Blogs
-
February 24, 2012
Summary:
Security Researchers at Intego have spotted new variants of the Flashback Mac OS X Trojan. The Trojan will attempt to steal user names and passwords if successfully installed.
Details:
According to Intego’s blog, there are three methods in which a Mac can be infected.
How this malware infects Macs
“This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.”
How you can help:
- Update to the latest version of Java
- If you see the self-signed certificate as shown in the picture above do not click the “Continue” button
Learn more:
http://blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with-new-variant/
-
February 23, 2012
“FREE TRIAL OFFER”
New scam website claims to offer a free $500.00 voucher good at Groupon or LivingSocial. The scam gets an individual to provide personal information that will be shared with their marketing partners.
Learn more about the scam at http://research.zscaler.com/2012/02/groupon-scam-site.html
-
February 3, 2012
Google has taken some needed action to address the increasing number of malicious applications in the Android market place.
Learn More:
http://www.droid-life.com/2012/02/02/google-introduces-bouncer-security-service-for-android/
-
January 30, 2012
SUMMARY
PHISHING Attack Targeting the College of Charleston.
DATE & SEQUENCE
Monday, January 30, 2012 | Alert2012-2
SEVERITY
“HIGH”
AFFECTED PERSONS AND PLATFORMS
- Email users
DETAILS
College Community there is a current PHISHING attack that is targeting College of Charleston email users. The Phishing email appears to come from the College of Charleston, but is not.
An example of the Phishing email that was sent to students, faculty, and staff is shown below. If you have received this email just delete it. If you have already responded to it, please contact the helpdesk immediately.
Example of the Phishing email:
—–Original Message—–
From: College of Charleston <bridget.xxxson.xx9@my.csun.edu>
Date: January 28, 2012 3:54:03 PM EST
To: undisclosed-recipients:;
Subject: Emergency Verification
Dear College of Charleston Webmail subscriber,
We hereby announce to you that your email account has exceeded its
storage limit. You will be unable to send and receive mails and your
email account will be deleted from our server. To avoid this problem,
you are advised to verify your email account by clicking on the link
below.
http://checkverifymyemail.tk/webmail-verify/
Thank you.
The College of Charleston Management Team.
If you clicked on the URLhttp://checkverifymyemail.tk/webmail-verify/it may have taken you to a page, similar to the one below. If you provided the information requested, you should immediately change your password.
HOW YOU CAN HELP
- Install updated anti-virus. Visit go.cofc.edu/antivirus
- Do not click on suspicious files or attachments
- Contact the Helpdesk 953-3375 with any questions.
LEARN MORE
-
January 13, 2012
There is a new Facebook phishing attack making its rounds, this attack takes aim at your Facebook credentials and credit card information. If you receive this phishing email, simply delete it. If you have responded to the phishing email with the requested information, you should immediately notify your credit card company and change your Facebook password.
Details:
At the time of writing there is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions.This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ascii characters replacing letters such as “a” “k” “S” and “t”.
Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:
“Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: => http://apps-xxxx-xxxxx-user.de.vu
Thank you. The Facebook Team”/When clicking on the link you will be redirected to a website which looks very similar to Facebook, and asks you for personal information such as: Name, Email, Password, Webmail system, Password to email etc. When submitting this form the details will be sent to the attacker, and they can automatically login to your Facebook account and compromise it.
After the victim submitted the information another webpage will appear, this page states that you need to confirm your identify with a payment and asks for your Card Number.
The last page of the phishing scam will try to confirm your Credit card information including CSC/CVV code.
These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social medias. It is also recommend that you contact your security vendor and the social media vendor if you encounter these sites.
**The analysis/ screen shots above are provided by, Securelist / Kaspersky Lab**
-
January 11, 2012
SUMMARY
PHISHING Attack Targeting Amazon Customers.
DATE & SEQUENCE
Wednesday, January 11, 2012 | Alert2012-1
SEVERITY
“INFORMATIONAL“
AFFECTED PERSONS AND PLATFORMS
- Email users
DETAILS
College Community there is a current PHISHING attack that is targeting Amazon customers via email. The Phishing email states that an Amazon purchase was shipped and the phishing email provides links; Track your package ,Your Orders , Amazon.com , Customer Service , Order # 566-8267150-1801055. Do not click on them, ALL the links are malicious and will lead you to a virus site.
An example of the Phishing email that was sent to students, faculty, and staff is shown below. If you have received this email just delete it. If you are unsure of the legitimacy of the email, contact Amazon, but do not use any of the contact information in the phishing email. Contact information is provided in the “Learn More” section of this alert.
Example:
From: S S [mailto:blankerf7@scccontrols.com]
Sent: Tuesday, January 10, 2012 10:05 AM
To: G, J V; M, D S; A; Mc, Margaret J; Ga, Sh B; Cr, Jo C; Mc, Do R; Orientation Session R Freshmen
Cc: FOUN_Read; EPG
Subject: Your Amazon.com order of “Nikon 16×50 Action Binoculars with Case/Strap/Caps” has shipped!
Hello,
Shipping Confirmation
Order # 286-4742498-1213316
Your estimated delivery date is:
Friday, January 13, 2011
Track your package Thank you for shopping with us. We thought you’d like to know that we shipped this portion of your order separately to give you quicker service. You won’t be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.
Shipment Details
Nikon 16×50 Action Binoculars with Case/Strap/Caps $179.95
Item Subtotal: $179.95
Shipping & Handling: $0.00
Total Before Tax: $179.95
Shipment Total: $179.95
Paid by Visa: $179.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.
We hope to see you again soon!
Amazon.com
HOW YOU CAN HELP
- Install updated anti-virus. Visit go.cofc.edu/antivirus
- Do not click on suspicious files or attachments
- Contact the Helpdesk 953-3375 with any questions.
LEARN MORE
Never Share or Give Someone Your PASSWORD | Ken Beasley, Information Security Officer
-
December 21, 2011
SUMMARY
PHISHING Attack Targeting Amazon Customers.
DATE & SEQUENCE
Wednesday, December 21, 2011 | Alert2011-7
SEVERITY
“INFORMATIONAL“
AFFECTED PERSONS AND PLATFORMS
- Email users
DETAILS
College Community there is a current PHISHING attack that is targeting Amazon customers via email. The Phishing email states that an Amazon purchase was shipped and the phishing email provides links; Track your package ,Your Orders , Amazon.com , Customer Service , Order # 566-8267150-1801055. Do not click on them, ALL the links are malicious and will lead you to a virus site.
An example of the Phishing email that was sent to students, faculty, and staff is shown below. If you have received this email just delete it. If you are unsure of the legitimacy of the email, contact Amazon, but do not use any of the contact information in the phishing email. Contact information is provided in the “Learn More” section of this alert.
Example:
From: J Conrad [mailto:torquesn3@wonderware.com]
Sent: Wednesday, December 21, 2011 8:44 AM
To: CrCr; K, O, S; K, E; S, C; M, C; M, N
Cc:
Subject: Your Amazon.com order of “Wacom Bamboo Create Pen Tablet (FQ9P50)” has shipped!
Hello,
Shipping Confirmation
Order # 566-8267150-1801055
Your estimated delivery date is:
Tuesday, December 22, 2011
Track your package Thank you for shopping with us. We thought you’d like to know that we shipped this portion of your order separately to give you quicker service. You won’t be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.
Shipment Details
Wacom Bamboo Create Pen Tablet (FQ9P50) $119.95
Item Subtotal: $119.95
Shipping & Handling: $0.00
Total Before Tax: $119.95
Shipment Total: $119.95
Paid by Visa: $119.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.
We hope to see you again soon!
Amazon.com
HOW YOU CAN HELP
- Install updated anti-virus. Visit go.cofc.edu/antivirus
- Do not click on suspicious files or attachments
- Contact the Helpdesk 953-3375 with any questions.
LEARN MORE
Never Share or Give Someone Your PASSWORD | Ken Beasley, Information Security Officer
-
December 19, 2011
The Wall Street Journal has posted a nice article that warns of scams targeting cellphones and social networks. The article mentions some old scams, as well as new ones, bad actors are using to commit fraud.
Learn More
http://online.wsj.com/article/SB10001424052970204844504577100502415928134.html -
December 9, 2011
SUMMARY
PHISHING Attack Targeting the College of Charleston.
DATE & SEQUENCE
Friday, December 09, 2011 | Alert2011-6
SEVERITY
“HIGH”
AFFECTED PERSONS AND PLATFORMS
- Email users
DETAILS
College Community there is a current PHISHING attack that is targeting College of Charleston email users. The Phishing email appears to come from the College of Charleston, but is not.
An example of the Phishing email that was sent to students, faculty, and staff is shown below. If you have received this email just delete it. If you have already responded to it, please contact the helpdesk immediately.
Example:
—–Original Message—–
From: MacOSX [mailto:MACOSX@LISTSERV.COFC.EDU] On Behalf Of Cofc.edu Support Center
Sent: Friday, December 09, 2011 8:36 AM
Subject: [Maybe Spam] COFC.EDU IMPORTANT NOTICE!
Dear Cofc.edu User
We recently noticed that important mails are delayed before received due to our anti-Spam filter.We are currently verifying our subscribers email accounts in order to increase the Efficiency of our webmail features. We are deleting all dormant and unused Cofc.edu accounts to create room for more users, To confirm your account is currently in use and join in the Recent Upgrade Taking Place, You are expected to follow the below instruction.
FOLLOW THE LINK TO UPGRADE YOUR ACCOUNT.
hxxp://www.xxausqxxn.us//administrator/
WARNING: Failure to participate in the ongoing web upgrade, will resort to the deactivation of your Cofc.edu account from our database without any form of warning.
Powered by EMU Webmail 6.0.1 – © 1995-2011 EMUMAIL
Copyright © 2011, College of Charleston, an equal opportunity, Nondiscrimination Policy – Privacy and Legal Statements, affirmative action institution | Contact RU-info at 618-650-5500-info
(4636)
HOW YOU CAN HELP
- Install updated anti-virus. Visit go.cofc.edu/antivirus
- Do not click on suspicious files or attachments
- Contact the Helpdesk 953-3375 with any questions.
LEARN MORE
Never Share or Give Someone Your PASSWORD | Ken Beasley, Information Security Officer
Posted in Uncategorized Edit -
December 6, 2011
If you are an Amazon user, you should be aware of emails claiming to be from Amazon, but they are not. There is a new phishing attack that criminals are using to dupe users into giving away their full name and credit card information.
Learn More
http://www.scmagazineus.com/amazon-users-targeted-with-new-phishing-attack/article/218150/
Examples images above are from: http://nakedsecurity.sophos.com
If you have any questions, contact the Helpdesk 843.953.3375
