[IS&T Security-FYI] SFYI Newsletter, April 24, 2012

[Monique Yeaton]

In this issue:


1. DNS Changer Follow Up

2. A New Phishing Attack Seen at Universities



----------------------------------

1. DNS Changer Follow Up

----------------------------------


According to the FBI and this news article<http://www.cnbc.com/id/47142091>, hundreds of thousands of users may lose Internet access in July. You may remember the DNS Changer attack last year. Last November, the FBI and other authorities were preparing to take down the infrastructure of rogue servers put up by the cyber criminals responsible for the attack. When the FBI realized that taking down the servers would affect about 570,000 users worldwide, they decided to replace the servers temporarily until March of this year, giving victims the opportunity to clean their infected computers. A federal judge then extended the deadline until July.


The problem started with a vulnerability in Windows, which the criminals took advantage of and were able to convince users to install malicious software. The malware turned off anti-virus updates and changed the way computers reconcile website addresses behind the scenes on the Internet's domain name system (DNS). The infected computers were reprogrammed to use the rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.


When these replacement servers are taken down on July 9, the infected computers will lose Internet access, estimated to be around 360,000. Learn how you can detect if your computer has been infected with DNS Changer<http://www.dcwg.org/detect/>. If you need assistance with cleaning your computer of any virus infections, contact the IS&T Help Desk<http://ist.mit.edu/help>.



----------------------------------------------------------

2. A New Phishing Attack Seen at Universities

----------------------------------------------------------


According to the Chief Information Security Office at Brown University, a new phishing attack is being seen by the university and other schools. An email that look like it comes from the school asks the recipient to join the school's "Collaborative Network." The link in the email takes you to a signup page where you are asked to choose a "WebID" and then provide an email address among other information, including password.


See the phishing alert by Brown to their users, warning them to not reply to the email<http://blogs.brown.edu/cis/2012/04/23/alert-email-from-brown-collaborative-networks/>.


Learn more about phishing here<http://kb.mit.edu/confluence/x/SBhB>.

Monique Yeaton
IT Security Awareness Consultant
Information Services & Technology, MIT
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120424/f6203405/attachment.htm