%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 23 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 12 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250702052041+00'00') /ModDate (D:20250702052041+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 13 0 R 15 0 R 17 0 R 19 0 R 21 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 4121 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 75.887 521.469 670.847 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 75.887 l 565.984 75.887 l 565.984 745.984 l f 45.266 746.734 m 45.266 75.887 l 46.016 75.887 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(VIRUS WARNING)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(May 02,2018)] TJ ET BT 156.578 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 171.086 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(If you receive an email with the subject: )] TJ ET BT 220.586 637.420 Td /F1 9.0 Tf [(URGENT - CCMA Final Reminder: Case GAJK0238819-18 \(GAJK\) is )] TJ ET BT 61.016 626.431 Td /F1 9.0 Tf [(scheduled for 'Arbitration')] TJ ET BT 181.814 626.431 Td /F4 9.0 Tf [( allegedly sent by the CCMA, and with an attachment with a )] TJ ET BT 424.922 626.431 Td /F1 9.0 Tf [(.DOC.gz)] TJ ET BT 459.923 626.431 Td /F4 9.0 Tf [( extension, )] TJ ET BT 505.949 626.431 Td /F1 9.0 Tf [(DO NOT)] TJ ET 0.153 0.153 0.153 RG 0.18 w 0 J [ ] 0 d 505.949 625.001 m 540.950 625.001 l S BT 61.016 615.442 Td /F4 9.0 Tf [(try to open it. The attachment is a rather nasty Trojan-variant of a Crypto virus.)] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(This virus opens the "back door" of your computer to hackers once it infects your PC. The trojan is programmed to run at )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(every start-up, giving the hackers, who originated the program, access to your hard drive. In addition, this trojan can re-)] TJ ET BT 61.016 573.475 Td /F4 9.0 Tf [(create itself, making it hard to remove it completely.)] TJ ET q 375.000 0 0 340.500 61.016 221.777 cm /I1 Do Q BT 61.016 203.986 Td /F4 9.0 Tf [(If you received this email or any similar ones, please it to the Information Technology Security Team using the following )] TJ ET BT 61.016 192.997 Td /F4 9.0 Tf [(method:)] TJ ET BT 61.016 173.008 Td /F4 9.0 Tf [(Send the spam/phishing mail to)] TJ ET 0.373 0.169 0.255 rg BT 189.077 173.008 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 189.077 171.857 m 253.742 171.857 l S 0.153 0.153 0.153 rg BT 253.742 173.008 Td /F4 9.0 Tf [( and)] TJ ET 0.373 0.169 0.255 rg BT 273.758 173.008 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 273.758 171.857 m 352.418 171.857 l S 0.153 0.153 0.153 rg BT 61.016 153.019 Td /F4 9.0 Tf [(Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the )] TJ ET BT 61.016 142.030 Td /F4 9.0 Tf [(following link \(Which is safe\) : )] TJ ET 0.373 0.169 0.255 rg BT 181.544 142.030 Td /F4 9.0 Tf [(http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx)] TJ ET 0.18 w 0 J [ ] 0 d 181.544 140.879 m 549.707 140.879 l S 0.153 0.153 0.153 rg BT 78.360 122.057 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 122.041 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 225.080 