Skip to Navigation | Skip to Content

Computer Security Alerts Archive

October 01, 2014

A Note On Illegal Downloading

Marilyn McMillan, Vice President, Information Technology & Chief Information Technology Officer

A large percentage of people who use the Internet have downloaded music or movies. And most of the individuals who download these files—through paid services, file-sharing applications, or peer-to-peer networks—by now are aware of how prominent the issue of illegal downloading has become.

The University's stance on this issue is simple: using your computer to download or distribute copyrighted material illegally is impermissible, and you should not do it. Be aware: some applications for downloading music, movies and other files actually turn your computer into a server, allowing it to be used for distributing copyrighted material. If you are doing illegal downloads or distributions now or have done so, you should stop.

The music industry thus far has principally targeted those whose computers distribute illegally downloaded music, rather those who simply download. The Recording Industry Association of America (RIAA) is using the legal tools provided by the U. S. Digital Millennium Copyright Act (DMCA) of 1998. When a copyright complaint is received, the student responsible for the network address listed in the complaint is notified by email and sent a copy of the complaint. The student is asked to review NYU's policies, and to confirm in writing that s/he will abide by them. If the student does not respond, his/her network connection is blocked. If there are repeated incidents, the matter then is referred to the student judicial process. A range of penalties is available within the judicial process; the specific penalty depends upon the result of that process and may include suspension of account privileges. If the RIAA believes you are involved in illegal downloads or distribution of copyrighted materials and submits a valid subpoena to NYU seeking your identity, the University will comply with the subpoena and furnish your name and contact information to the RIAA's lawyers.

Federal copyright law itself includes a range of penalties, from $750-$130,000 per infringed work, or as much as $150,000 per work, if the infringement is deemed "willful". See Copyright Law of the United States of America (www.copyright.gov/title17/92chap5.html). A claim of "fair use" can be used as a defense against a claim of infringement, see Limitations on exclusive rights: Fair use (www.copyright.gov/title17/92chap1.pdf), the NYU guide to copyright law as it relates to academic research, teaching, and publication (library.nyu.edu/copyright/), NYU's Copyright and Fair Use resource (www.nyu.edu/footer/copyright-and-fair-use.html), and NYU's Statement of Policy and Guidelines on Educational and Research Uses of Copyrighted Materials (www.nyu.edu/content/dam/nyu/compliance/documents/
CopyrightedMaterials.1.6.14.pdf
). There may also be criminal penalties for willful copying of a work for profit or financial gain, or if the work has a value of more than $1,000. Penalties can include a one-year jail sentence plus fines. If the value is more than $2,500, you may be sentenced to five years in jail plus fines. Criminal penalties generally apply to large-scale commercial piracy.

We know that illegal downloading of music is a widespread practice. It has become an international phenomenon, one that is hardly confined to college campuses. Its allure is clear: why would you pay for something—a song to load on your MP3 player or a movie to load on your laptop—when you can get it for free with a little exploration and few keystrokes? And why would you not share something for free with friends?

In answering those questions, the University appeals to what Abraham Lincoln once called "the better angels" of your nature and to your commitment to the culture of scholarship.

As communities of scholars and learners, research universities—such as NYU—have two primary missions: to educate students and to create knowledge. This latter mission involves the production of original scholarship and research. Accordingly it is accompanied by an enormous respect for proper recognition being given to the creator of those ideas and knowledge. In higher education, it is considered a grave act to take another's work without permission or attribution. At NYU, which also has large and renowned programs in the arts, this respect extends to the creation of new art.

Few in this community would uphold shoplifting CDs from a record store. And few would be content to see their own work—a paper, for instance, or a journal article, or a term project in a course—taken by someone else and used without permission.

Yet, in reality, that is what you do when you download copyrighted files illegally. However you may feel about the music or film industry or about their responses to piracy, when you download copyrighted files without permission, you are stealing the work of a director or a producer or an artist. It is not only wrong; it puts you at legal risk.

The Internet has brought unimaginable access to information and extraordinary flexibility and opportunities for exploration and communication. NYU wants you to take advantage of all that. But, just as you abide by certain standards of behavior for scholarship and for University life, so, too, should you abide by high standards when it comes to the intellectual property of others on the Internet.

Originally posted: March 2007. Updated: August 2014.

Editor's Note: For more information about peer-to-peer file sharing, including NYU's policies and procedures regarding the practice, see www.nyu.edu/its/p2p/.

September 25, 2014

Active exploitation of recent Bash vulnerability

SUMMARY

TSS is aware of active exploitation of the recently announced Bash vulnerability. There is no action for end users at this time.

TSS strongly recommends all system administrators prioritize patching their systems as soon as possible. Patches are available for every major Unix distribution.

