CIS News: IT Security Memos

Secure IT! News: Web Appls, BlackBerries & More

The latest edition of the Secure IT! newsletter is now online:

• Learn How to Avoid Getting Caught Up in a Security Breach (classes open for registration)
• Polishing the Web Appl: Keeping Your Site Secure
• How to Keep Your Blackberry Out of the Wrong Hands
• Meet Chris Grossi, Manager of Help Desk Level 2
• Don't Lose Your Internet Access (a copyright reminder)
• STUDENTS! Still Time to Enter a National Security Awareness Video Contest

December edition of Secure IT! News now available

Check out the latest edition of the Secure IT! newsletter to learn:

• How easy it is to steal your identity, and what you can do to keep thieves at bay
• The top security threats predicted for 2007
• The ins and outs of firewalls, the home version
• How to tell if you're the only person using your computer
• About the Director of IT for the Division of Biology and Medicine
• A holiday tip on bogus eCards

National Student Video Contest

Win cash, gain experience and earn national recognition with one short video!

Students are encouraged to enter the Computer Security Awareness Video Contest, which seeks creative, topical and effective videos, of two minutes or less, focusing attention on computing security problems and how best to handle them.

The EDUCAUSE/Internet2 Computer and Network Security Task Force in partnership with the Research Channel are conducting the national contest in search of short computer security awareness videos developed by college students for college students.

Contest winners will receive cash prizes, their videos will be featured on the Security Task Force Web site, and the videos may be used in campus security awareness campaigns.

Six cash prizes will be awarded in the contest, sponsored by the National Cyber Security Alliance, three for each of two categories: training videos and 30-second Public Service Announcements. Gold: $1000 – Silver: $800 – Bronze: $500

The contest deadline is March 15, 2007.

For more information and to submit your video, visit: www.educause.edu/SecurityVideoContest2007

News, Classes and a Colloquium

Start a new school year with more computing security smarts. Take a free class and read the fall edition of Secure IT!, now online and featuring:

• How to avoid Drive-By Downloads and spot Evil Twins
• Links to free classes, from the basics to wireless, networking, Mac OS X and much more
• Registration for the colloquium "Privacy, Piracy and Protection"
• E-Commerce at Brown
• Plus a new InfoSec profile

Visit www.brown.edu/cis/itsecurity/news/ for all the details.

And as part of National Cyber Security Awareness month, we will present a special half-day event on October 25. "Cyber Security Awareness Colloquium: Privacy, Piracy And Protection" will include three afternoon sessions, each focusing on a different topic: identity theft, social networking web sites, and balancing global security and individual privacy. Register now for one or more of the sessions, which are open to the entire Brown community.

Please go to our Keep IT Safe & Secure web site for more details on this special event, which includes a free raffle and refreshments.

Be Wary of Phishing Messages from the IRS and the Social Security Administration

It's tax season! However, it's also phishing season - and will be for the foreseeable future!

There are various messages circulating at Brown that look very official and appear to come from the IRS or the Social Security Administration. These messages claim they need you to click on a link to verify your personally identifiable information in order to process your tax return - or they claim you will get an additional amount (due to an error) if you sign in and approve the adjustment for some additional dollars.

Do not take the bait! These messages are clever and while they look official, NEVER EVER provide personal information via email (or by phone) unless you instigate the communication yourself.

Do not click on links. Do not open attachments.

We are also still seeing many phishing messages that look like they come from Paypal or various banks. If you have questions, please contact ITSecurity@Brown.edu - before you make a mistake that could take months or even years to correct! Stay safe.

Visit the Anti-Phishing Working Group web site for more phishing news. Brought to you by ITSecurity.

Read the latest edition of Secure IT! News

The latest edition of the Secure IT! newsletter is now online, featuring:

:: Botnet 101: Don't Get Own3d!
:: Working from home safely with VPN
:: Discover what keeps a network manager busy
:: Stocking up for e-storms
:: New IT Security class listings (register now at http://comped.brown.edu/)
:: Securing your laptop
:: Plus a word-finder game and the latest security news

Presented by the Office of IT Security.

Read the latest edition of Secure IT! News

The latest edition of the Secure IT! newsletter is now online, featuring:

:: Botnet 101: Don't Get Own3d!
:: Working from home safely with VPN
:: Discover what keeps a network manager busy
:: Stocking up for e-storms
:: New IT Security class listings (register now at http://comped.brown.edu/)
:: Securing your laptop
:: Plus a word-finder game and the latest security news

Presented by the Office of IT Security.

Latest phishing scam - don't get hooked!

A new phishing scam has been sited in the Brown computing community and some individuals have already reported that they suspect they've become victims of identity theft. The perpetrators send official-looking emails using names such as Federal Credit Union, Amazon, VISA or PayPal.

The messages contain warnings that your account has been locked down due to suspicious use, requiring that you provide certain details to reactivate the account. One scam going around Brown now claims that someone has charged 30 days of pornography-related services to your account - and this certainly gets people concerned enough to react. Never reply to such a message! If you do suspect foul play, contact your service directly (by phone or an email initiated by you).

To compound the threat of robbing you of important confidential information, many of these emails contain viruses as well. Unfortunately institutions of higher education are especially targeted.

This recent onslaught is due in part to vulnerable computers that have become infected with a virus/worm, and as a result, are spewing out these email messages. These have the potential for infecting others as well as gathering confidential information. Brown's email spam filters have been updated to handle these, but we expect new variants to come out quickly and encourage everyone to remain vigilant.

To protect your identity as well as your computer, take the following actions:

• Never open unexpected attachments.
• Keep your antivirus software current. Free downloads (for Brown students, staff and faculty) are available at http://software.brown.edu/dist/tw-av.html.
• Be very wary of any request to go to a web site to input personal information, verify your account, etc. You can't be too careful.
• If you do receive online requests for personal information, contact the requester yourself to verify that the request is legitimate.
• Keep a list of all credit card numbers and other important accounts in a secure location - along with phone numbers to their customer service departments.
• If you are victimized, get a police report immediately and contact fraud prevention units in the companies you do business with.

For more tips and links to other sources, see the article Your Identity - Don't Get Caught Without it!, and visit the Anti-Phishing Working Group's website.

Computer worm poised to delete files on 2/3

A new worm has been reported that infects Windows PCs. Computers that have been compromised with the worm are programmed to delete files on February 3rd and the 3rd of each month thereafter. The actual impact of the spread of the worm is unclear at this time, but the impact on individual PCs could be quite high.

DETAILS

Name:
Known as Nyxem, MyWife, Blackmal, Grew, KillAV, BlackWorm and Kama Sutra

How it spreads:
Primarily through email attachments that you must open to be infected.

What to look for:
The emails have enticing subject lines, such as: "The Best Videoclip Ever", "School girl fantasies gone bad", "Rapist - Do you recognize this photo?", "New Campus Magazine - Please Approve Attached Photocopy" or "A Great Video". The worm may disguise itself as a WinZip file. However, the file extension (.zip) is not present.

What happens if you are infected:

• The worm attempts to disable most anti-virus products and delete their protection.
• It will email itself using a variety of extensions and file names.
• It will add itself to the list of auto-start programs in your registry.
• The following file types will be overwritten by the virus on your computer's local drives: DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, and ZIP.
• The worm will also attempt to spread through network shares.

What you can do:

1. NEVER open unexpected attachments or click on links in email messages unless you know the sender and are expecting them.
2. Keep your antivirus software current with the most current patches and virus definitions. Perform a Live Update. If you don't have Symantec AV software, download a free (for Brown students, staff and faculty), current version now at http://software.brown.edu/dist/tw-av.html.
3. Windows users should install and run a spyware program on a regular basis. [See http://www.brown.edu/cis/itsecurity/getcontrol/step_1.html]
4. Backup important user files before February 3rd. If you need assistance backing up files, contact your appropriate support staff.
5. This particular threat masquerades as a WinZip file, displaying the WinZip file icon but without the WinZip extension. To detect this, make sure that you are displaying file extensions. Go to the Folder Options control panel, select the View tab, and deselect "Hide extensions for known file types."

