CIS News: February 2006

Be Wary of Phishing Messages from the IRS and the Social Security Administration

It's tax season! However, it's also phishing season - and will be for the foreseeable future!

There are various messages circulating at Brown that look very official and appear to come from the IRS or the Social Security Administration. These messages claim they need you to click on a link to verify your personally identifiable information in order to process your tax return - or they claim you will get an additional amount (due to an error) if you sign in and approve the adjustment for some additional dollars.

Do not take the bait! These messages are clever and while they look official, NEVER EVER provide personal information via email (or by phone) unless you instigate the communication yourself.

Do not click on links. Do not open attachments.

We are also still seeing many phishing messages that look like they come from Paypal or various banks. If you have questions, please contact ITSecurity@Brown.edu - before you make a mistake that could take months or even years to correct! Stay safe.

Visit the Anti-Phishing Working Group web site for more phishing news. Brought to you by ITSecurity.

Software Announcement: Acrobat & S-Plus 7

S-Plus 7 for Windows and Acrobat Pro 7 for Windows and Macintosh (OS
10.2+) are now available for download on Brown's Software Distribution web site:
http://software.brown.edu

Please notify the Help Desk if you have any problems with these installers.

New version of Novell available

An updated version of the Novell Client for Windows, version 4.91(SP2), is now available on the Software Distribution website:
http://software.brown.edu

If you have experienced Novell login problems, please download and install this new version.

More info: http://software.brown.edu

Email maintenance Sunday morning

As a result of our mailbox quota expansion, we have some disk-data maintenance that must be completed to maximize database performance.

Sunday morning between 7:00am and noontime, you may be unable to access your mailbox for up to 2 hours as we complete this maintenance. Thank you for your patience as we complete our hardware and quota expansion.
If you have any questions, please call the CIS Helpdesk at 3-4357.

Read the latest edition of Secure IT! News

The latest edition of the Secure IT! newsletter is now online, featuring:

:: Botnet 101: Don't Get Own3d!
:: Working from home safely with VPN
:: Discover what keeps a network manager busy
:: Stocking up for e-storms
:: New IT Security class listings (register now at http://comped.brown.edu/)
:: Securing your laptop
:: Plus a word-finder game and the latest security news

Presented by the Office of IT Security.

The Computing in the Humanities Users' Group presents

The Computing in the Humanities Users' Group presents

Scholarly citation and web mashups
or
What happens when Aristotle meets Google?

D. Neel Smith
Classics and Archaeology
College of the Holy Cross

Noon, Friday Feb. 10
STG Conference Room
Graduate Center, Tower E

Smith will offer examples of citation practice in manuscript and print scholarly traditions in order to introduce his recent work at the Center for Hellenic Studies, translating traditional practices of reference in classical studies into formal definitions of network services.

He will then consider examples of "web mashups" (of the sort made
popular by integrating other information sources with Google Maps).
Coordinating text references across different translations and editions of a text, indexing historical or linguistic information to a passage of text, and following the account of Hannibal's crossing of the Alps in book 21 of Livy on satellite data in a Google Maps interface—the resulting mashups illustrate how formally specified reference systems can help us reflect on both familiar combinations of material and interactive scholarly creations without precedent in static media.

D. Neel Smith is a professor of Classics at the College of the Holy Cross and a classical archaeologist with many years of field experience in Turkey. His research interests lie in historiography and ancient science, and he has for many years been interested in the implications of information technology for humanists. He was one of the developers of the Perseus Project, a multimedia database of materials on classical Greec and has used GIS technologies both for his archaeological research and for research on Greek geographical texts. for the past two years leading a technical working group to define standards for digital publication at the Center for Hellenic Studies (Washington, DC)

This talk is organized by the Scholarly Technology Group at CIS.
For more information, contact stg_info@brown.edu or see http:// www.stg.brown.edu

Latest phishing scam - don't get hooked!

