Posts Tagged ‘Security’

Currently a large number of phishing emails are being sent to members of Imperial College.

‘Phishing’ is a common way for criminals to obtain user account information and passwords. It works by sending you a fake security notice email that appears to be from your bank or maybe even from ICT. The email may ask you to verify your details on a website or reply with your username and password.

The email may look legitimate and the link within it may lead to a website set up to look identical to a real site. The criminals hope to trick you into providing them with your details. Emails from legitimate sources, such as your bank or ICT, will never ask you to provide your details in this way.

What should you do if you have replied to a Phishing email?

Firstly, change your password to something new as soon as you possibly can.

Next, contact the Service Desk on 0207 594 9000, they will pass you through to ICT Security who can advise you on protecting your credentials and accounts further.

Finally, NEVER give your password to anyone.

Here are examples of the most recent spate of Phishing emails:

Example 1

From: Webmail Support HelpDesk [mailto:info@helpdesk.org]
Sent: 16 January 2012 06:47
Subject: Warning Notice E-mail User‏

Dear Account User

You have reached the limit of your email quota, You will not be able tosend or receive new mail until you boost your mailbox size. To completeyour Account Verification process, you are to reply this message & enteryour ID and PASSWORD in the space provided below to avoid accountDe-activated and erased from our database.

Full Name:

Webmail User ID:

webmail Password:

Date of Birth:

Warning!!! Account owners that refuses to update his or her account within Four days ofreceiving this warning will lose his or her account permanently.

Thanks,Web Administrator

Example 2

From: emailuser@imperial.ac.uk
Sent: 18 January 2012 14:56
Subject: Upgrade Your Auckland Account

Dear : Auckland University of Technology,

You have exceeded the limit of your mailbox set by your Web service, and you will be having problems in sending and receiving mails, you may loose all your information’s when your account is disabled.To prevent this Click Here to upgrade your web account so that your web account can be activated.

Regards,

Auckland University of Technology Service.

Copyright ©2012Auckland University of Technology All right reserved

Further Reading

For more information about IT Security please visit:  http://www3.imperial.ac.uk/ict/secureaware

Over the past few weeks, people using Windows computers have been affected by an issue involving banking security software Trusteer Rapport. There appears to be a conflict between the standard anti-virus software used at Imperial College and a particular version of Rapport. In some cases this has led to computers booting up with just a blank screen. ICT have now created a fix for this issue and the instructions are below.

Before running this fix, please be aware that Trusteer Rapport will be partially disabled until you install the latest version. For this, Trusteer advise strongly that you go back to your initial supplier of the software – in most cases, this will be your bank’s website. They will have the latest version, which they reassure us works with our anti-virus software, and this version will have some content particular to your bank.

You will require “administrator” permissions on your computer to follow these instructions. If you do not have these permissions, or if you are unsure, please contact the ICT Service Desk on (0207 59)49000 or log a request online at http://www3.imperial.ac.uk/ict/servicedesk

Step 1) Restart your Windows computer. When the machine first starts again you will be presented with a black and white screen with various bits of system information on it. At this point gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.

Step 2). Using the cursor keys, select “Safe mode with networking” from the menu and press Enter (Return). You will then be prompted to log on.

Step 3) Once logged on to your computer in Safe Mode, click on the following link:   RapportFix

Step 4) Double click on the file called RapportFix.zip. This will lead to a file called RapportFix.cmd. Double-click on this file, which will run a program that disables the problem component in Rapport. Reboot your computer once more, which should then start up normally.

Step 5) Log back on to your computer in the usual way. You can then arrange to reinstall the latest version of Trusteer Rapport.

If you have further problems, please contact the ICT Service Desk, as above.

Definition

In short a ‘key logger’ is a tool that hackers can use to obtain personal information such as usernames, passwords, bank details and other kinds of personal information, by recording the key strokes you make while using your computer.

The Two Types of Key Logger

There are two types of key loggers, hardware and software. The recent hardware key loggers discovered in the Civil Engineering lecture theatres only work if they are plugged between the keyboard and computer. Therefore, if you use your own laptop with the Audio Visual system you will not have been at risk.

Software key loggers are malicious software which, when installed on your computer, log all the key strokes made by your computer and pass them onto a malicious party, often by submitting them to a website. There are many ways of getting “infected” with a key logger, including visiting malicious websites or using free USB memory sticks which could contain malicious software. Use standard security advice to protect against software key loggers. Ensure that you apply operating system patches, do not click on links sent to you in emails you were not expecting, do not open attachments in emails that appear suspicious etc.

Email was conceived in the 1970’s and its creators never envisaged how prevalent it would be 40 years later. Nor did they envisage how its open and simple framework would be open to abuse. However with abuse, fraud, viruses, denial of service attacks and other problems all exploiting the open nature of the global email system, responsible providers have begun to agree new more stringent controls on email.

One such control is the implementation of SPF or Sender Policy Framework. In brief, this is a record published voluntarily by each participating organisation which identifies the servers within that organization that are allowed to send email. This means that a recipient organization can now identify whether an email arriving from an organization is coming from a legitimate source according to the sending organization’s own published information. The receiving organization can then choose how to act on this information but many choose to block such “unofficial” mail as this is the safest route. It is also the route most likely to be correct as a sending organization should take great care when publishing SPF information to ensure that its own official email servers and relays are included in the record. The effect of this is to enable accurate blocking of vast quantities of Spam and other illegitimate or malicious email before it arrives at a recipients’ mailbox.

So… why has your expected email, coming from a trusted colleague or organization been blocked by SPF when patently it is neither Spam nor malicious. Unfortunately some people have their email clients configured to send email direct to the Internet rather than via a corporate email server or relay. A decade ago this was still widespread practice however today it is comparatively unusual. Unfortunately your mail appears to be being sent via such an unofficial channel and the sender’s organization does not acknowledge this as a correct or official route. Your sender will find that increasing numbers of their recipients are no longer receiving their emails and they will have to update their settings or their email programme to use an official relay. They will need to do this at their end and will need to contact their own IT support for assistance in doing this.

What can you do?
You can contact the sender and ask that they get their mail program reconfigured, or that they get their server registered on their organisational SPF record so that it is “legitimized”. As a short term workaround you could have their emails sent to a gmail account however this is not guaranteed to work in the longer term for the same reason.

Further reading:
http://www.openspf.org/Introduction
http://en.wikipedia.org/wiki/Sender_Policy_Framework

Our Security team have noticed a rising trend in computer virus infections, caused by ‘fake antivirus’ software, which appears as a web pop-up when visiting a malicious or compromised website.  The pop-up claims that the computer has a virus, which it will disinfect.  In fact, a real computer virus is actually installed.

This virus is proving very effective (as the pop-ups are very convincing) and is currently changing so quickly that legitimate antivirus software vendors (including Symantec) are experiencing difficulties in keeping abreast of the latest variants.  This typically means that antivirus definitions are becoming available up to 24-48 hours after the latest version of the virus is seen on the Internet.  If you do get infected, shut down your PC and contact the ICT Service Desk immediately by calling x49000 if possible, or logging a request online at our Service Desk home page:

http://www3.imperial.ac.uk/ict/servicedesk

It is especially important that staff and students are aware of the fake antivirus pop-ups and are careful not to visit any suspicious links sent in emails or Facebook messages.

For further advice on anti-virus measures, please visit our Security team’s web pages.