General Alerts; Virus, Spyware and bogus email Information

Below is a list of virus, spyware and bogus email messages that have appeared on Bradley's campus. For a more comprehensive resource of Internet virus threats, risks and vulnerabilities, visit the Symantec Threat Explorer website.
Not sure if it's a hoax? Symantec security response uncovers hoaxes on a regular basis.

Install free Symantec AntiVirus
Never reply to an email that requests your credit card number or PIN
Not sure if it's a virus? Contact the Technology HelpDesk at 309-677-2964

IRT will never ask you for your username and password via email. Phishing is typically carried out by email and often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Find out more about spam and virus threats below.

Email from Microsoft Windows Agent re: 'Conficker' worm

10/19/09

The following message is circulating, which provides an install.zip file to remove the 'Conficker' worm. This message is not legitimate. Simply delete the email. Never download Email attachments unless you know who the Email is from.

***Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

Phishing message asks for BUnetID and password

8/10/09

The following phishing message is circulating, which asks for BUnetID and password. This message is not legitimate. Simply delete the email. Never provide personal or account information through an email solicitation, and always delete any e-mail that arrives with this type of request.

The only email request that you will receive from Bradley email administrators will be a notification that your BUnetID password is about to expire, and you will be provided with instructions to change it.

The phishing message details are:
----------------------------------------------------------------------------------------------

From: Webmail Help Desk [mailto:webmaster@bradley.edu]
Sent: Saturday, August 08, 2009 3:21 AM
Subject: **Confirm Account Update**

This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received.
The program is run weekly to ensure no one's inbox grows too large. If your inbox becomes too large, you will be unable to receive new email. Just before this message was sent, you had 18 Megabytes (MB) or more of messages stored in your inbox on your Webmail To help us re-set your SPACE on our database prior to maintain your INBOX, you must reply to this e-mail and enter your:

BUnetID: {.......... }

and Password: {............... }

You will continue to receive this warning message periodically, if your inbox size continues to be between 18 and 20 MB. If your inbox size grows to 20 MB, then a program on Bates Webmail will move your oldest email to a folder in your home directory to ensure that you will continue to be able to receive incoming email. You will be notified by email that this has taken place. If your inbox grows to 25 MB, you will be unable to receive new email as it will be returned to the sender. After you read a message, it is best to REPLY and SAVE a copy.

Thank you for your cooperation.
Webmail Help Desk.

----------------------------------------------------------------------------------------------

This message is a phishing attempt and should be ignored and deleted.

Phishing email with subject "Your mailbox has exceeded the storage limit"

4/20/09

An email is circulating with the subject "Your mailbox has exceeded the storage limit". The body of the message is:

"Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator. You are required to contact your system administrator through email with your Username:{ } and Password:{ } to increase your storage limit.

System Administrator
email:adminsysms@administrativos.com

You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit.
This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential."

This message is a phishing attempt and should be ignored and deleted.

E-card virus

2/27/09

An E-card virus has been found on campus. The email states “a friend has sent you an e-card click here".
This is a virus and the message should be deleted without opening.

Kardphisher Trojan

1/27/09

Kardphisher uses the Windows Activation form to make you think your system has been activated on another computer. Select the link to view the activation form and learn more about this Trojan. Kardphisher ‘will ask for your billing details’ for verification purposes.

At no time should you ever be asked to activate Windows on a BU owned computer - Computing Services takes care of that prior to installation.

Downadup Virus

1/19/09

Sleeper virus could allow hackers to steal financial and personal information. Be sure to update your computer as Microsoft has provided a patch for this virus. If you do not update, you will not have the patch and your computer will be vulnerable (Windows update instructions for XP and Vista; verify Windows XP service pack 3 installation). It is a Windows worm and most cases are found on large corporate networks (very few reports of home computers affected).

Click here for more information on the Downadup Virus.

Subject line of 'Obama Acceptance Speech' and others

posted 1/9/09

Scam emails are being propagated with a subject line of ‘Obama Acceptance Speech’, and any of the following. Do not open these messages, simply delete them:

McCane dies of heart attack
Election Center 2008: Primary Results
World Welcomes Obama’s Win
Barack Obama in Danger – McCain will fight for president post

These email messages may appear to be from legitimate news sources, and will try to lure you into clicking on a link that will direct you to a malicious web site, or opening an infected video clip or attachment. When you click on the link, you are then told that you need the most recent version of Adobe_flash9.exe. If you accept the download and install the program, a virus will be installed on your computer. This virus is a password stealing virus that sends any passwords stored on your computer back to a central server or servers.

Spyware Guard 2008 Analysis and Removal

posted 12/9/08

Spyware Guard 2008 Analysis and Removal is a new entrant to the family of rogue security software affecting Windows XP and Vista. This is counterfeit antispyware software that is, itself, spyware. Do not purchase or install this software.
It is not to be confused with SpywareGuard, a freeware tool from Javacool Software.
Read more in this article posted on malwarehelp.org.

A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware. Instead many of them add more malware of their own.

Google Chrome

posted 11/12/08

Information Resources and Technology recommends that users not install Google Chrome. In testing this latest release from Google we have discovered its update feature can cause your system to run slowly or stop. Information Week (9/4/08) lists various problems at http://www.informationweek.com/news/internet/google/showArticle.jhtml?articleID=210500034 and Google has a list of known issues at http://www.google.com/support/chrome/bin/request.py?contact_type=known_issues_2 .

Bogus email (spam)

posted 8/29/08

Do not open ANY email sent to you asking you to " update, change, verify, confirm, etc. ": your email. Subject lines in this type of bogus email may include (but are not limited to):

Update your Bradley Account Now
Verify Your "Bradley.edu" Webmail Account Now
Confirm Your email Address

Simply delete the email! Never provide personal or account information through an email solicitation, and always delete any email that arrives with this type of request.

UPS (email)

posted 8/11/08

From: UPS

Subject: Tracking N_XXXXXX

Fraudulent email leads reader to believe that a UPS shipment could not be delivered. This email contains a virus - do not open attachment. Delete the email immediately. More information at http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html

XP Antivirus 2008 or Vista Antivirus, 2008 or Antivirus XP 2008

posted 8/11/08

Counterfeit anti-spyware software that is, itself, spyware. Generates fake and misleading system popup error messages so user will be tricked into purchasing XP Antivirus 2008, Antivirus 2008 or Vista Antivirus 2008. For more information and removal instructions, go to

http://www.xp-vista.com/spyware-removal/xp-antivirus-2008-removal-instructions-xp-antivirus-2008

email from Bradley.edu Support Team

posted 5/08

Do not reply to an email from Bradley.edu Support Team asking you to 'Confirm Your email Address'. This is a bogus email and your information will be used to send out more bogus messages to those in your address book.

maintained by: Randall/Renken