For more information:

• http://isc.sans.org/blackworm
• http://www.us-cert.gov/current/current_activity.html#nyxemworm
• http://www.pcworld.com/news/article/0,aid,124449,00.asp
• http://www.microsoft.com/technet/security/advisory/904420.mspx

Windows computer users: Patch Now!

If you missed the January 19th edition of Morning Mail on the WMF exploit and how to patch for it, we recommend that you review the article now for important information on a recent critical flaw in the Windows operating system.

This flaw is particularly dangerous because unless your computer is patched, it could be compromised even without any action on your part. Once the malicious code resides on your computer, there's almost no limit on what can be done to it or how it could be used.

See Windows computer users: Patch Now! for full details.

keep IT safe: Security Awareness Month

October is National Cyber Security Awareness month, which CIS is observing locally with the theme "keep IT safe & secure, because IT's not secure without U".

During October we'll offer a variety of ways to learn how to "keep IT safe & secure", with a kick-off event on October 3 from 2:00 to 4:00 PM at the Science Library south patio. Everyone is invited to stop by and pick up tips on safe computing, learn about the laptop "lojack" software, CyberAngel, munch on fresh-popped popcorn and enter a raffle.

The month-long observance includes hands-on security training, film screenings, a second cyber-on-the-green on October 19, and Brown Bag presentations on security hot spots: identity theft, copyright and file sharing, secure wireless computing, and managing malicious code (worms, viruses, phishing, etc.).

The complete schedule of events is located at http://brown.edu/cis/keepitsafe.

Debut of SecureIT! Online Newsletter

Find out how to avoid some dangerous 'phishing' holes or go wireless at home and keep your network compromise-free in CIS's new publication, SecureIT!.

The first edition is now online offering informative (and hopefully fun!) summertime reading:

• Discover how 'A place for everything and everything in its place' could save you time and aggravation
• Learn how a simple action can keep intruders from accessing your computer
• Plus features such as a security word finder game and the latest IT Security news.

All this and more in the first edition of the newsletter SecureIT!.

Canned Spam

CIS is changing the way that it manages spam. As of February 14th, 2005, spam sent to you will be quarantined and instead you will receive a daily digest that lists the messages held in quarantine for you.

Previously, spam was 'tagged' by an anti-spam program but still delivered to your inbox. The new anti-spam system that CIS has purchased, called Proofpoint, not only tags spam, it also quarantines it so no longer clogs up your inbox. You are sent a spam quarantine digest each day that allows you to browse the list quickly to check if there are any email messages that were tagged as spam that shouldn't have been. Should this occur, you can release the email from the quarantine and it will be delivered to your inbox. However, CIS testing has shown that mis-tagging is rare, as is spam that eludes Proofpoint's defenses. More information about this service is available at: Spam Control

Are you being spied on? The latest Spyware threat.

Spyware is a growing cybersecurity threat at universities and colleges according to EDUCAUSE (non-profit association focused on IT in higher education, www.educause.edu).

EDUCAUSE reports that "The most recent form of this data security problem is Marketscore. This type of spyware software directs all Web traffic through a marketing company's servers, allowing them to potentially view any information a user sends or receives through their Web browser."

What can you do to protect yourself?

1. Get protection: Use an anti-spyware product
"Spybot Search & Destroy" for Windows is free and available from the Software download page at http://software.brown.edu/dist/w-spybotsd.html. (Note that there is no local support for this product)

2. Boost your Spyware IQ
Spyware is often contracted when installing a download of freeware or a shareware application. While it may be manifested in annoying pop-up ads, more insidiously, behind-the-scenes these programs pass information back to their publishers who monitor your browsing behaviors and sometimes harvest your name, email address and other personnel information. Read more at www.spywareguide.com/.