122.041 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 225.080 120.890 m 303.740 120.890 l S 0.153 0.153 0.153 rg BT 303.740 122.041 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 327.239 122.041 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 327.239 120.890 m 391.904 120.890 l S 0.153 0.153 0.153 rg BT 391.904 122.041 Td /F4 9.0 Tf [(\))] TJ ET BT 78.360 111.068 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 111.052 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 78.360 100.079 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 100.063 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail )] TJ ET BT 91.016 89.074 Td /F4 9.0 Tf [(Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 454 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 39907>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?j[x^;x֓*Cټj$ߍ~W?."xoZM4\G}νkYl<8*[ѧ}5ܫ gI!Q.ΊY; lZNW?+HρqR^:r.ÒFZkNnuob΁VV3F1]TQVel;py5+/ p@l Wסk ./Ev~e8?-6Lq8{K )};\K&8jpFi,,hYxfRPY̌r29XՆMu,!W3J2@宧hU c%=?Uuu3ñbCcӓnkj,MZ4/ï=;>c8$}тNHo+99^{M38'W-`d-g`~ɀH…:iE4F';i7QE#dOd8GtmtOSE<;jLAOluNr}koNoB1$yȐʀuEa YO$XR97kRJkN@cy84/9T sɭ֩}IE4>A2?ՁQm ޽-o4ӁD* smφTfVԩ#3c: */ FR^E AEx/Sء874ZӬԯa<Xɯc1 㟖զ|?r2Ŏl -Y\FHy`Νjs~4NKr> eBª} D'_W.exZ>+Y~ b6x>ߦRujUbu ipe1ΨYxLn[I#YT^s]@^CE;93c?MJ4}KߦWSu!b@'_bCc6uI~ /|lЁq+Mԭ5{UK$ȯ"@Ytb;t`׬63& >25cJ%%Qۜgڮ^l td&0{^{O4̡ɡXtx i.Xp[Rx^MbБP;6R7F.=zQR&OqQ:=GU?J=7kc;[f S[/ ӊ? jRXzbXHL}=-?c=cv$֜:1ڳPiJdMn'?1|19OE aڴFgڸrg  "oN:\~odbKHT{o y!eF ܹc֫ˣ_toK 6zܟgQBc^aZoyC@@’Gc'ZPё((#f18GzMbJS>vD@+M(N#Ҥ*s!Sh [^)ŜP)jR!c,rJʎȲ 8zgZn15)K圅)29Zv̎F1Ȧ~bBW'u9"vgqьsM+mҌ◚z5ZgnyM\jD=FGԥs 94FF72F֍rEi 6z nM#6@&4 aG(-`cABE?ٳ/| ėQ9商A1zڮyV^d-A¾h>EYAqkO\b+yu#?VX!bdV~]7a8'ŽWc%+(j2=}MDe==?u Džowo5xdkSZ4/h#n"T# ? fX#.#AcfKٸUUt{MP~ULOMD $xYP:GP{]N#E͎z⼕6*p{+3D"s   S>EV5; I{tcVdX仴6rn N9.5Kq \.Gp=H⟵CO?ONH ߱znk?YKx%\h[=+؉\r߭Coso} M IP}HVlCUUgê)jHct GZέ <"ۄlS POQW,SpW4mvKAkvLr5ymdK޹_@Mx@eTrb@ 2 t:]:J:׭K7'55uۅ͟!;6zvK~mB A> X@CWabbsVN.GHfHљ|QFڷ?|u8tLn g+չ Pű[9Z=fnG_I#Vs[[3cSa+Ik?inh-lධ l`玞6kOk-J *I`@8G_;uMj֟Ga/F$ ϕ ,ڟed8mی==oӯAO}5nMgR,In eNr8C˭]}PʍAlvm9ǾI>t?M6ɥ/j!YdcTq;Wqo&e q_Z+u At.-vKv x\U=O GN>G|n}`n$ {GT*iEԿRd_u~+;^NZ] EnFHQS*1E/+QA _]+Du.͖1 2J?k)F]~Rej?u~[+"dXV!A+Zg*iG>*|4ϐu-:ߖ @ظ=T/EG ;`S );):]ߖ ?uM:kq%8(SQT8$sWPG|.:]ߖ c̏Xܴgo ߽QVa$c'Q GNzX]ߖ ]OOZ!lg=-/$X{i|p_SXe/'Q GN>_¾KCMp OQEXLrFS")(X3'Q GN>_¾eu98IxP8b!OK|.:]ߦ {{Vx6D:NxoԿ7W 6\8>@ƿ:}M Px]oB%%<= kcBƟiafY%b܎z:+ ~bUO$q}, kkiGfE #R"sғ= fIm.6Gc?+7@=E]nfh79W[h#4"2e_'ƶ|6/ෘDQUuM~L{]9fм 4 jލ\^i>n3Gqzi7-~GJYzpf&Ul&O۹8#RJLݡF 9x2WV%;;Cj}r3 ,pmK"5(`G##vzйl+:`J2+ךzRx%_5d;.pYyq;)&@ѢǞ@#]mga,m6?*boKBs]fC:tƹ@G!A<&ԢcVPrc>صnWbjU;0iGorΑq4ȯ#0<ԭdmMk3IHJ5Xv"J~wثjˣ'I'=sitT"UΫ1 "oc$~VĀ> $\$~h2/wFߎ+tM$_37뎵(9oq1 zU]R'dRZ(Z?dJQ88'mJQRV`ZoB)w)(O8:lmSP 5xn.GS99X.R}\l!U0:qM$ASnhh'6zÿ$ɂ4H=վc:[vǩ HG注\A1 IP6k,M9.R5>Ѥֱ[*)ϱ?/C}A| b=IF]3kZsvKEfoeM^ o]\$+.へvZA7dIkBm+URʑ@2 |ï2Wm7m`{{zR!qžNB9;,sW7XmO1fA ~ x'Q72ʴkpqد+IFp|zT|8F2<Ϲ@-5&ܣOj}5l&FN$֏P(Y]3L0DdkۯA`c>"y{+VU^\2q[2\HXp?wS1)+X{eSq:MDHl.V,3sdsi"𽅹q'KVF|]P6ޛ*t5:"-ب&o4JV`?AllS!ẖ#,*z!iy((Oxch)xP&> ]{L'#OP#&Zm6К|#zE1"\2omǡkm);x9EXU _W],[m=bۑw{ ݬV^d0Snw5Ńƪܸ# d$R.¾"B9AS5Kϓ61-۟Jl,m `63UAZdC)Abpx^Q*> kf8U~un=)fPXgˏ#q:-ci9"Q*br'euZmu-)o."1id`r3 IcX*EPWBW7S6Sr*i]^(  gfC,d\7dck>ѭ5eT ?w9 k#Qs+)#׊ Z9 ߴPXcZ{cD%[9RItL\Ojoa%gr|2[? Hzw'x|2,wYԩwvT'tRw GsS+uB23yԆPX`*&Ue 㱪?