Security « Informasietegnologie

Security

Phishing attack on same day as migration of Tygerberg accounts

Friday, March 4th, 2016

Today, between 07:00-08:00 the Tygerberg personnel accounts were migrated to the STB domain. E-mail, logins, etc. were affected and hopefully most of you were moved with relatively few issues.

The phishers do not stop their attacks and e-mails to try to get you to reveal your usernames, passwords etc, and still flood many people’s mailboxes.

However, today there was another attack, which is particularly sinister, because apparently it is from from “HELPDESK” and asks you to log in to a page and give your username and password so you can enjoy the *improved* services. It is sent from the “Webmail Upgrade Team”.

An unfortunate coincidence that on the same day we are migrating, we receive a phishing scam about “upgrading”, hence its danger to Tygerberg.

Please don’t respond, or go to the site that you are being asked to go to. Do not fill in your username, password or ANY other details on any site. The Stellenbosch University Information Technology migration took place without there being any need for users to provide user names and passwords. Any issues with the migration can be reported telephonically to the IT Helpdesk at 021-8084367.

Here is an example of the phishing mail that many are receiving. If you are in doubt about any e-mail you receive, call your local computer geek or at least ask the IT HelpDesk.

—–Original Message—–

From: Webmail Upgrade Team [mailto:phisher@scam.com]

Sent: 03 March 2016 12:23 PM

Subject: HELP DESK

ATTN: Outlook Web Access User,

Take note of this important update that our new webmail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar,web-documents and the new 2016 anti-spam version. Please use the outlook web access link below to complete your update for our new Outlook Web Access improved webmail.

http://link.to.phishing.site/

NOTE: Failure to do this within 24 hours of receiving this notice we will immediately render your Outlook Web App account deactivated from our database and you cannot hold us responsible since you fail to adhere to our request.

___________________

Regards,

IT Service Desk Support.

Admin Team

Miss Annie Phisher

[INFORMATION SUPPLIED BY DAVID WILES]

Tags: phishing, Tygerberg
Posted in E-mail, Security | Comments Off on Phishing attack on same day as migration of Tygerberg accounts

Trojans still dangerous in modern times

Thursday, March 3rd, 2016

horse-220321_960_720 Trojans are malicious programmes pretending to be legitimate software, but they actually carry out hidden, harmful functions.

It pretends to do one thing, but actually does something different, without your knowledge. Popular examples are video codecs that some sites require to view online videos.

When a Trojan codec is installed, it may also install spyware or other malicious software. Another example is a malicious link that says “Cool Game.” When you download and install the game program, it turns out not to be a game, but a harmful Trojan that compromises your computer or erases the data on your hard drive.

Trojans are often distributed with pirated software applications and keygens that create illegal license codes for downloadable software. (See Backdoor Trojan)

A backdoor Trojan allows someone to take control of a user’s computer without their permission.

It may pose as legitimate software to fool users into running it. Alternatively—as is increasingly common—users may unknowingly allow Trojans onto their computer by following a link in spam email or visiting a malicious webpage.

Once the Trojan runs, it adds itself to the computer’s startup routine. It can then monitor the computer until the user is connected to the Internet. When the computer goes online, the person who sent the Trojan can perform many actions—for example, run programs on the infected computer, access personal files, modify and upload files, track the user’s keystrokes, or send out spam email.

Well-known backdoor Trojans include Netbus, OptixPro, Subseven, BackOrifice and, more recently, Zbot or ZeuS.

To avoid backdoor Trojans, you should keep your computers up to date with the latest patches (to close down vulnerabilities in the operating system), and run anti-spam and antivirus software.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Tags: trojan
Posted in Security | Comments Off on Trojans still dangerous in modern times

History of malware, Trojans and worms (Part 2)

Thursday, March 3rd, 2016

Last time we explored the more unknown viruses, Trojans and worms, up to 1985. Now we start off in 1986, where most histories do, with the first PC virus.

1986 The first virus for PCs
The first virus for IBM PCs, Brain, was allegedly written by two brothers in Pakistan, when they noticed that people were copying their software. The virus put a copy of itself and a copyright message on any floppy disk copies their customers made.

1987 The Christmas tree worm
This was an email Christmas card that included program code. If the user ran it, it drew a Christmas tree as promised, but also forwarded itself to everyone in the user’s address book. The traffic paralyzed the IBM worldwide network.

1988 The Internet Worm
Robert Morris, a 23-year-old student, released a worm on the US DARPA Internet. It spread to thousands of computers and, due to an error, kept re-infecting computers many times, causing them to crash.

1989 Trojan demands ransom
The AIDS Trojan horse came on a floppy disk that offered information about AIDS and HIV. The Trojan encrypted the computer’s hard disk and demanded payment in exchange for the password.

1991 The first polymorphic virus
Tequila was the first widespread polymorphic virus. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

1992 The Michelangelo panic
The Michelangelo virus was designed to erase computer hard disks each year on March 6 (Michelangelo’s birthday). After two companies accidentally distributed infected disks and PCs, there was worldwide panic, but few computers were infected.

