Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

History of malware, Trojans and worms (Part 2)

Thursday, March 3rd, 2016

Last time we explored the more unknown viruses, Trojans and worms, up to 1985. Now we start off in 1986, where most histories do, with the first PC virus.

1986 The first virus for PCs
The first virus for IBM PCs, Brain, was allegedly written by two brothers in Pakistan, when they noticed that people were copying their software. The virus put a copy of itself and a copyright message on any floppy disk copies their customers made.

1987 The Christmas tree worm
This was an email Christmas card that included program code. If the user ran it, it drew a Christmas tree as promised, but also forwarded itself to everyone in the user’s address book. The traffic paralyzed the IBM worldwide network.

1988 The Internet Worm
Robert Morris, a 23-year-old student, released a worm on the US DARPA Internet. It spread to thousands of computers and, due to an error, kept re-infecting computers many times, causing them to crash.

1989 Trojan demands ransom
The AIDS Trojan horse came on a floppy disk that offered information about AIDS and HIV. The Trojan encrypted the computer’s hard disk and demanded payment in exchange for the password.

1991 The first polymorphic virus
Tequila was the first widespread polymorphic virus. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

1992 The Michelangelo panic
The Michelangelo virus was designed to erase computer hard disks each year on March 6 (Michelangelo’s birthday). After two companies accidentally distributed infected disks and PCs, there was worldwide panic, but few computers were infected.

1994 The first email virus hoax
The first email hoax warned of a malicious virus that would erase an entire hard drive just by opening an email with the subject line “Good Times.”

1995 The first document virus
The first document or “macro” virus, Concept, appeared. It spread by exploiting the macros in Microsoft Word.

1998 The first virus to affect hardware
CIH or Chernobyl became the first virus to paralyze computer hardware. The virus attacked the BIOS, which is needed to boot up the computer.

1999 Email viruses
Melissa, a virus that forwards itself by email, spread worldwide. Bubbleboy, the first virus to infect a computer when email is viewed, appeared.

2000 Denial-of-service attacks
“Distributed denial-of-service” attacks by hackers put Yahoo!, eBay, Amazon and other high profile websites offline for several hours. Love Bug became the most successful email virus yet.

2000 Palm virus
The first virus appeared for the Palm operating system, although no users were infected.

2001 Viruses spread via websites or network shares
Malicious programs began to exploit vulnerabilities in software, so that they could spread without user intervention. Nimda infected users who simply browsed a website. Sircam used its own email program to spread, and also spread via network shares.

If this history timeline hasn’t satisfied your curiosity, the recently launched Malware Museum might peak your interest. 

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on History of malware, Trojans and worms (Part 2)

E-mail account hijacked

Monday, February 29th, 2016

The phishing scammers are at it again. The mail below is “spoofing” a university account, or they are using an e-mail account that they have hijacked to send out mail to fool Stellenbosch users into divulging their personal e-mail addresses, account names and passwords. Do no respond to it or go to the site in the mail. 

Here is the example of the mail that several SU users have already received:

 

From: SU staff member <sunstaffmemberaddress@sun.ac.za>
Sent: Saturday, February 27, 2016 10:05 AM
To: ‘dummyaddress@mail.com’
Subject: Dear Stellenbosch account users.

Dear Stellenbosch account users.

You have exceeded your sun.ac.za e-mail account limit quota of 575MB and you are requested to expand it within 48 hours or else your sun.ac.za e-mail account will be disable from our database. Simply CLICK with the complete information requested to expand your sun.ac.za e-mail account quota to 1000MB.

Thank you for using Stellenbosch University Webmail.

Copyright © 2016 Webmaster Center.

[INFORMATION SUPPLIED BY DAVID WILES]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on E-mail account hijacked

The blurry line between private and professional

Wednesday, February 17th, 2016

Microsoft recently released a plug-in which integrates information from your social network pages, for example Facebook and LinkedIn, with your Outlook client.facebook

At face value this seems like a good idea – a handy piece of software which enables you to keep up with you friends’ doings. It can also provide valuable information on potential clients.

Unfortunately it could become problematic when your professional colleagues and contacts have access to information which could cause you potential embarrassment. 

Most Outlook users use it as a professional e-mail platform. With OSC (Outlook Social Connector) you share your personal information with your professional network, possibly without even knowing. The line between professional and personal life suddenly seems a bit blurry.

