Accessibility Statement | Large Text Default |
College-wide Navigational Links | Go to Local Navigational Links
Local Navigational Links | Go to Main Content
Main Content | Go to Searching Tools

Office of Information Technology

Quick Links

Alerts

 

************** CAES OIT SECURITY THREAT NOTICE ****************

Exchange Link Marketing Scam

March 1, 2009 — If you get a request from somebody to exchange a link with their site and they offer in return a link to your site, it is a marketing scam. Do not respond and provide any information. A sample is below:

Subject: Link exchange proposal with your site uga.edu

Hi, 
I've just visited your website  uga.edu and I was wondering if you'd be interested in exchanging links with my website?. I can offer you a Home page link back from  my website which is (http://www.notsnopes.com/).

top

Confiker/Downadup worm

January 22, 2009 — The Confiker/Downadup worm is becoming more prevalent across the Internet with every passing day. This worm can simply infect your Windows computer if you are NOT up-to-date on your Microsoft security patches. If your computer is infected, remote control of your computer is a very real possibility. If you have received notice on your PC that 'svchost.exe' has failed, contact your local OIT representative immediately for assistance.

Ensure that your computer is protected. Use Internet Explorer and go to http://windowsupdate.microsoft.com/. Click on the "Express" button and follow directions to get all security updates. If you have not done this for some time (or your computer does not automatically get updates), your computer may need to be rebooted as part of the process.

If you need assistance, contact your appropriate OIT representative or OIT Help Desk at 706-542-2139 or oithelp@uga.edu for questions or issues related to the update process.

Again, this is extremely important and should be completed as soon as possible on ALL computers with internet access.

top

Internet Explorer Security Vulnerability

December 18, 2008 — Microsoft has identified a security vulnerability in Internet Explorer and has released an update to protect users from this threat.  Please do the following on ALL COMPUTERS IN YOUR OFFICE ASAP:

  1. Open Internet Explorer
  2. Click Tools, Windows Update
  3. Choose Express, allow the system to scan for updates.
  4. Follow the prompts to install ONLY the High Priority updates and reboot if requested.
  5. Once you reboot repeat steps 1-4 until there are no remaining High Priority updates.

Again, this is extremely important and should be completed as soon as possible on ALL computers with internet access.

Please contact the OIT Help Desk at 706-542-2139 or oithelp@uga.edu for questions or issues related to the update process.

top

IRS E-mail with attachment

December 5, 2008 — Please be aware that an email is currently being circulated at UGA that claims to be from the IRS. This email is included below.

Do not respond to this email and do not fill out the attached forms as requested.

Date: Fri 5 Dec 07:38:34 EST 2008
From: "Internal Revenue Service" <nonereply@irs.gov> Add To Address Book | This is Spam
Subject: please see the attachment
To: "caesweb" <caesweb@uga.edu>

Please see the attachment make sure you fill all the columns and send fax to: 1-646-731-6884.
Attachment: Form W-4100B2 A1.doc (43k bytes) Open Attachment: Form W-4100B2A2.doc (68k bytes) Open

top

Malicious E-mail with Attachment abrechnung.zip

November 25, 2008 — Do not open malicious email with an attachment abrechnung.zip.

Please be aware that a malicious email has been observed at UGA containing a .zip file titled 'abrechnung.zip'. So far there is no indication that this has "landed" at UGA, but we did see it travel across UGA email servers, from external IPs, in relatively high volume.

F-Secure is calling it "Worm:W32/Autorun.KD" and they picked up the signature late yesterday. From the F-Secure Security Center:

The zip file contains two files: abrechnung.lnk and scann.a. The former is a Windows Shortcut and the latter is a copy of the malware.

Running the abrechnung.lnk file will execute scann.a, the actual malware file. The worm will create the directory %programfiles% \Microsoft Common, then create a copy of itself as %programfiles% \Microsoft Common\svchost.exe and delete the original scann.a file.

The worm will then use http://www.microsoft.com to check for the presence of a usable Internet connection and will then attempt to connect to two additional websites, using information on the infected machine as parameters. The websites connected to may respond with further download locations, or additional instructions for the malware.

On execution, the worm will create a registry entry that allows it to execute whenever explorer.exe is launched.

