Skip to Navigation | Skip to Content

March 2009

« January 2009 | Main | April 2009 »

March 31, 2009

Confickr Worm: Regarding 'Attack' on April 1st

Recently, there has been much media attention focused on Confickr, a somewhat pervasive internet worm targeting Windows PCs. Upon infection, Confickr will disable firewalls, antivirus/antispyware and Windows Updates. The worm propagates over the network and can even infect connected flash drives. The worm is scheduled to attack various systems across the internet on April 1st, 2009.

The Technology Security Services (TSS) group has been carefully monitoring the situation over the past several weeks. At this time, we do not believe there is a significant threat to NYU network resources. That said, we do recommend that all Windows PC clients do the following:

  1. Make sure you have downloaded and installed the latest Windows Updates.
  2. Update your antivirus and antispyware software with the latest definitions. NYU ITS provides Symantec Antivirus for free to most NYU faculty, staff and students.
  3. If you have not already done so, create a computer account password comprised of 8 alphanumeric characters or longer. Password creation tips can be found here.

If you wish to verify whether or not your computer is infected with Confickr, visit the following sites for removal tools and more information.

Microsoft: Virus alert about the Win32/Conficker.B worm
Microsoft: Malware Removal Tool

If you need further help cleaning up your computer from a possible virus infection, contact the ITS Client Services Center at 212-998-3333 or

March 06, 2009

Phishing scam targeting NYU Email

There have been various reports from sources at NYU as well as from other colleges about a phishing message that purports to be the 'upgradingteam09', 'NYU web_mail Team', 'ACCOUNT Team NYU MAIL ACCOUT' or the like. The message requests your password, name, and other personal information to avoid shutting down your NYU email account. The message requests that the recipient reply back to non-NYU email accounts, usually an email address.

NYU members should never reply to the fraudulent phishing emails. Instead, forward the messages as an attachment to our email filtering account Doing so trains our email filters to prevent such types of spam from arriving into inboxes.

Please note: It is very important to forward the message as an attachment, otherwise our email filters will not be able to parse through the message correctly.

As a reminder of better security practices, always remember that:

  • No NYU member will ever ask for your account password, especially not over email
  • Do not reply back to emails from unidentified, untrusted sources.
  • Forward all phishing messages as an attachment to This helps train our email filters to block such messages in the future
  • Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to When in doubt, do not reply and contact
  • If a message informs you of an impending 'account closure' unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

The following sites also provide several useful tips on defending against these types of phishing attacks:

Example #1

A sample of the phishing message can be found below:

This message is from your account center to all account
owners of NYU ACCOUNT We are currently upgrading our data base and E, mail
account center.We are deleting all unused account to create space for new
accounts.To prevent your account from being deactivated you will have to
update it.
E mail ACCOUNT NAME :..............
E mail Password :..............
Date of Birth :..............
Country or Territory: ........
Warning!!! Account owner that refuses to update his or her account within
days of receiving this ACCOUNT will lose his other account permanently.Thank
you for your understanding
Warning Code:64MT1

Example #2

Dear Staff/Student

This message is from the IT Service messaging center to all subscribers/webmail users. We are currently upgrading the webmail data base and e-mail centers due to an unusual activities identified in our email system. We are deleting all unused Webmail Accounts. You are required to verify and update your Webmail by confirming your Webmail identity. This will prevent your Webmail account from been closed during this exercise. In order to confirm your Webmail identity, you are to provide the following data;

Confirm Your WebMail Identity Below;

First Name:

Last Name:



Date of Birth:

Warning: Any subscriber/webmail user that refuses to verify and subsequently update his/her Webmail within 4 days of receiving this warning will lose his/her Webmail Account permanently.

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect your Webmail Account. We apologise for any inconvenience.


IT Service.

Webmail Administrator.