3. Look before your leap: Don't install spyware programs
Make sure you install programs from well-know, reputable companies. Avoid programs such as KaZaa, Gator, Morpheus, most web search toolbars and pop-up blocking software. An exception is the Google toolbar or built in pop-up blockers in certain browsers like Firefox.

4. Learn more about the latest threat, "Marketscore"
Visit EDUCAUSE's Spyware/Adware site to view a listing of resources. You can find more information at www.educause.edu/Browse/645&PARENT_ID=741)

Think your computer might already be infected? Common symptoms include an unusually slow or unstable performance, random pop-up ads or being redirected unexpectedly when Web-browsing. Contact the Help Desk (3-HELP) for assistance in removing the unwanted program.

Something phishy going on? How not to get hooked!

You can't have an e-mail account today and not be the victim of SPAM and various attempts at Internet fraud. One of the latest identity theft scams is called "Phishing" (pronounced like fishing). This scam simply looks like an official e-mail (or pop-up) from a trusted service provider (CITI, E-Bay, your bank, your retailer, a government agency, etc.). It looks official, but is actually an attempt to get you to click on a link that leads you to an official-looking form to provide personal information.

Be very careful. Always contact your service providers to verify any online request you receive. Once the information is out, your personal data can be stored in thousands of locations and sold repeatedly. Phishing is a crime that can make you a victim over and over again. Identity theft is the fastest growing crime, and will not get better until technology improves, and we learn to implement it effectively. There are also few risks to the perpetrators, and in some states, this activity isn't even illegal. Most courts still see identify theft as a "victimless crime" although lives have been severely impacted by it.

So, here are a few tips for e-mail users:

• Be very wary of any request to go to a web site to input personal information, verify your account, etc. You can't be too careful.
• If you do receive online requests for personal information, contact the requester yourself to verify that the request is legitimate.
• Always check your bills and credit card statements for unauthorized charges.
• Never carry your Social Security Card - and ask service providers who use the SSN as an identifier to provide you with another number (most will comply).
• Keep a list of all credit card numbers and other important accounts in a secure location - along with phone numbers to their customer service departments.
• If you are victimized, get a police report immediately and contact fraud prevention units in the companies you do business with.
• Become more informed about what you can do. Some excellent web sites exist to provide consumer education. Try the following: http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm or http://www.consumer.gov/idtheft or http://www.idtheftcenter.org
• And please remember to keep your operating system and anti-virus protection up-to-date. This has never been more important. Contact your DCC or the Help Desk (3-HELP) to ensure that your workstation is being automatically protected.

Year of the Worm

IT Security Memo from Brown's Director of IT Security, Connie Sadler:
E-mail has never been a totally secure method of transmitting information, and every day this becomes more obvious to us all. We receive e-mail from unknown senders. We receive e-mail from senders who "appear" to be someone we know, but the email was actually "spoofed". We receive strange attachments from what appear to be reliable sources.

The possible scenarios go on and on. The truth is: "hackers" and "spammers" are more organized than ever. They actually operate as development teams! We need to be very careful to confirm the authenticity of any sender of an attachment - even if we think we know the sender. If we weren't expecting anything, we shouldn't open the file until we check with the sender to see if the attachment is genuine. This may seem extreme, but it's really the only way to fully protect yourself. An attachment can also contain executable content while "appearing" to be a harmless text file.

If in doubt about any e-mail you receive, contact your DCC, the sender of the message, or the Help Desk (3-HELP) before you take a chance. The "payloads" associated with these viruses and worms will only get worse. We fully expect that on a routine basis, your files could all be erased, or your keystrokes could be captured for months at a time, to be "played back" to someone else, who may or may not be known to you. Please be safe in 2004, which has been labeled by some experts as the "Year of the Worm".