1994 The first email virus hoax
The first email hoax warned of a malicious virus that would erase an entire hard drive just by opening an email with the subject line “Good Times.”

1995 The first document virus
The first document or “macro” virus, Concept, appeared. It spread by exploiting the macros in Microsoft Word.

1998 The first virus to affect hardware
CIH or Chernobyl became the first virus to paralyze computer hardware. The virus attacked the BIOS, which is needed to boot up the computer.

1999 Email viruses
Melissa, a virus that forwards itself by email, spread worldwide. Bubbleboy, the first virus to infect a computer when email is viewed, appeared.

2000 Denial-of-service attacks
“Distributed denial-of-service” attacks by hackers put Yahoo!, eBay, Amazon and other high profile websites offline for several hours. Love Bug became the most successful email virus yet.

2000 Palm virus
The first virus appeared for the Palm operating system, although no users were infected.

2001 Viruses spread via websites or network shares
Malicious programs began to exploit vulnerabilities in software, so that they could spread without user intervention. Nimda infected users who simply browsed a website. Sircam used its own email program to spread, and also spread via network shares.

If this history timeline hasn’t satisfied your curiosity, the recently launched Malware Museum might peak your interest.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Tags: trojan, virus, worm
Posted in E-mail, Security | Comments Off on History of malware, Trojans and worms (Part 2)

E-mail account hijacked

Monday, February 29th, 2016

The phishing scammers are at it again. The mail below is “spoofing” a university account, or they are using an e-mail account that they have hijacked to send out mail to fool Stellenbosch users into divulging their personal e-mail addresses, account names and passwords. Do no respond to it or go to the site in the mail.

Here is the example of the mail that several SU users have already received:

From: SU staff member <sunstaffmemberaddress@sun.ac.za>
Sent: Saturday, February 27, 2016 10:05 AM
To: ‘dummyaddress@mail.com’
Subject: Dear Stellenbosch account users.

Dear Stellenbosch account users.

You have exceeded your sun.ac.za e-mail account limit quota of 575MB and you are requested to expand it within 48 hours or else your sun.ac.za e-mail account will be disable from our database. Simply CLICK with the complete information requested to expand your sun.ac.za e-mail account quota to 1000MB.

Thank you for using Stellenbosch University Webmail.

[INFORMATION SUPPLIED BY DAVID WILES]

Tags: hijacked, phishing
Posted in E-mail, Security | Comments Off on E-mail account hijacked

History of malware, Trojans and worms (Part 1)

Wednesday, February 17th, 2016

We’re always warning you against phishing, viruses and other nasty software which might harm your PC and data. For a change, let’s look at the history of these nasties. Where do they come from? How long have they been around for? Are they a recent phenomenon?

It seems not. Viruses have been doing the rounds for more than 50 years.

1949 Self-reproducing “cellular automata”
John von Neumann, the father of cybernetics, published a paper suggesting that a computer program could reproduce itself.

1959 Core Wars
H Douglas McIlroy, Victor Vysottsky, and Robert P Morris of Bell Labs developed a computer game called Core Wars, in which programs called organisms competed for computer processing time.

1960 “Rabbit” programs
Programmers began to write placeholders for mainframe computers. If no jobs were waiting, these programs added a copy of themselves to the end of the queue. They were nicknamed “rabbits” because they multiplied, using up system resources.

1971 The first worm
Bob Thomas, a developer working on ARPANET, a precursor to the Internet, wrote a program called Creeper that passed from computer to computer, displaying a message.

1975 Replicating code
A K Dewdney wrote Pervade as a sub-routine for a game run on computers using the UNIVAC 1100 system. When any user played the game, it silently copied the latest version of itself into every accessible directory, including shared directories, consequently spreading throughout the network.

1978 The Vampire worm
John Shoch and Jon Hupp at Xerox PARC began experimenting with worms designed to perform helpful tasks. The Vampire worm was idle during the day, but at night it assigned tasks to under-used computers.

1981 Apple virus
Joe Dellinger, a student at Texas A&M University, modified the operating system on Apple II diskettes so that it would behave as a virus. As the virus had unintended side-effects, it was never released, but further versions were written and allowed to spread.

1982 Apple virus with side effects
Rich Skrenta, a 15-year-old, wrote Elk Cloner for the Apple II operating system. Elk Cloner ran whenever a computer was started from an infected floppy disk, and would infect any other floppy put into the disk drive. It displayed a message every 50 times the computer was started.

1985 Mail Trojan
The EGABTR Trojan horse was distributed via mailboxes, posing as a program designed to improve graphics display. However, once run, it deleted all files on the hard disk and displayed a message.

Take note that information above is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Tags: trojan, virus, worm
Posted in Security | 2 Comments »

IT links

SU Links

Recent Posts

Categories

Archives