ܭݽ@|˖P~RCw~kRŲB{ v$`N3llT tPE w@x{±>nf9$O9ЃXu{Q(Jrr2{=*Kr@Uҩݒ'p3c`J$mFN{{j&mpOVV#9® @'--h^DXZUb2^tiZW+w ]Rw)8=5 k7+qq5²F#] wjxOIw .Ak8{RPFH `@*k5v\0GbstcYx;[3-tY 眯tȮcJ`b.u [>Y2RĶzFޙZ'Nk6MRѤ1:= VV.ܢ2z ~5l 8ϧ"uo X뷏qsurfب)ʈpr$ mbU:(mkJM 8@. }yoB,;cUC0犧mFc3z|k\uoH+r^a_"U<t1k;"lI8i:XO%63t;OZΫKVmN2"m[hWZb}"$JI23ױOS<%ΦB9U!gW u&ouwy/$i+:u,L"x*TjזV/kh.d}o8;_/l9_zs]5/ #-"+QuZY=ٕf6Um?1瀍ȝMk E|b ӠxV՗la[x%6gtGkaIԱsKnQE,s6Jʌ;Օ{KZZ ຏqր%bjܚL0FZ](PN}V9ivh9]'%H=cx  Qy )N0wX2ӣe&h18JєLGB08==jeƓ@ۗkv%9G@,5W2ľfdn+'5</r;uXoSGU#5 jn׿m%x7 .څq6 J ,RNд vI 0`UYtH@܁UCztSSgCfH#};R:E'RCM2-C1öcOPG4QGP(n\cL ЎZGyA-_)d4vO̡{@ZӮy흔nGYZ&%2lq rĚP9d^^n~^}h(hZroヒǞh#"]06>`9'Z%ӭ'M*F]{tT٭BDJ9 {Sb#e@D?[?g կ G-gǮ鲒#qs~p.3G-DS$nm x?;2Yd p`I8|qQ]_jѤVwOOD S#!*w2_pҤ{`VO|lP^ǧKw6..FNOwҌVRLjV+t֦otz((IQdF 2:N^xr{UmGRU[6(iY8Mu KPwRKŌy RSy>`ܯN=x-6S}e,p`H_F2z_ΐ Tԁހ*֗'/ Ȫ֪z_]!IhSSۚҳf׭`|B+<0=9{6%tmN{9PH-$2nI#V"31$+i69Z7: -q" Ps<mAـv 9ǵ[6U08kwi]x)y/^H$kY|̄:/ zWQktk?9(@5'FqPךd?pj {O4jhxB]ƀ A` RAlbӭ#Hg,3NO=hh; ?ZC)gʉj*~(gk7)o xld-!P;jYXrGQ@4՟%p "&F(?ZOƀъkȑ;EU,z*BS[;sGP<(#\?8^_yޑAQF: /ϵ5RD,Oz;qe5xsZ[{"XS }~T<ڶjnVdޱI$RC[O2Aܽ8? I#g0s#sn ӷLsoF;Q:֬%':9F9 RKk8bLa~4|%h"+B{J{0RAns5sAir30r~ې=^ߟp~%'Cb_ߕ2\AY1y~R;UY|[`YUіl덣<r(Ӥ6jvG| kkpGrD})ϭ[%$%*Ǩ&򠤌 *- Y.ӑ q޶D89ORE+xpc[q  aimۋ *5B6ܷ w8;(crHpcy.`ԵiQ@f-QoiQ@ZO2o@lgJf 3_Cwfז[$]Jآ91E@s +r 5c"HDXԓNA}k24¨AnJ1HX7&@"dÏ%zVoߕf-VRc,_S07 ic騠-<'f0d)#}~Q]pIiV eIEfxf-Voߕ&¶h_Hn؁ 8\Q/Bdr 𮶊Ƴkxcc=qSG 1IӢ3vM<_lſ*Ң1-I"q(8:S-tl$l-1RxnSOzr&>R|Un?ʊlpKs_]S>? ]RȇץZ@{ܾeJ<3aڮw |TsgUDѬ ,t_`p.M Hh\t`jom7C\ݗ5r|?8?!\ w%uoPco‘"Ȳ%NFjz-7f ,c,H Pzxz21%w$$}E>_E̅۞cIH$oI)2Bn%.vPpÞ8VQK `WcGH<?z{7$+$- /9eҋ֍lXX!/4 MF;xb('x8F XO;%ke\g֘ڙz޾>]ޕPpq'zѸz77>{pȪ=Eހ-挊{f.ndzv 'Ǯ(FGgzCwhKpހ4sFER9K̊2*= hFU|zi f,=ju|@sK@Q@Q@Q@Q@Q@Q@Q@!KH{&xw_Q*(#|?El8߯zGz[ \C?@Zu? @{VDi"+;FMu֟HlX2shx;GNK@gr>1*ھ)]Joba[$}>mgv] -VcbEl*P*@9ӭwuoV_lس03ZK+tP>J(l-'9&V+cp?ON{6?Ŀg0cBaoUsK^~{Ґw/+ӅVj A<qUtMyճlrN-S"8dϥK̿$5'XY+&U &Iqks9g3k޴Wx&o"3̱׮iTѧj-{#fmrsӊA%_Zuwy  )(#֐ ʊ_c>/(8d9&^+r}j^ ,WZo )W/mZdϩ:mcf?1Ց,x$I$["a ak|>Ua'1i}Յ;EhH[~PzSkKh.o%2CK X8GR! n?+ӿ=IMiˬ\?5Q1jՄv8ʹim'نfmLG~@8i"a; qnHf8+o *s+~m܌ #lI,@߻9ֻ/,-~iX_M B f(#McVYUNޤow[EfP2r1 xY̆Hdmǯ )hYasE8Rw]2/<% {PYS`=.^Ɠ\i>kgy䕔,>cܓUci"E,oo q| F6s#ҶzB YA"@#g?wx/FH؆+/#.s9,E{Q[T#c3++ u%Y M+H0{|{U(p$evg@NTFP/isyoR;;waG5egPOMdncw(wo1~jn R`1\w"oh£9 #fڼ31ɨ[ߛ8aX@0yjz5$l^hM!THn䞇of@m$ontXn H<}Y<+O5Y]BA*2($p)]x^X-ݫܼ'idPO#Bktkr40c]#x3EeUk"Kg.3g, p*yt3,)^<3z>YO*]I\I yd @'nqg>]EmL"Av 1 텲D]:I dz}D1Ik>hmk,vebsn=m{zS)q,>D*#8zE]hpI$!sۊ`(c=捠^9Q+7F񞳪hk<)Cm'M?.^Q]KHD;aK} GR9IuaQHbQ@) ^(AP4Q*Ia5ajfDϘP74x_|cw_̳}IFGT$[kɦS F@AO>sڷ',?u[$"9 r@l/EwozH/!ʧvw "WHߋ=$1,# x:O (mH$i|tm͌p89^}Ħf$yXyMBV:nrI3<qZhsb/1##RA;?2^Ws^x@MkTgʤ.0O_]") *~`z? A":vús=KY7dl˴\1W," *88P^(AXgӾ{kxؓ Q:4w^uJz:{L<-oL蠑 $G$Nix;E)[hL+*vC9|o{.ZAN#tAM7Jn4Hp/fqh_nKM!?[ݷnx>bs(b?)88#ޘ< t0EEg8Z:sI$_imK+##hSI3`Bėb2 qEtb+R r T0ړLJެ/(6+OjgEp3֭tϜ::Icb޾آ*/?>Vǚ'D/׌o 2k]]OB+. $#֡-. $AY\ vdrIط$EDfCLdGpXq@ ւy;;b`OCf"S7J$SހI7ZMրbwbR@ 0)hmbLQZ(1F)h(-PEP`QZ(1KIKE1IZ(1APsF)h (cҖ)1KE&(-biPz\qKE FsuSOzu4#|?8|i4n$'ɌEl nzYk6b^Cū\G af㍸hz6agoA0ZMqKq/pN}ׯzNRHU#;Mz ."]PzqéNOb*aIϤo $zc4hVSTlD/TS]EoM3>7Z:L=S!\IW*njGzobuq6`0#溘IY#)}o&풧!>-ڄ 8[2);-V=\I3ۗ#A=Ҷd܄E8w5B$R#mG~j_O+6_f?