[IS&T Security-FYI] SFYI Newsletter, July 9, 2012

Mon Jul 9 15:09:08 EDT 2012

In this issue:

1. DNSChanger Servers Shutting Down Today

2. Microsoft Security Updates for July 2012

3. Scammed? What To Do Now.

-----------------------------------------------------------

1. DNSChanger Servers Shutting Down Today

-----------------------------------------------------------

Today the FBI will be shutting down Internet servers that had previously allowed millions of Internet users, who were infected by the DNSChanger Trojan, access to the Internet. On July 9, Internet users who were affected by the Trojan will lose access to websites, email, chat, or social networking sites. DNSChanger Trojan is a nasty piece of malware that has been around for some time. To learn more, see this article<http://blogs.mcafee.com/consumer/consumer-threat-alerts/internet-users-take-these-actions>.

Note that customers using McAfee antivirus products are currently protected from DNSChanger, provided the computer was not already infected before McAfee was installed. If you installed McAfee software after being infected, the malware is removed, but the changes the malware made to your network configuration require a manual correction.

If you have issues connecting to the Internet, please contact the IS&T Help Desk<http://ist.mit.edu/help>.

-------------------------------------------------------

2. Microsoft Security Updates for July 2012

-------------------------------------------------------

On Tuesday, July 10, Microsoft plans to issue nine security bulletins to address a total of 16 vulnerabilities. Three of the bulletins have maximum severity ratings of critical, while the remaining are rated important. The updates will address issues in:

  *   Windows
  *   Internet Explorer
  *   Microsoft Office
  *   Microsoft Developer Tools
  *   Microsoft Server Software

Read the full Microsoft Security Bulletin summary here<http://technet.microsoft.com/en-us/security/bulletin/ms12-jul>.

One of the vulnerabilities being addressed is a flaw in XML Core Services<http://securityfyi.wordpress.com/2012/06/25/microsoft-xml-vulnerability/> (MSXML) that was acknowledged more than three weeks ago, but had not yet been patched. The vulnerability is being actively exploited.

-----------------------------------------

3. Scammed? What To Do Now.

-----------------------------------------

Say you get an email from your bank, asking you to update your information, which you go ahead and do. When you call the bank, you are told they did not send you any email. Banks will not ask you to update your information EVER through an email.

You fell for a phishing scam. What now?

You may want to close that account and open a new one. Place a strong password on the new account, to prevent someone from accessing it, then place a 90-day fraud alert with each of the three credit reporting agencies. You might also consider placing a freeze on your credit reports so that no one can get credit in your name.

Here are some additional tips from the ITRC<http://www.idtheftcenter.org/artman2/publish/s_scams/Fact_Sheet_123_Scam_Help.shtml> (Identity Theft Resource Center) and from the FTC<http://www.ftc.gov/bcp/edu/microsites/idtheft2012/> (Federal Trade Commission) if you've been the victim of a scam.

BONUS: Spot the Phish

Phishing emails are getting trickier. Can you tell which of these emails from Verizon Wireless<https://isc.sans.edu/diary.html?storyid=13477> is real and which is fake?

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120709/5a7ed90d/attachment.htm