A new phishing scam has been sited in the Brown computing community and some individuals have already reported that they suspect they've become victims of identity theft. The perpetrators send official-looking emails using names such as Federal Credit Union, Amazon, VISA or PayPal.

The messages contain warnings that your account has been locked down due to suspicious use, requiring that you provide certain details to reactivate the account. One scam going around Brown now claims that someone has charged 30 days of pornography-related services to your account - and this certainly gets people concerned enough to react. Never reply to such a message! If you do suspect foul play, contact your service directly (by phone or an email initiated by you).

To compound the threat of robbing you of important confidential information, many of these emails contain viruses as well. Unfortunately institutions of higher education are especially targeted.

This recent onslaught is due in part to vulnerable computers that have become infected with a virus/worm, and as a result, are spewing out these email messages. These have the potential for infecting others as well as gathering confidential information. Brown's email spam filters have been updated to handle these, but we expect new variants to come out quickly and encourage everyone to remain vigilant.

To protect your identity as well as your computer, take the following actions:

• Never open unexpected attachments.
• Keep your antivirus software current. Free downloads (for Brown students, staff and faculty) are available at http://software.brown.edu/dist/tw-av.html.
• Be very wary of any request to go to a web site to input personal information, verify your account, etc. You can't be too careful.
• If you do receive online requests for personal information, contact the requester yourself to verify that the request is legitimate.
• Keep a list of all credit card numbers and other important accounts in a secure location - along with phone numbers to their customer service departments.
• If you are victimized, get a police report immediately and contact fraud prevention units in the companies you do business with.

For more tips and links to other sources, see the article Your Identity - Don't Get Caught Without it!, and visit the Anti-Phishing Working Group's website.

Computer worm poised to delete files on 2/3

A new worm has been reported that infects Windows PCs. Computers that have been compromised with the worm are programmed to delete files on February 3rd and the 3rd of each month thereafter. The actual impact of the spread of the worm is unclear at this time, but the impact on individual PCs could be quite high.

DETAILS

Name:
Known as Nyxem, MyWife, Blackmal, Grew, KillAV, BlackWorm and Kama Sutra

How it spreads:
Primarily through email attachments that you must open to be infected.

What to look for:
The emails have enticing subject lines, such as: "The Best Videoclip Ever", "School girl fantasies gone bad", "Rapist - Do you recognize this photo?", "New Campus Magazine - Please Approve Attached Photocopy" or "A Great Video". The worm may disguise itself as a WinZip file. However, the file extension (.zip) is not present.

What happens if you are infected:

• The worm attempts to disable most anti-virus products and delete their protection.
• It will email itself using a variety of extensions and file names.
• It will add itself to the list of auto-start programs in your registry.
• The following file types will be overwritten by the virus on your computer's local drives: DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, and ZIP.
• The worm will also attempt to spread through network shares.

What you can do:

1. NEVER open unexpected attachments or click on links in email messages unless you know the sender and are expecting them.
2. Keep your antivirus software current with the most current patches and virus definitions. Perform a Live Update. If you don't have Symantec AV software, download a free (for Brown students, staff and faculty), current version now at http://software.brown.edu/dist/tw-av.html.
3. Windows users should install and run a spyware program on a regular basis. [See http://www.brown.edu/cis/itsecurity/getcontrol/step_1.html]
4. Backup important user files before February 3rd. If you need assistance backing up files, contact your appropriate support staff.
5. This particular threat masquerades as a WinZip file, displaying the WinZip file icon but without the WinZip extension. To detect this, make sure that you are displaying file extensions. Go to the Folder Options control panel, select the View tab, and deselect "Hide extensions for known file types."

For more information:

• http://isc.sans.org/blackworm
• http://www.us-cert.gov/current/current_activity.html#nyxemworm
• http://www.pcworld.com/news/article/0,aid,124449,00.asp
• http://www.microsoft.com/technet/security/advisory/904420.mspx