If you’ve installed OSC, your social network information will be displayed at the bottom of the Outlook window in a small People Pane. The software extracts information from your social network profiles based on the e-mail addresses you have associated with the profiles.

This information can include profile photos, status updates and your most recent posts. The information will be displayed even if your e-mail address is hidden from other users on your social network. 

Your social network information can, depending on your security settings, be seen by OSC users you send mail to, even if the OSC user isn’t necessarily a Facebook friend. The visible information displayed in the People Pane BEPAAL by the e-mail addresses you have linked to your social networks and the privacy settings on your social network accounts.

To avoid that your personal information is seen by your colleagues through OSC, remove your work address on all your social network profiles. Also make sure your privacy settings is set up so OSC can’t pick up your information. For example, set it up in such a way that your information is only visible for friends and family and not publically displayed.

Preferably use a separate address for personal e-mails and try to use your @sun address only for work related correspondence. Rather create a Gmail address.

Besides causing embarrassment, sharing personal information can also result in serious ethical and professional repercussions. Remember, any OSC user can potentially, through e-mail, see all social network information linked to that account. Without you knowing, you might share more with your colleagues than you think. 

OSC is available for Outlook 2003, Outlook 2007, and Outlook 2010 and integrates Outlook’s e-mail functions with social network applications such as Facebook, LinkedIn, Windows Live Messenger and MySpace. 

IT strongly advises users NOT to use OSC as the risk involved are much higher than the benefits it promises.

 

[SOURCE: http://www.primerus.com]

 

 

Email

Tags: ,
Posted in Communication, E-mail | Comments Off on The blurry line between private and professional

Phishing and whaling

Friday, February 5th, 2016

Recently we gave you some pointers on identifying phishing e-mails. So now that you know all the signs and how to outwit the criminals, there’s another variant – spear phishing. But don’t panic, it’s almost the same, with a bit of a twist.

Spear phishing is an e-mail that seems to be sent from an individual or business you know. Of course it’s really from hackers attempting to obtain you credit card, bank account numbers, passwords and financial information.

These types of attacks focus on a single user or department within an organisation and use another staff member from the organisation’s name to gain the victim’s trust. (Also see our recent article on the incident at Finance.)

They often appear to be from your company’s human resources or IT department, requesting staff to update information, for example passwords or account details. Alternatively the e-mail might contain a link, which will execute spyware when clicked on.

But wait, there are even more fishing comparisons.

When a phishing attack is directed specifically at senior executives, other high profile staff or seemingly wealthy people, it’s called whaling. By whaling cyber criminals are trying to catch the “big phish”, or whale.

phishing

[SOURCE: http://www.webopedia.com]

 
 
 
 
Email

Tags: , ,
Posted in E-mail, General, Security | Comments Off on Phishing and whaling

New cyber crime e-mail targets individuals

Wednesday, January 13th, 2016

Over the past two weeks a new e-mail scam has reared its head on campus. Scammers use contact information, available on the internet, to target individuals at the university.

One example is an e-mail which has been sent to various staff at the Finance department with a request to transfer money. (see e-mail with inactive addresses below)

The e-mail is sent from a gmail address, but the display name is a SU staff member’s name. Since the cyber criminal also saw the contact person’s name on the website (in this case Finance’s website), they address the receiver personally as, for example, Karin.

Similar scams use fax numbers available on the internet and then a fax is sent directly to the contact person.

Do not, under any circumstances, react to these e-mails. It is clearly an attempt to attract your attention and convince you to conduct a financial transaction. Delete and ignore the e-mail.

Report suspicious e-mail to sysadm@sun.ac.za and also read our articles on security on our blog, as well as the fortnightly newsletter, Bits & Bytes.

 

FROM: Stellenbosch University staff member name<example@gmail.com>
TO: Stellenbosch University staff member name<example@sun.ac.za>

Karin, 

Let me know if you can process a same day domestic bank transfer to a client. You will code it to professional services

The amount is R870,000, kindly confirm so i can forward the appropriate beneficiary details to enable instant clearance.

Regards

Sent from my iPhone

Email

Tags: ,
Posted in E-mail, Security | Comments Off on New cyber crime e-mail targets individuals

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.