˃YcƧy$ rˌz2ҊgˡVV93=(cOSџD5#ql'B)Ey Lni`< ^|/>0 Z*a^P]}&caJ@A7p?"7Dm&򴍆ӥ\=ΧozY4g~ 圑TNIYlD7 ea$aų"]_z"hKE0r2Ǧk.:Q<"WB۾Qzqj)AC忚aSԧĺ[O+>å(%yR%VGT#{w⦃WCJKiL>b z\9۞RxPP}d21Ղɷӌcl/,-m:r(84`ҵ{˄o۴ ws9^F<|4\享6'5.FW$t'w1#{?kel/l{x ~M*[9f dWlA>V}ǃuOyVKAp3ۂRIjW ìBG/ukY̍0eo_;-,eM#Ta:*)-t-$дjKnqPZ#*=O,pG[hX+LcՑX11ĩ 4W04f883y#n+":ݔsI6jn oL5%̖4}xPK [VmBTDz"`f”l߇4K<30/Sv(@ޖ(((((((((((((((((4^UNZǣI%iH5 LK1*+3Z#>kf<7rь6p1|ihG¸%KE';S=U:CwRi?`4_y+.Tt OƩ jÎQo=w a}}nGby?Z O(_(( 暱>{Un?~3˜M uqT cLG1yJ9?Z8\yJl+yU㧵/T8 M)v OJl?±X2gG*bY?ƒLd5۰e^lT6@Ӽv|Sm8?Kv?ҚQ[{Kk ){~5Ii-ٺF̊c_?8@qALʊ>*1*+uc['O- *[r3Fuo xkxʡy ܳ0_9ѥNm5G\su$1<`KҒAvOPFjiHW3ICeԦ7b0 =98,Z^+8bv0*G\ol%/ GTa?Hk6~,9&Ax#q|)A9s~&fB|Jg7<z:ihŌe*^  nE!-4{ͱ+FiB0<``sMz4m30f2 vOb5|-s-Z5y#2s4|M3=f!q*XR>n$Džt ,m2,O#I-IIXMr=Sx!"nFC`}ksSEI%1!s;Oii ̅ش?zʧ"8<*]l Ci~"SV40bU}=(M^YڛGG$Ò1ק\WkKLQ+HX@ UwŃ>&R,A?LVQwCʳx[bmAQmd$!ݰpsk_McHwYkqk08xH0N65mo(+NG[߷BQŮ悧yn=1O[ :-m\'5ftg\I$G?(zLJ|~L:Yj톩`E:$cҴxOZS×DuȥgpWɯٰxXj9'sʔ\]( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( F<`xgw ?Ҋ_l?EvdpKs-i'ͫ[読q0.>U'5&ѓk)K8 ,Q|y:U_0XW&^ԣ 2?rOo1dY?Уl|,N̽oFucvo>_[]d 7o 3޶n1G_c'sW,h"p'ʶ^O{]k%m3>nR}_u UjԯVI">sP9k>)Et7 9mim1H%Ҏ})ݷc)Fbn &* LQT@'}GnWLxg|m|71)Rw fR 9SKzwu?·\?OPH  J>~$4xiUϖFP@ߎR/R5+M(v?s+t̜ҏ|ְWOՄ:Dؚx:[{emYMST< Ϭ^_-zGm}7KA T`HW=cO۬7p(^_QI6}[R.a\~MlJJXb |{{ڌ7^8xU(J8cUΩh.ΉW|<%PIk z `~aԤI&{d;IŸlNw6ZIgu © Z)" ;!okt 1]ͻ}>SWpMw+irA)@@;h'.#`kzJMJ;mZU̮O,qMk]\ʜRbV-ǡG|MswsFy*LPk A/\6؉|8?,o\ zW_;t= ,eM8ïI k]nkM-Fmyb*I ' is Ϙn=,=GRɨZEpOYc,7:W^h&~(\8 䟮0k_Wu5:+xo0nV2Km4[k}2ow ß1 W:a(yhԸkѼ%i^`4Kee `ui@DUP l8z0수vݟC֠^ӭ2]D80琿́^r E&l.F!XI<~MfXfTW`Kf2 ?9}0hԖ'|ͻ琾2^xcW^GbA$A6櫖WRk^i6 -bUXax~jʱP@'# {^b|]no,ęJ`Wkgyɋps6gڀ=*Qd5, Ig[>J8b&K[a pt[ؼHіE2!l#p@7eofkotI omXUIT1'O8P1E-&(P`QZ(1F)hP`QZ(0((4ZMB96sFHI3|gfKˋk{erRXun.~C-3>/7pQR|Z) &?En9_?x-lV??Wkb{j 0ejVXTmsZ?4Xm02pJnDFkm^K+ ydIMiX,dmN2Us'A5-zOKVB73=x.thRpDd:D ӧugY5Bkf d9o`BBq hK,"a2.oy_JӏG97#>*' Mý[ymd̒6қ6䞛x$&-㐿fj (}kIœ}|lu Ƭm0%lMmwNoBW`{" vHHQbatdsJ}['ˁb/#7v<RŷC@Ե{?>U<`*[K{(m#IR/79+vDHȰ1|^7tKdXdc ' vhlx :v1s۵VDj"y-kD8Zv ]CEncM xyPly(#+ \4Fș<X)9p f>GTK,d tWCo"գhyr뵏U*_Bj+i74reYYBoqdA5I-b1V} |Hխ-u -ӈځBwanV~ғKM0!3i$-c&zmޡo2:]@w(9 ޣ9@gXA^Inl*Hr<򦢛Ν%&ypkpT=nh 4 EXc&2Ij?h`7[%%; }'ѿ6Cqi4匽$No\xKH[,j%w`dޞh=Kwh&f` SV4iUŵ\9Nx7ҴHm`Co8k>>}6YZ[k5L]PwV^㴷[rӲv'Ɲ7kYc2$~` GAe#DE$8@w Zo {yO"-`bAǸW^^@H(F:sP^C.n񻜳G#!ac*p~TPGGLusuI0#C9?]F5fEe9,ꏱ8=OYOKIX}tK%l#x:wd䞧j;WW޴n\':c zT $miqms23.ᷓk4y.3cqXc=s]-6h 0Yh#te7m%fBB9# mV Bi=I%3$JTI哓2EYc[H{@\`1Ҭ'Ѯt@f{0Rx9=(6Z7Zam,:Mt*k?RtRgv.Tmt֞H%ZR3=qU+ByXpFO4ַ-ŽVRԤ` Y|?f$̛wb` իh@)ԴPE%-QEQEQE%-PEPEPEPHii(մ/1fH$rR5S*Kx#>*1*(#|?El8e_G??x-lV/vuPLTWq1J]Y4GDMn;K<8h46i1X GD]^fP'S[K4Y䶍5+BC0zy |QƚCkzDwj1"85$>0X zh (%-`M"MfG(/-_iYK-d,zaBz ƞkXY6bQ:ws\(n-KOekkqu&Xb389ϭTx-U`bU6+ioW.|47NaPd3' 8ۻ=x54)5[&+q:cwg8(f;?q.X`XJ٠(()h(1F)hZ((-))h(((()(h((())i(‹_h[Qm)jEhm 6a9"J ms@ڍ8y cR]\-l{D8*;Ojz-QCozшHdo@IҸOĺ+gz5CUAC̤bY},\H![hs(cA}(7{R=_Vv$K9%;^&A$r1Ԟ1YeR sv8^mq:VvY8NWUkψZY[ۥ)qY9Fx@n*^_K>ِR87uٍKm,\ʥpn.q[iOxXMZGxb\!I 9q|gX mkK4营Ƣ9P$r=ּ8x0Y<ޔĩd!LgJ*? s9Ɍ}{Q[n{?Wkf!"^0 [ݝt6XRe꬧ P69ɋy9'`5jPhTmIZݤLvI\)hvPgRDǒ pɫ*MYahIc0˟\t$=^Mť߲HՆ}p{3@g HQ#EVꪸ׊-"Hm-xSˌJ6/ep9<SVEU̵LD>id12 "KKڏ=Vh5+yĤ96MM6N>*ztگQ@HYLln)w6:d#i-,r|YR냎*4PX4+h8-;#6z |8۴_Ļ:W(dhZ QdS(*GLcңK&eAQjI@,(+:pGjUlu v,0W3@GW-`Y$FcN9m"Hm/cOs4f*ɥK2M%2HA=5zl~^ Dzbq@ lZVa0Szt --~ʶ ۄ~JkC4 .