Fordham Information Technology - Secure IT: December 2008

Tuesday, December 23, 2008

Wire Transfer - Phishing Email Sent to Fordham Community on 12/22/08


This is another
phishing email that has been reported. This message was received on or about December 22nd, 2008.

The me
ssage is targeted to you (even within the body of the email) and is crafted such that it appears as if you were the initiator of the email thread. If you received this before Postini was able to detect it you may have also received a .zip file. DO NOT open this file, this file is infected with a virus and may harm your computer. Postini is now aware of this email scam and is detecting and removing this infected file.

Please DO NOT respond to this message. You may
disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.
Please note: Random Person is exactly that, each instance of this spam comes from a different sender. Your name is typically your full name and your actual email address.

Random Person
To: yourname@fordham.edu
12/22/2008 04:20 PM
Subject: Re: wire transfer

Please respond to random.person@someaddress.com

The wire transfer has been released.

BENEFICIARY : Your Name
ABA ROUTING# : XXXXXX384
ACCOUNT# : XXX-XXX-XXXX45
AMMOUNT : $19,451.26

Please check the wire statement attached and let me know if everything is correct.
I am waiting for your reply.

Random Person

--- On Mon, 12/15/08, Your Name wrote:

From: Your email
Subject: wire transfer
To: random.person@someaddress.com
Date: Tue, 16 Dec 2008, 10:21 AM

We still haven't received the wire transfer.
Thank you
Your Name(See attached file: bank_statement.zip)

** (File attachment removed for security reasons.)**

Monday, December 22, 2008

Add this SecureIT Blog to My.Fordham

1. You can add Fordham IT’s SecureIT blog directly to your portal layout by adding the channel when you log into the portal. To access the this channel, click the “Content/Layout” link in the upper left, just below the Fordham seal.


2. From there, choose which tab you want to add it to. You can also choose where in that tab’s layout to place it.
3. In your desired place, click on the “New Channel” button.

4. From the drop-down menu, select “FordhamIT.” Select “Fordham SecureIT Blog” from the channel list and click the “Add Channel” button.


5. Then click back on the “Back to…” tab just below the Fordham seal. The Fordham SecureIT channel will now be displayed.

Thursday, December 18, 2008

Microsoft Security Bulletin MS08-078 - Critical: Security Update for Internet Explorer (960714)

The link above details the resolution to the recent publicly disclosed vulnerability affecting Microsoft Internet Explorer from versions 5.01 SP4 to Internet Explorer 7. All versions of Microsoft Windows running Internet Explorer v 5.01 - 7 are vulnerable and should be patched immediately.

If Automatic Updates is not configured or has yet to run on your computer, you should run Windows Update from your machine to download and install this out of band patch.

If you have any questions please contact the Help Desk at 718-817-3999 or via email: helpdesk@fordham.edu

Wednesday, December 10, 2008

Internet Explorer 7 Zero Day Attacks In The Wild

Date:12.10.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ is currently monitoring the use of an unpatched vulnerability (0-day) in Microsoft Internet Explorer 7. No user interaction is necessary for the exploit to be successful. A computer may become infected by simply visiting a malicious Web site. This vulnerability exists in the way XML is processed within Internet Explorer 7. This zero day was first made public on a Chinese discussion forum one day before Microsoft shipped its December set of monthly patches.

The majority of the exploits that we analyzed download a malicious Trojan from Web sites that have been categorized by Websense since September of this year. This indicates that the exploit writers have been operating for some time. They may have purchased the exploit, or possibly discovered it on their own, and timed the attack to follow Microsoft's regular patch cycle.
Our research finds that the majority of malicious sites serving this exploit are originating from China (e.g ASN number AS4134 - CHINANET-BACKBONE No.31, Jin-rong Street).

Screenshot of the malicious code in the wild:

















References:
http://www.pcworld.com/article/155190/new_web_attack_exploits_unpatched_ie_flaw.html
http://www.breakingpointsystems.com/community/
http://blogs.zdnet.com/security/?p=2283
http://blog.zoller.lu/2008/12/in-wild-ie7-0day-update.html
http://www.scanw.com/blog/archives/303

Wednesday, December 3, 2008

Microsoft Compatibility Message

Users of the Microsoft Office Suite, prior to version 2007 (PC) or 2008 (MAC), may receive a compatibility message when trying to open files created in the latest version of Office.

You may receive a message stating that “The file was created by a newer version of Microsoft Office” and you will be given the opportunity to download a compatibility pack.

Please note that this is safe to do and you can comfortably follow the links and proceed with the download.

If you have already applied the compatibility pack, you may receive a message stating, “This document was created in a newer version of Microsoft Office. Do you want to convert it?”

Please note that you can safely click on “Convert”.

If you have any questions or concerns, please contact the University Help Desk at (718) 817-3999 or via email: helpdesk@fordham.edu

US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource