Skip to Navigation | Skip to Content

Facebook, Amazon Trojan Email Attack

« Oct 1 Network Change & Remote Connections | Main | Connect-Direct, December 2010 »

There have been numerous reports that NYU community members are receiving malicious emails that purport to be from or These fake messages often contain attachments, in ZIP and EXE formats. When the email and attachment are opened, the trojan is installed onto the computer. Once infected, the compromised computer will begin sending similar messages to all parties listed in the infected computer's address book and email client.

As a general rule, if you don't know the person who has sent you an email, you should simply delete the entire message without opening it. If you do know the person sending you the email, but the message contains an unexpected attachment or web link, you should check with them before opening the file or clicking on the URL. Remember that many computer viruses use fake "From:" addresses. It's easier to ask someone to resend a message to you than it is to clean a virus off of your computer!

In order to reduce the likelihood of receiving spam or phishing messages, be sure to practice these recommendations:

  • Avoid opening email attachments from untrusted, suspicious or unexpected sources: Opening malicious email attachments will often result in a computer compromise. Once infected, the computer may do one or more of the following: 1) Send the same malicious message to other recipients in your address book 2) Provide the attacker remote access to your computer 3) Use your computer to attack other systems.
  • Requests for your NYU password or other personal info: If a message purports to be from NYU, ITS, or any other organization affiliated with NYU requesting your personal information such as name, date of birth, password, etc., it is almost certainly a phishing message. Do not reply to the message. ITS will never request your password information, especially not over email.
  • Pushy or Account Closure Warning messages: If a message informs you of an impending account closure or similar action unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.
  • Spam: Forward all spam email messages as attachments to Doing so will train our email gateway filters to screen out similar messages in the future.
  • Phishing Messages: Forward all phishing messages as attachments to
  • Email client message filtering: Reduce the number of spam messages arriving into your inbox by setting up basic message filters on your local email client. Click here for easy walkthrough instructions.
  • View messages as plaintext only: Spam and phishing messages tend to contain HTML code intended to fool the recepient into believing the message is legitimate or to conceal the real destination of embedded URLs. Set your local email client to render emails as plain text only to remove the HTML code and reduce the likelihood of clicking on a suspicious link.

If you believe that you may have opened this malicious email attachment, contact your local IT or the ITS Client Services Center (212-998-3333 or for further assistance.