ťrKnN)h2I--I' \c~UrPCnI8А3@*j(J(h(hRR@Q@Q@Q@Q@Q@Q@Q@%-RP[xqL&?E;ϋX_G??x-lVgM?u˻-28$$.bB{l"Cwj1SEq%bp7fHU<o kDd1$# pO3Od,#)s#T:O}#V#8YdY9+1Wm|-ZwHrD`v'J`ETsӚNj⍌5vxz)!r9F$8Sv&q][Om-~TOH5vXE ņ{RETƑ qkX T3'ni|MuJmH#ӆ# 6m϶:.s:<\#v'v3+] ͵w%Y`+BXQScR\L=[EhOݵkLdF30*+tc2F }~ekX"?}ŴhU%#lXx!O.\`HS?ʭyLO9FocԊZ>m%nq!w}A~&$qk=;6ي9\ӊx[X4lɧPiC֋u^[ЛImqvɭڄv]CmWl{IONvjŔzL3܁q9pPG{6k4xrJ1,8ԗ^ЮcPA Hd?CS~u(`He6Y .9r=*^gy{bͤbB჏1c8#VtZ^~]eSצx¿{HBkfزVl<)7b!T$!BW@i`3 l U r'níit%#:H$WbX#I 28Zm3<>|' b`pA[. ]=jо~ikPe\1;fh_ ,G$B+7vOz' !,L V(7_@icGp ̫d\Tˏm%9o–wV̸L5i6.`TF w EkZ( JZ((JZ( ( ( ( ( CKHh‹oi3F":[Ytb9@_x?EX_/??ElrzDŽ?Wkb!"^0 [ݛQxO ^LF#+ҧM uILBy-õzFugig,EO_Xҡ0ۡ\ヌPhswW盧PE,BKw&=>^]隖XNNqB9RN $ƺiS\-ZH麶$3;4S-y. h`@ɵ>Y 8Z>.-'RtP:Wp [j 6Q$v^OPzr5~P#=qi| :Py~1Mb!! a!X{m3K4+۝O쒴9 698`b2y/ 5+?H\ ɟu9Xהjq *wvwZEqXD8ʰ?Iyp: LjuGkȈWK 8uQ dCxVW[EjT6 H{.O^Ы)R`;SbH#Q02:l^A"I% /U=J0,W'#ƥFٮ3~&(/Kk)4;N%s$*'>aˌQ[vxm#| #S;yi}Gz-֓e{"=ͬ3G1jЉpF81@Q-ύ,t&ѻi2}0;U_kѷÌe #Ĥsǥ*ކEPEPEPEPEPEPEPEPREQE3㵊{"+TG"oZP[8jk_yMo 'qo(bg|Y?XQNa1Q]Q-Z?x-lV??Wkb_κ 2ACrYK+C,(N $K>i҄ARXt+st $%|לxsM,0Wє,@`@N8y4w %-p\N6)8zu x <.]y[tWQے@{W/$XjR ys*4PcceV¾r9xF;5;!Z\~y^O}O{yaktf ?wUݖ*\>mXC[*vRp}wd)K]~K+[Z؎d>t /wg2@v/u1Oh+Bm,MSW>٭}>w}(koeUÛwuig#y@%eVoOj}+ѻ^sy-v . G,=Hu? ȪFTmI-ܙp /?E/O1*+e-X?x-lV??Wkb{ŠZe%יF28BA}3ƚ&rZ\Hї~Z)m2@}2+k%<#D BOL]kpȱΆG'R˪X 7HF<]Wۈ]KI$g#{³l~3gtJ˹E ͵.톭r81770qj;ѵ R:Ir<XC.+t-լ9`V{sʴ<7C.>θ8R ~8PƋa5}84(S#33bx*GNt;淙eI s=k+O5ΟZj1[(K#i$0dx5BƧw 54d>tr |x>gܞE6]@웱Jb7n  f4 On`dyd%I̛P;;ƸK%R- ,>Pv&f>DtKxl*2\yqZ j1-${YAw.KzV 6ks爄lx{/+K4[!}\~O̅߮)1r#KP|%io-# \PwLSvԭZեTWnV8߆z5 Hc!bv: sߵ>/\ZK&O6Zi\,t# (a-$4ɾk(Cq2~bOOSvl,/m3y=+/ ^/֒[i"Xnʀ` m@ ̖+Kmm,H2yrUH 8b;֬KqIF}*6Q g\g#2_u;<71|I1?U9mTyQ4<\V-#e{uF d# Zu ǰGJ#QR^;$Yg#!CHǥDu{<3Ub8 s]ԌcJA@[m~T c8JqiQv ͒zf%ޗ`ǽVЀ)-q';n𥶽?2hN`>P,g<怀T-yH4IN }zi-9ik>PsHцΠ}B4Kj11RÂz 8Rco4 W"}GTt"3Fp%}7Hk9Ko/_Jkk6)ugkEOcZAzcm ~*7qQ[-nzDŽ?Wkb!"^0 [OF't]O $N&kxj^X4jnk6J6/EhH-#[!j0<9#]xu=Jѝ][l+Bk4ZYMoD0y>\I#Gҍ#ZXuඏH[R d~Uyk)| >5/Qr> Wud//mlF.ѵ}7U\fO& ڛĚG'u(V7rZ9 1N?+м㎇"hC-ֱ\(qZsxS̍$YS)[9ֽ7`qr(/<'ziROȌ J/Zva/Mv3IJ hƧ4;yo!t[0fO.A ٺҿ5 5N:'aڣv=k<9m) )SeOQSR(h((((((((((((())i UAbb~w/)g,xOQ*(#|?EnpKsH?I4wV/q1=3g]k>' aYA % %EMROAN^)7'AchߊD0hɏP{Q]Q(;eZ鯧XKX޷N7mP3ڦ"ECJ姠cm"EMs0& WE,,M_?nX,-Qd?bjtcm袋 a WE&@ o7EY3X,-5X[(9cm"EA&@ o7G,M_?n(f5X[?bjtQEs0" WE,,M_?nX,-Qd?bjtcm袋 a WE&@ o7EY3X,-5X[(9cm"EA&@ o7G,M_?n(f5X[?bjtQEs0" WE,,M_?nX,-Qd?bjtcm袋 a WE&@ o7EY3X,-5X[(9cm"EA&@ o7G,M_?n(f5X[?bjtQEs0" WE,,M_?nX,-Qd?bjtcm袋 a WE&@ o7EY3Xz,-!q o7E$bjKvpb]QEn$ endstream endobj 13 0 obj << /Type /Annot /Subtype /Link /A 14 0 R /Border [0 0 0] /H /I /Rect [ 189.0767 172.1752 253.7417 181.3327 ] >> endobj 14 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 15 0 obj << /Type /Annot /Subtype /Link /A 16 0 R /Border [0 0 0] /H /I /Rect [ 273.7577 172.1752 352.4177 181.3327 ] >> endobj 16 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 17 0 obj << /Type /Annot /Subtype /Link /A 18 0 R /Border [0 0 0] /H /I /Rect [ 181.5437 141.1972 549.7067 150.3547 ] >> endobj 18 0 obj << /Type /Action /S /URI /URI (http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki Pages/Spam sysadmin Eng.aspx) >> endobj 19 0 obj << /Type /Annot /Subtype /Link /A 20 0 R /Border [0 0 0] /H /I /Rect [ 225.0797 121.2082 303.7397 130.3657 ] >> endobj 20 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 21 0 obj << /Type /Annot /Subtype /Link /A 22 0 R /Border [0 0 0] /H /I /Rect [ 327.2387 121.2082 391.9037 130.3657 ] >> endobj 22 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 23 0 obj << /Type /Page /Parent 3 0 R /Annots [ 25 0 R 27 0 R ] /Contents 24 0 R >> endobj 24 0 obj << /Length 2431 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 494.899 521.469 263.085 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 494.899 m 566.734 494.899 l 565.984 495.649 l 46.016 495.649 l f 566.734 757.984 m 566.734 494.899 l 565.984 495.649 l 565.984 757.984 l f 45.266 757.984 m 45.266 494.899 l 46.016 495.649 l 46.016 757.984 l f 61.016 510.649 m 550.984 510.649 l 550.984 511.399 l 61.016 511.399 l f 0.153 0.153 0.153 rg BT 91.016 749.193 Td /F4 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 738.220 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 738.204 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 61.016 718.215 Td /F4 9.0 Tf [(IF YOU HAVE FALLEN FOR THE SCAM:)] TJ ET BT 61.016 698.226 Td /F4 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 687.237 Td /F4 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 687.237 Td /F4 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 221.081 686.086 m 341.627 686.086 l S 0.153 0.153 0.153 rg BT 341.627 687.237 Td /F4 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 676.248 Td /F4 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 665.259 Td /F4 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 654.270 Td /F4 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 61.016 634.281 Td /F4 9.0 Tf [(IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:)] TJ ET 0.373 0.169 0.255 rg BT 61.016 623.292 Td /F4 9.0 Tf [(http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 622.141 m 357.647 622.141 l S 0.153 0.153 0.153 rg BT 61.016 603.303 Td /F4 9.0 Tf [()] TJ ET BT 458.968 583.314 Td /F4 9.0 Tf [([Article by David Wiles])] TJ ET BT 61.016 563.325 Td /F4 9.0 Tf [()] TJ ET BT 61.016 543.336 Td /F4 9.0 Tf [()] TJ ET 0.400 0.400 0.400 rg BT 61.016 524.847 Td /F2 9.0 Tf [(Posted in:Security | Tagged:Krypto,Trojan | With 0 comments)] TJ ET endstream endobj 25 0 obj << /Type /Annot /Subtype /Link /A 26 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 686.4046 341.6267 695.5621 ] >> endobj 26 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj 27 0 obj << /Type /Annot /Subtype /Link /A 28 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 622.4596 357.6467 631.6171 ] >> endobj 28 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/) >> endobj xref 0 29 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000339 00000 n 0000000376 00000 n 0000000514 00000 n 0000000624 00000 n 0000004797 00000 n 0000004909 00000 n 0000005024 00000 n 0000005144 00000 n 0000005252 00000 n 0000045328 00000 n 0000045456 00000 n 0000045529 00000 n 0000045657 00000 n 0000045732 00000 n 0000045860 00000 n 0000045991 00000 n 0000046119 00000 n 0000046194 00000 n 0000046322 00000 n 0000046395 00000 n 0000046486 00000 n 0000048970 00000 n 0000049098 00000 n 0000049178 00000 n 0000049305 00000 n trailer << /Size 29 /Root 1 0 R /Info 5 0 R >> startxref 49430 %%EOF trojan « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

trojan

« Older Entries

Virus warning

Monday, February 5th, 2018

If you receive an email with the subject: “URGENT – CCMA Final Reminder: Case GAJK0238819-18 (GAJK) is scheduled for ‘Arbitration’…” allegedly sent by the CCMA, and with an attachment with a .DOC.gz extension, DO NOT try to open it. The attachment is a rather nasty Trojan-variant of a Crypto virus.

This virus opens the “back door” of your computer to hackers once it infects your PC. The trojan is programmed to run at every start-up, giving the hackers, who originated the program, access to your hard drive. In addition, this trojan can re-create itself, making it hard to remove it completely.

If you received this email or any similar ones, please it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

 

Email

Tags: ,
Posted in Security | Comments Off on Virus warning

The history of malware,Trojans and worms (part 3)

Thursday, March 17th, 2016

Two weeks ago we explored lesser known malware, Trojans and worms, after 1985. This time around, we look at more recent threats, starting with zombies…

2003 Zombie, Phishing
The Sobig worm gave control of the PC to hackers, so that it became a “zombie,” which could be used to send spam. The Mimail worm posed as an email from Paypal, asking users to confirm credit card information.

2004 IRC bots
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.

2005 Rootkits
Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding files so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and installed a hidden “back door.”

2006 Share price scams
Spam mail hyping shares in small companies (“pump-and-dump” spam) became common.

2006 Ransomware
The Zippo and Archiveus Trojan horse programs, which encrypted users’ files and demanded payment in exchange for the password, were early examples of ransomware.

2006 First advanced persistent threat (APT) identified 
First coined by the U.S. Air Force in 2006 and functionally defined by Alexandria, Virginia security firm Mandiant in 2008 as a group of sophisticated, determined and coordinated attackers. APTs are equipped with both the capability and the intent to persistently and effectively target a specific entity. Recognized attack vectors include infected media, supply chain compromise and social engineering.

2008 Fake antivirus software
Scaremongering tactics encourage people to hand over credit card details for fake antivirus products like AntiVirus 2008.

2008 First iPhone malware
The US Computer Emergency Response Team (US-CERT) issues a warning that a fraudulent iPhone upgrade, “iPhone firmware 1.1.3 prep,” is making its way around the Internet and users should not be fooled into installing it. When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.

2009 Conficker hits the headlines
Conficker, a worm that initially infects via unpatched machines, creates a media storm across the world.

2009 Polymorphic viruses rise again
Complex viruses return with a vengeance, including Scribble, a virus which mutates its appearance on each infection and used multiple vectors of attack.

2009 First Android malware
Android FakePlayerAndroid/FakePlayer.A is a Trojan that sends SMS messages to premium rate phone numbers. The Trojan penetrates Android-based smartphones disguised as an ordinary application. Users are prompted to install a small file of around 13 KB that has the standard Android extension .APK. But once the “app” is installed on the device, the Trojan bundled with it begins texting premium rate phone numbers (those that charge). The criminals are the ones operating these numbers, so they end up collecting charges to the victims’ accounts.

2010 Stuxnet
Discovered in June 2010 the Stuxnet worm initially spreads indiscriminately, but is later found to contain a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems configured to control and monitor specific industrial processes. Stuxnet’s most prominent target is widely believed to be uranium enrichment infrastructure in Iran.

2012 First drive-by Android malware
The first Android drive-by malware is discovered, a Trojan called NotCompatible that poses as a system update but acts as a proxy redirect. The site checks the victim’s browser’s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. A device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.

2013 Ransomware is back
Ransomware emerges as one of the top malware threats. With some variants using advanced encryption that makes recovering locked files nearly impossible, ransomware replaces fake antivirus as malicious actors’ money-soliciting threat of choice.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Email

Tags: , ,
Posted in E-mail, Security | 2 Comments »

Trojans still dangerous in modern times

Thursday, March 3rd, 2016

horse-220321_960_720Trojans are malicious programmes pretending to be legitimate software, but they actually carry out hidden, harmful functions.

It pretends to do one thing, but actually does something different, without your knowledge. Popular examples are video codecs that some sites require to view online videos.

When a Trojan codec is installed, it may also install spyware or other malicious software. Another example is a malicious link that says “Cool Game.” When you download and install the game program, it turns out not to be a game, but a harmful Trojan that compromises your computer or erases the data on your hard drive.

Trojans are often distributed with pirated software applications and keygens that create illegal license codes for downloadable software. (See Backdoor Trojan)

A backdoor Trojan allows someone to take control of a user’s computer without their permission.

It may pose as legitimate software to fool users into running it. Alternatively—as is increasingly common—users may unknowingly allow Trojans onto their computer by following a link in spam email or visiting a malicious webpage.

Once the Trojan runs, it adds itself to the computer’s startup routine. It can then monitor the computer until the user is connected to the Internet. When the computer goes online, the person who sent the Trojan can perform many actions—for example, run programs on the infected computer, access personal files, modify and upload files, track the user’s keystrokes, or send out spam email.

Well-known backdoor Trojans include Netbus, OptixPro, Subseven, BackOrifice and, more recently, Zbot or ZeuS.

To avoid backdoor Trojans, you should keep your computers up to date with the latest patches (to close down vulnerabilities in the operating system), and run anti-spam and antivirus software. 

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Email

Tags:
Posted in Security | Comments Off on Trojans still dangerous in modern times

History of malware, Trojans and worms (Part 2)

Thursday, March 3rd, 2016

Last time we explored the more unknown viruses, Trojans and worms, up to 1985. Now we start off in 1986, where most histories do, with the first PC virus.

1986 The first virus for PCs
The first virus for IBM PCs, Brain, was allegedly written by two brothers in Pakistan, when they noticed that people were copying their software. The virus put a copy of itself and a copyright message on any floppy disk copies their customers made.

1987 The Christmas tree worm
This was an email Christmas card that included program code. If the user ran it, it drew a Christmas tree as promised, but also forwarded itself to everyone in the user’s address book. The traffic paralyzed the IBM worldwide network.

1988 The Internet Worm
Robert Morris, a 23-year-old student, released a worm on the US DARPA Internet. It spread to thousands of computers and, due to an error, kept re-infecting computers many times, causing them to crash.

1989 Trojan demands ransom
The AIDS Trojan horse came on a floppy disk that offered information about AIDS and HIV. The Trojan encrypted the computer’s hard disk and demanded payment in exchange for the password.

1991 The first polymorphic virus
Tequila was the first widespread polymorphic virus. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

1992 The Michelangelo panic
The Michelangelo virus was designed to erase computer hard disks each year on March 6 (Michelangelo’s birthday). After two companies accidentally distributed infected disks and PCs, there was worldwide panic, but few computers were infected.

1994 The first email virus hoax
The first email hoax warned of a malicious virus that would erase an entire hard drive just by opening an email with the subject line “Good Times.”

1995 The first document virus
The first document or “macro” virus, Concept, appeared. It spread by exploiting the macros in Microsoft Word.

1998 The first virus to affect hardware
CIH or Chernobyl became the first virus to paralyze computer hardware. The virus attacked the BIOS, which is needed to boot up the computer.

1999 Email viruses
Melissa, a virus that forwards itself by email, spread worldwide. Bubbleboy, the first virus to infect a computer when email is viewed, appeared.

2000 Denial-of-service attacks
“Distributed denial-of-service” attacks by hackers put Yahoo!, eBay, Amazon and other high profile websites offline for several hours. Love Bug became the most successful email virus yet.

2000 Palm virus
The first virus appeared for the Palm operating system, although no users were infected.

2001 Viruses spread via websites or network shares
Malicious programs began to exploit vulnerabilities in software, so that they could spread without user intervention. Nimda infected users who simply browsed a website. Sircam used its own email program to spread, and also spread via network shares.

If this history timeline hasn’t satisfied your curiosity, the recently launched Malware Museum might peak your interest. 

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on History of malware, Trojans and worms (Part 2)

History of malware, Trojans and worms (Part 1)

Wednesday, February 17th, 2016

We’re always warning you against phishing, viruses and other nasty software which might harm your PC and data. For a change, let’s look at the history of these nasties. Where do they come from? How long have they been around for? Are they a recent phenomenon?

It seems not. Viruses have been doing the rounds for more than 50 years.

1949 Self-reproducing “cellular automata”
John von Neumann, the father of cybernetics, published a paper suggesting that a computer program could reproduce itself.

1959 Core Wars
H Douglas McIlroy, Victor Vysottsky, and Robert P Morris of Bell Labs developed a computer game called Core Wars, in which programs called organisms competed for computer processing time.

1960 “Rabbit” programs
Programmers began to write placeholders for mainframe computers. If no jobs were waiting, these programs added a copy of themselves to the end of the queue. They were nicknamed “rabbits” because they multiplied, using up system resources.

1971 The first worm
Bob Thomas, a developer working on ARPANET, a precursor to the Internet, wrote a program called Creeper that passed from computer to computer, displaying a message.

1975 Replicating code
A K Dewdney wrote Pervade as a sub-routine for a game run on computers using the UNIVAC 1100 system. When any user played the game, it silently copied the latest version of itself into every accessible directory, including shared directories, consequently spreading throughout the network.

1978 The Vampire worm
John Shoch and Jon Hupp at Xerox PARC began experimenting with worms designed to perform helpful tasks. The Vampire worm was idle during the day, but at night it assigned tasks to under-used computers.

1981 Apple virus
Joe Dellinger, a student at Texas A&M University, modified the operating system on Apple II diskettes so that it would behave as a virus. As the virus had unintended side-effects, it was never released, but further versions were written and allowed to spread.

1982 Apple virus with side effects
Rich Skrenta, a 15-year-old, wrote Elk Cloner for the Apple II operating system. Elk Cloner ran whenever a computer was started from an infected floppy disk, and would infect any other floppy put into the disk drive. It displayed a message every 50 times the computer was started.

1985 Mail Trojan
The EGABTR Trojan horse was distributed via mailboxes, posing as a program designed to improve graphics display. However, once run, it deleted all files on the hard disk and displayed a message.

Take note that information above is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Email

Tags: , ,
Posted in Security | 2 Comments »

« Older Entries
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.