Archive for the 'Malware' Category

Phishing Scam Hits Campus Mailboxes

dwaldron August 27th, 2008

Recently several members of the campus community have fallen victim to a scam related to Wooster’s email services. Wooster’s online access for email is referred to as Scotmail, not webnews or webmail, and we are not currently updating our database of information. These messages are not legitimate. The spam message that many people have received comes from a fraudulent sender, not the Wooster IT department. It requests your username and password, country, state, and other personal information. Do not send your information in response to that email. If you have submitted your information by mistake, please change your password immediately at the following website: https://secureweb.wooster.edu/password

Members of the IT Staff will never ask you for your password or other personal data. Any type of notification from the Wooster IT Department will come from the address IT_ALERT@wooster.edu or helpdesk@wooster.edu.

While Wooster has a spam filter that catches millions of spam messages daily, many spam attacks have become increasingly sophisticated and can bypass even the most thorough filter settings. Many schools have reported similar issues with this webnews spam attack. Please take caution when opening messages that come from unknown senders or that contain suspicious attachments. Avoid emails that require you to submit personal information.

If you have questions regarding this and other potential spam messages, please contact the help desk at 330-287-3000 extension 4357 (HELP).

Below is an example of the message some users have received.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

>>> <webmailalertunit@gmail.com> 8/26/2008 6:42 PM >>> This is a WebNews Email Account UpdateSee the below mailing informationUpdate Your wooster.edu Email Account Now.Dear wooster.edu Email Owner,This message is from wooster.edu messaging center to all wooster.edu Email owners. We are currently upgrading our data base and e-mail center. We are deleting all unused wooster.edu email to create more space for new one. To prevent your account from closing you will have to update it below so that we will know that it’s a present used account.However wooster.edu has been receiving complaints from our customers for unauthorised use of the wooster.edu Email. As a result we are making an extra security check on all of our Customers mailbox in order to protect their information from theft and fraud.Warning!!! Email owner that refuses to update his or her Email,within 4 working days of receiving this warning will lose his or her Email permanently.Requested Information

Your Full Name=======.
Email Username=======.
Email Password=======.
Country/Zip Code=====.>Thanks for your co-operation.!

wooster.edu Support Team

NOTICE: Use of this service is covered by the wooster.edu terms and conditions.By using this service you agree to the said terms and conditions. Copyright @2008 wooster.edu. All rights reserved.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Network Access Control Changes for Spring Semester

dwaldron January 9th, 2008

Last summer, IT implemented a network access control (NAC) system in all student residential spaces. The NAC is designed to prevent computers that are infected with viruses or worms and computers that are vulnerable to such infections from connecting to the campus network. This will prevent the spread of infection and help to ensure that the campus network and other IT resources operate effectively.

When students arrived on campus at the beginning of the fall semester and plugged a computer into a network jack, the NAC required that the student authenticate and register the computer. Following registration, a software agent was installed on the student’s computer. This agent scanned the computer for infection and vulnerabilities. If infections or vulnerabilities were detected, the student was directed to the appropriate IT resource for assistance. During that initial semester of the NAC’s operation, infected or vulnerable computers were not prevented from accessing the campus network. This was done to promote a smooth implementation of the NAC. From now on, student computers found to be infected or vulnerable to infection will be prevented from accessing the campus network. Students with infected or vulnerable computers will be directed to the appropriate resource for assistance.

Additional information about the NAC can be found in the following locations. Questions about the NAC should be addressed to the student help desk at xHELP (x4357).

Network Problems Traced to Infected Computers

dwaldron September 15th, 2007

Over the course of Thursday and Friday, September 13th and 14th, the College experienced intermittent network difficulties. These difficulties impacted access to resources on the campus network as well as resources on the internet. These problems were tracked to a small number of personal computers infected with some type of virus. The virus was, in each case, generating a tremendous amount of network traffic. This traffic significantly degraded network performance. These computers were removed from the network at approximately 5:00 Friday afternoon. Following the removal network performance returned to normal. IT hopes to examine the infected machines to ascertain the nature of the infection. We regret any inconvenience the network difficulties may have caused.

Network Access Control Set to Debut

dwaldron August 8th, 2007

As announced back in November, IT will implement a network access control (NAC) solution in all student residential spaces effective with the beginning of the 07-08 academic year. The NAC is designed to prevent computers that are infected with viruses or worms and computers that are vulnerable to infection from connecting to the campus network. This will prevent the spread of infection and help to ensure that the campus network and other IT resources operate effectively.

When students arrive on campus and plug a computer into a network jack, the NAC will require that the student authenticate and register the computer. Following registration, a software agent will be installed on the student’s computer. This software agent will scan the student’s computer for infection and vulnerabilities. If infections or vulnerabilities are detected, the student will be directed to the appropriate resource for assistance. During the first two weeks of the fall semester, student computers found to have infections or vulnerabilities will still be allowed to connect to the campus network. Thereafter, network access will be denied to such computers until the infections or vulnerabilities are addressed. Students bringing multiple computers to campus will have to register each machine individually.

Gaming devices and IP telephones are permitted on the network, but require setup by IT. To initiate this setup, send an email with the device type and the device’s MAC address to it-nac@wooster.edu. Setup should be complete within two business days. Hubs, routers, switches and wireless access points will not function on the network. Questions can be addressed to the student help desk at xHELP (x4357).

Spam Spike Slows Email Delivery

dwaldron February 12th, 2007

Over the weekend there was a tremendous spike in the amount of spam email arriving on campus. This spike taxed our servers and essentially halted the delivery of outgoing email. Messages were enqueued - they were not lost - and normal delivery has now resumed. We expect that the backlog of messages will be cleared sometime early this afternoon.

Last week 1.9 million email messages arrived on campus.

Network Access Control Implementation Set

dwaldron November 29th, 2006

In the summer of 2007, IT will implement a network access control (NAC) solution in all student residential spaces. The NAC is designed to prevent computers that are infected with viruses or worms, and computers that are vulnerable to infection, from connecting to the campus network. This will prevent the spread of infection and help to ensure that the campus network and other IT resources operate effectively.

When students arrive on campus for next academic year and plug a computer into a network jack, the NAC will require that they authenticate. Following authentication the computer will be scanned for infection and vulnerabilities. If infections or vulnerabilities are detected, the computer will be denied network access and the student will be provided with information as to the nature of the problem, the steps required to remedy the problem, and where to obtain assistance.

To test the NAC and to gain experience with it, IT will implement this new service within our own offices prior to deployment in the residential spaces. This will help to ensure a smooth implementation for students. The NAC will replace the computer registration process that went into effect at the beginning of this academic year.

Additional information about the NAC and its implementation will be published on the IT blog as it becomes available.