Virus Alerts
PHISHING: Dear Buffalo Email Account Owner
(Mar 4, 2008)
UB was recently targeted by a "phishing" attack designed to trick UB faculty, staff and students into revealing their UBITName and password by threatening loss of access to e-mail. There is a constant stream of messages being received purporting to be from banks, credit unions, the IRS, other government entities, individuals with get rich quick schemes and nonexistent lotteries. There are messages enticing you to open infected attachments or go to websites designed to infect your computer with malware (e.g., viruses, trojans, worms, keystroke loggers). There is even an e-mail scam involving death threats designed to extort payment to avoid being killed. Identity theft spam and scams are becoming more sophisticated and these are all cons designed to gather information useful in spamming and other illegal internet based con games.
UB currently receives in the neighborhood of 4 million spam messages each day. While our spam filters are very good, they are not perfect and they do take some time to identify new types of spam. You need to be on the lookout for identity theft and other scams.
Healthy skepticism is the best approach to anything you receive electronically. Here’s some specific recommendations:
- Don’t open attachments or click on websites in unsolicited e-mail from sent from unknown sources.
- You should never email your password or any other private information (e.g. credit card number, driver’s license number, bank account information or social security number), and UB will never ask you to do so.
- Don't be tricked - never reveal your password(s) to anyone.
- Reputable banks and financial institutions will never ask for your account numbers, pins or passwords by email.
- Never enter your credit information into a non-secured web page. A secured web page starts with https:// (note the "S" for "Secure") and will display a lock on the browser frame.
- Don't fall for stories about winning the lottery, promises of money from newly discovered relatives or requests to act as an agent for a business or individual. If the story sounds too good to be true, it is a probably a scam.
See Computer Security for more information.
Flint Virus Identified (Updated 4:30pm, Feb 8)
A new and malicious virus has infected a number of student computers in Flint Village residences. The virus hijacks your internet connection, slowing it down and attempting to spread the virus to other, nearby computers. This virus has now been identified by Symantec as the Trojan.Arposon, and in some cases, the W32.Pagipef.I worm.
How is it spread?
The virus is spread by infected computers. Infected computers masquerade as networking equipment, tricking uninfected computers. The infected computer intercepts network traffic and attempts to infect the uninfected computer.
How do you know if your computer is infected?
Affected users experience the following symptoms:
- Web browsing difficulty and slowness
- Frequent pop-ups with foreign characters
- Clicking on links to download and being redirected to a different page
If you're not sure if your computer is infected, contact the CIT Help Desk for more assistance.
What are Symantec's recommendations for removal?
Symantec's removal instructions for Trojan.Arposon are on their website.
Affected users should also follow a second set of instructions to remove the W32.Pagipef.I worm.
What is CIT doing?
CIT has developed a method to pinpoint which computers are spreading the virus and has disconnected those computers from the network.
CIT has also changed servers within ResNet to interrupt the virus and identify computers that might be infected but aren't spreading the virus.
Students with affected computers may follow Symantec's recommendations for removal or seek professional remediation.
How can you prevent infection?
Avoid risky computing behaviors such as:
- File-sharing from untrusted sources
- Lack of appropriate care in handling IM and email attachments
- Browsing questionable web sites
- Acquiring and installing counterfeit software