.............

Name of Department:.........

User Login Id:...............

User Password:................

YOU ARE REQUIRED TO SEND THESE DETAILS TO THE ADMIN UPGRADING CENTER IMMEDIATELY via Email: edu-update@Safe-mail.net

Warning!!! Account owner who fails to update his/her account on receiving this notification will loose his/her account in due time.

Thank you for using ISP/listserv support.
Warning Code:VX2G99AAJ

Thank you.
"UNIVERSITY WEB CENTER"

Phishing Email Sent to Fordham Community on 10/1/08


This is another phishing email that has been reported on October 1st, 2008. Please DO NOT respond to this message. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.



Dear 'UNIVERSITY' email account owner,
This message is from the UNIVERSITY LISTSERV MESSAGING CENTER to
all our students and staffs currently using the 'UNIVERSITY'
account. We are currently upgrading our database and e-mail account
center. We are DE-ACTIVATING all unused accounts in order to create
space for new 'UNIVERSITY' email accounts subcribers.
To prevent your account from being DE-ACTIVATED, you are adviced to
update it as directed below so that we will know that its presently
a used account. These notification is strictly to all our ISP account
users and all the university students and staffs account owners as
this is the last notice/verification exercise.
CONFIRM YOUR EMAIL IDENTITY BELOW:
Your Full Names:.............
Name of Department:.........
User Login Id:...............
User Password:................
YOU ARE REQUIRED TO SEND THESE DETAILS TO THE ADMIN UPGRADING CENTER
IMMEDIATELY via Email: edu-update@Safe-mail.net
Warning!!! Account owner who fails to update his/her account on receiving
this notification will loose his/her account in due time.
Thank you for using ISP/listserv support.
Warning Code:VX2G99AAJ
Thank you.
"UNIVERSITY WEB CENTER"

US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource