[2510] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, April 24, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Apr 24 07:46:13 2012
Resent-From: ist-security-fyi@mit.edu
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Tue, 24 Apr 2012 11:45:05 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F1082E584@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============1412971884=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1412971884==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F1082E584OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F1082E584OC11EXPO24excha_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. DNS Changer Follow Up
2. A New Phishing Attack Seen at Universities
----------------------------------
1. DNS Changer Follow Up
----------------------------------
According to the FBI and this news article<http://www.cnbc.com/id/47142091>=
, hundreds of thousands of users may lose Internet access in July. You may =
remember the DNS Changer attack last year. Last November, the FBI and other=
authorities were preparing to take down the infrastructure of rogue server=
s put up by the cyber criminals responsible for the attack. When the FBI re=
alized that taking down the servers would affect about 570,000 users worldw=
ide, they decided to replace the servers temporarily until March of this ye=
ar, giving victims the opportunity to clean their infected computers. A fed=
eral judge then extended the deadline until July.
The problem started with a vulnerability in Windows, which the criminals to=
ok advantage of and were able to convince users to install malicious softwa=
re. The malware turned off anti-virus updates and changed the way computers=
reconcile website addresses behind the scenes on the Internet's domain nam=
e system (DNS). The infected computers were reprogrammed to use the rogue D=
NS servers owned by the attackers. This allowed the attackers to redirect c=
omputers to fraudulent versions of any website.
When these replacement servers are taken down on July 9, the infected compu=
ters will lose Internet access, estimated to be around 360,000. Learn how y=
ou can detect if your computer has been infected with DNS Changer<http://ww=
w.dcwg.org/detect/>. If you need assistance with cleaning your computer of =
any virus infections, contact the IS&T Help Desk<http://ist.mit.edu/help>.
----------------------------------------------------------
2. A New Phishing Attack Seen at Universities
----------------------------------------------------------
According to the Chief Information Security Office at Brown University, a n=
ew phishing attack is being seen by the university and other schools. An em=
ail that look like it comes from the school asks the recipient to join the =
school's "Collaborative Network." The link in the email takes you to a sign=
up page where you are asked to choose a "WebID" and then provide an email a=
ddress among other information, including password.
See the phishing alert by Brown to their users, warning them to not reply t=
o the email<http://blogs.brown.edu/cis/2012/04/23/alert-email-from-brown-co=
llaborative-networks/>.
Learn more about phishing here<http://kb.mit.edu/confluence/x/SBhB>.
Monique Yeaton
IT Security Awareness Consultant
Information Services & Technology, MIT
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F1082E584OC11EXPO24excha_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html dir=3D"ltr">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" id=3D"owaParaStyle"></style><style type=3D"text/cs=
s"></style><style type=3D"text/css"></style>
</head>
<body fpstyle=3D"1" ocsi=3D"0">
<div style=3D"direction: ltr;font-family: Tahoma;color: #000000;font-size: =
10pt;">
<p class=3D"p1">In this issue:</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">1. DNS Changer Follow Up</p>
<p class=3D"p2">2. A New Phishing Attack Seen at Universities</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">----------------------------------</p>
<p class=3D"p2">1. DNS Changer Follow Up</p>
<p class=3D"p2">----------------------------------</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">According to the FBI and <a href=3D"http://www.cnbc.com/id/=
47142091">
this news article</a>, hundreds of thousands of users may lose Internet acc=
ess in July. You may remember the DNS Changer attack last year. Last Novemb=
er, the FBI and other authorities were preparing to take down the infrastru=
cture of rogue servers put up by
the cyber criminals responsible for the attack. When the FBI realized that=
taking down the servers would affect about 570,000 users worldwide, they d=
ecided to replace the servers temporarily until March of this year, giving =
victims the opportunity to clean
their infected computers. A federal judge then extended the deadline until=
July.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">The problem started with a vulnerability in Windows, which =
the criminals took advantage of and were able to convince users to install =
malicious software. The malware turned off anti-virus updates and changed t=
he way computers reconcile website
addresses behind the scenes on the Internet's domain name system (DNS). Th=
e infected computers were reprogrammed to use the rogue DNS servers owned b=
y the attackers. This allowed the attackers to redirect computers to fraudu=
lent versions of any website.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">When these replacement servers are taken down on July 9, th=
e infected computers will lose Internet access, estimated to be around 360,=
000.
<a href=3D"http://www.dcwg.org/detect/">Learn how you can detect if your co=
mputer has been infected with DNS Changer</a>. If you need assistance with =
cleaning your computer of any virus infections, contact the
<a href=3D"http://ist.mit.edu/help">IS&T Help Desk</a>.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">----------------------------------------------------------<=
/p>
<p class=3D"p2">2. A New Phishing Attack Seen at Universities</p>
<p class=3D"p2">----------------------------------------------------------<=
/p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">According to the Chief Information Security Office at Brown=
University, a new phishing attack is being seen by the university and othe=
r schools. An email that look like it comes from the school asks the recipi=
ent to join the school's "Collaborative
Network." The link in the email takes you to a signup page where you =
are asked to choose a "WebID" and then provide an email address a=
mong other information, including password.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2"><a href=3D"http://blogs.brown.edu/cis/2012/04/23/alert-emai=
l-from-brown-collaborative-networks/">See the phishing alert by Brown to th=
eir users, warning them to not reply to the email</a>.</p>
<p class=3D"p1"><br>
</p>
<p class=3D"p2">Learn more about phishing <a href=3D"http://kb.mit.edu/conf=
luence/x/SBhB">
here</a>.</p>
<div><br>
<div class=3D"BodyFragment"><font size=3D"2">
<div class=3D"PlainText">Monique Yeaton<br>
IT Security Awareness Consultant<br>
Information Services & Technology, MIT<br>
http://ist.mit.edu/security</div>
</font></div>
</div>
</div>
<link rel=3D"stylesheet" type=3D"text/css" href=3D"data:text/css,">
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F1082E584OC11EXPO24excha_--
--===============1412971884==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1412971884==--