More information can be found at the following sources:

top

Adobe Alert

November 12, 2008 — Adobe is advising that all users of Adobe Acrobat Reader 8.1.2 and earlier, or Adobe Acrobat Standard/Professional/3D 8.1.2 and earlier, update your systems immediately! The vulnerability will allow an attacker to compromise your system and other systems within your network.

Action Item:

Immediately update to the latest version to avoid damage to your system and/or systems on your network.

Details:

Multiple vulnerabilities have been discovered in Adobe Reader and Adobe Acrobat. These vulnerabilities can be exploited if a user opens a malicious PDF file. Successful exploitation will result in an attacker gaining complete control of your PC or Laptop. The attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

http://www.adobe.com/support/security/bulletins/apsb08-19.html

top

Microsoft Alert

October 23, 2008 — Microsoft is advising that all users of Windows 2000, Windows XP, and Windows Server 2003 update your systems immediately!

The vulnerability will allow an attacker to compromise your system and other systems within your network.

Action:

To be sure that your operating system is up to date perform the following steps. If you have questions call the OIT Help Desk at 706/542-2139.

Steps:
Close all of your running programs
Make sure your work is saved
Click on your ‘Start’ button
Select ‘All Programs’
Then select ‘Windows Update’
This will take you to the Microsoft Update Website
Select the ‘Express’ button
Note: This could take a minute or two…
Select the ‘Install Updates’ button
Allow the updates to finish
Select the ‘Restart Now’ button

If you want to know more details got to this site: http://www.microsoft.com/protect.

Title: Information Regarding an Out-of-Band Security Bulletin Release (Level 200)

Date: Thursday, October 23, 2008 1:00 P.M. Pacific Time (U.S. & Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032393978

top

Fake YouTube pages spread viruses

October 7, 2008 — A program circulating online helps hackers build fake YouTube pages. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won't play without installing new software first. That error message includes a link the hacker has provided to a malicious program, which delivers a virus.

Even worse: once the computer is infected, it's simple for the hacker to silently redirect the victims to a real YouTube page to see videos they were hoping to see and hide the crime.

Please DO NOT fall in to the trap of installing software to play these "fake" videos. Contact the OIT Help Desk at 706-542-2139 if you have questions about a pop up anytime asking you to install something on your computer.

top

Dangerous Email

September 12, 2008 — A new, fairly sophisticated email is making its rounds through the UGA community. please be aware that if you receive an email similiar to the following you should delete it immediately. Don't be fooled by clever phishing scams.

Never trust an email that asks for your user name or password. You should never send passwords or other private information in an email to anyone.

Visit UGA EITS Web site for more information regarding how EITS is proactive against spam control.

Example of a dangerous email:

From: "Information From UGA.EDU Webmail Team" <Webmail-Help@UGA.EDU
Subject: Comfirm Your UGA.EDU Email Account !!!
To: GWG-L@LISTSERV.UGA.EDU

Dear Webmail User,

I am pleased to announce that on August 31st, 2008, UGA.EDU will
transition its current e-mail service to a new offering Webmail .
This new e-mail offering, based on popular web-based e-mail program, is one part of collaboration tools that will also be available to all UGA.EDU webmail account owners.

The new Webmail service will replace Mailhost. Although hosted by UGA.EDU messaging center, all existing UGA.EDU e-mail account will undergo regularly scheduled maintenance from our data base, access to your e-mail via the Webmail client will be unavailable for some time during this maintenance window. We are currently upgrading our data base and we are deleting all UGA.EDU e-mail account to create more space for new accounts.

To complete your UGA.EDU Webmail account, you are to reply to this e-mail immediately to enable us upgrade your webmail account and you are to send to us the following information below.

Your Email Address Here *************
Correct Password Here *********

Over the next seven days you will receive additional information on the e-mail transition. All communications will be in this same format as UGA.EDU. You will be directed to additional information on UGA.EDU hosted websites. I am sure you will be pleased with this new service.

Final Notification, Please Protect Your UGA.EDU Webmail From Being Closed.
Thank you for using UGA.EDU WEBMAIL.

top

Searching Tools | Go to Footer Information
Footer Information | Go to College-Wide Navigational Links
University of Georgia (UGA) College of Agricultural and Environmental Sciences (CAES)