Another "social engineering" malware scam was detected on October 14, 2009. The threat was discovered by Websense. This particular malicious threat affects users through an email that appears to be sent from the user's own domain. In our case, if a user were to receive the message, the sender might appear to be something like "email@example.com". If the message were received through another email host such as Gmail or Yahoo, the proper domain would be relected. Please note that we do not have a "techsupport" email account. Also note that we would never email you a message asking you to download something.
The message itself is deceiving in that it appears to come from the tech support department of the particular domain. It encourages the user to browse to a website in order to apply some new settings that it has supposedly set for Microsoft Outlook Web Access (OWA). Once the user browses to the site using the link provided in the email, the user is directed to a Webpage that continues to appear legitimate. After browsing to the page, the user is encouraged to download and install what ultimately is a malicious file.
There are several different types of social engineering that exist. For more information on social engineering, click here. To read the fully story on this particular malware scame, click here.
Information Security has created a more specific form that should now be used when users want to request Remote Desktop access. For information on Remote Desktop, click here or download the form here if you already understand the process.
On June 8, 2009, some users received emails from Amazon, Hallmark, Hi5, and/or Twitter. These emails included the following attachments: Shipping Documents.zip (Amazon), Postcard.zip (Hallmark), Invitation Card.zip (Hi5 and Twitter). The emails were very convincing to some users because they were likely expecting emails from these senders. Once the user opened the attachment, he or she became infected with a Trojan which then used the user's contact list to send out the infected message to more users. Users should be cautious of any message with an attachment. Companies, vendors, and social networking sites will almost never attach a file to their email correspondence. The presence of an attachment to an email (especially from someone or some company you're not expecting an email from) should always raise a red flag to the user. Emails like this should almost always be deleted immediately unless you're absolutely certain that the email you've received is legitimate and should have an attachment. For further precautions, you may choose to save the attachment then have your antivirus software scan the attachment to ensure that it is not infected.
When this issue was discovered, we immediately began remediation steps to prevent the spread of the virus and to disinfect those machines that became infected.
The Federal Trade Commission has made the 2008 Consumer Complaint data available. Georgia ranks 7th nationwide of states that have reported identity theft according to the FTC. More facts regarding their findings can be found here.
Some users on campus may have received emails that appeared to be sent by Ikea, Hallmark, and Coca Cola claiming to contain job applications or greeting cards. In actuality, these emails were not legitimate. These messages contain compressed files (.zip) which include an executable file that, when executed, adds registry values, programs, and attempts to propagate through SMTP. This virus is known as I-Worm/Generic.CTC, Worm/Generic.CSY, Vundo.DY, and Worm_Swarley.A. These are all variants of the same virus that is commonly known as the Downadup worm which has become very prevalent this month.
If your computer was identified as a computer that was infected, Information Security has blocked your computer from accessing the Internet. While your computer is blocked, you will still be able to access on-campus network resources. Once your computer is disinfected, we will remove the block.
If you believe you may be infected and have not heard anything from Information Technology, please contact the helpdesk at 245-HELP (4357) to report your infection.
For everyone else, if you receive any emails from the above-mentioned companies that you are not expecting, please delete the messages. One should be suspicious of any email that contains an attachment from not only unknown senders, but from senders you know, but are not expecting an attachment from. When in doubt, ask the sender about the attachment and/or scan the attachment for viruses.
A recent zero-day exploit was discovered which affects Internet Explorer users. This exploit is currently affecting a growing list of Websites on the Internet. Visiting an affected website can result in a full compromise of your computer. At this time, Information Security is recommending that you immediately install the Microsoft update which addresses this exploit. You may also wish to use an alternate browser that should already be installed on your VSU-owned computer - Mozilla Firebox. You can find the download for this browser and other recommended software here. These same steps should be applied to any home computer(s) that you may have.
More information on this vulnerability can be read on Microsoft Security Bulletin MS08-078
Additionally, Mozilla Firebox has recently released a patch to close up a similar exploit that allows an attacker to remotely install software and/or run malicious code. Please ensure that you have the latest version of Firebox by click on Help (located to the right of Tools) then selecting Check for Updates. Alternatively, you can download the latest version of Firebox here. At the time of this notice, the latest version was 3.0.5.
Note: there are some users that may need to install the latest version of Firebox version 2 (22.214.171.124) instead of version 3 because of compatibility issues with some VSU-related resources (e.g. WebCT Vista). If this is applicable to you, you can find the latest update for version 2 here. After this update, no more updates will be offered for version 2.
Some students, faculty, or staff may have received an email recently with a subject " VERIFY YOUR VALDOSTA.EDU WEBMAIL ACCOUNT". The contents of this email requested user information ranging from one's username, password, security question/answer. The sender of this email claimed that the information was needed to verify that one's email address was still in use.
Users need to be aware that no representative of Valdosta State University should ever request any of your passwords. If valid access is required to your account(s) an authorized representative will notify you, change your password and access your account. You will thereby know that your account has been modified simply by the password change and the previous notification. You will then need to work with this representative to change your password to something only you know.
Review our section on Phishing in our FAQs for more information.
Atlanta-based firm that stores and maintains databases containing sensitive personal credit and background information, has admitted to allowing "unauthorized third parties" access to the sensitive information. The commercial firm is a source of over 10 billion records used for credit reports background checks and other similar processes. Additional information can be found on various news provider Websites such as MSNBC and USA Today. Individuals are encouraged to check credit reports as outlined on Information Security's Identity Theft FAQ.
Fraudulent attacks, known as "phishing" use email or malicious web sites to solicit personal and often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information by often suggesting that there is a problem with the user's account. More information can be found here.
Valdosta State University President, Dr. Ronald M. Zaccari, authorizes VSU's first Information Security Policy and an updated Information Resources Acceptable Use Policy.
1500 N. Patterson St. Valdosta, Georgia 31698
1500 N. Patterson St.
Valdosta, GA 31698
VSU Solutions Center
Eastern Standard Times
Mon-Thurs: 8 am - 7 pm
Friday: 8 am - 5 pm
Saturday: 9 am - 2 pm
Sunday: 9 am - 3 pm