DETAILS

There is a vulnerability in Bash, a commonly used Unix shell, which in some cases may allow for remote code execution. It is difficult to reliably identify vulnerable systems so TSS is advising administrators of all Unix systems and Unix-based systems, including Mac OS X, to update their systems immediately.

From the National Vulnerability Database CVE entry:

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

A good summary writeup of the vulnerability can be found here:

http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html

Technical details can be found here:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html#.VCQlR_ldVuM

NEXT STEPS

As mentioned, all system administrators should update their systems immediately. NYU ITS Technology Security Services will be monitoring the situation for any further developments and update this page as appropriate. As always, questions can be sent to security@nyu.edu.

August 07, 2014

Russian Crime Ring Data Breach

NYU IT Technology Security Services is aware of the NY Times Article that was published on August 6th, 2014 regarding the large number of records supposedly breached by a Russian cybercrime group. We have not yet received any indication that NYU was affected, and the company that put out the story has not been forthcoming with specific details to back up the report. That being said, NYU takes all potential breaches seriously, thus we will continue to monitor the situation and will take appropriate responsive action, including notifying any affected members of the NYU Community should we discover their accounts were affected. Please feel free to contact security@nyu.edu with any questions.

Continue reading "Russian Crime Ring Data Breach" »

April 30, 2014

New Internet Explorer bug *UPDATED 5-1*

Microsoft released a Security Advisory yesterday affecting Internet Explorer up to and including the most recent version, Internet Explorer 11.

The US Computer Emergency Readiness Team (US-CERT) has made the following recommendation regarding this vulnerability:

"US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser."

As such we recommend, as an alternative to Internet Explorer, that you consider using Google Chrome, Mozilla Firefox, or Safari when visiting websites. If you must use an NYU application that only supports Internet Explorer you should feel free to do so. For browsing sites outside of NYU, however, the use of Chrome, Firefox, or Safari is recommended instead.

For more information please see:

*http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

* https://technet.microsoft.com/en-US/library/security/2963983

* http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

As always, please contact security@nyu.edu with any questions.


UPDATE: Microsoft has issued a security patch for this vulnerability, and it is available via Windows Update. There is more information about the patch at https://technet.microsoft.com/library/security/ms14-021

April 09, 2014

Important New Web (OpenSSL) Vulnerability

As many of you may have read or heard, a flaw has been discovered in one of the Internet's security methods—a flaw that could enable hackers to access user names, passwords, or other sensitive data.

A fix for this flaw, which was announced this week, is available and NYU is now working quickly to patch all of the University's systems that need patching. The flaw is associated with a widely-used technology known as OpenSSL, which is used to secure server transactions, and it is known as the "Heartbleed" vulnerability. OpenSSL is used by Internet service providers, system administrators, and universities around the world, including NYU.

What NYU is doing:
Technology Security Services (TSS) at NYU is reviewing our centrally provided systems and servers that need to be patched are being patched. TSS has been in touch with the NYU system administrators group (system administrators across campus) to alert them to the issue and the recommended fix. The CIO Council (IT leads at the schools) has also been alerted to this issue for any locally maintained and housed servers.

What should you do:
First of all, don't panic. Not all systems use OpenSSL, some that do are not vulnerable, and many websites are already installing patches on their systems.

If you are an administrator of any system, you should immediately upgrade your system to the latest version of OpenSSL. For more guidance, NYU system administrators should contact the IT Security Group at security@nyu.edu. Administrators of systems outside of NYU (e.g., cloud services) should contact the service provider or refer to the links below.

For users of NYU systems: ITS and other service owners across NYU are working quickly to patch systems as necessary. As examples, NYU Google Apps, NYU Classes, Albert/SIS, NYUHome, www.nyu.edu, NYU Login, PeopleSync, and all core NYU systems have either been patched, or are not vulnerable to this bug.

For users of non-NYU systems: If you don't know if the server you are connecting to has been patched, the most prudent thing to do is refrain from logging into non-NYU sites that contain sensitive data for a few days while those non-NYU servers are patched. If there is no information from the system owners after that time, you should contact the site to confirm that the patch is in place. If you are curious as to whether a page may be affected by the flaw, you can visit this Heartbleed test site and put in the name of the website you are concerned about to see whether it is vulnerable. However, not all sites can be tested in this way.

What the Internet is doing: Internet providers and server administrators around the world are doing assessments of their systems in order to patch their version of OpenSSL.

References:

March 24, 2014

"Notification" phishing scam

There are new reports about a phishing message that purports to come from "nyuadminform" The phishing message claims " you may not send or receive new mail until to re-validate your nyu.edu mailbox," and instructs the recipient to click on a web link. An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading ""Notification" phishing scam" »

February 24, 2014

Important iOS update patches SSL vulnerability

An update to iOS 7 was released on Friday, which fixes a significant vulnerability on SSL, the protocol used for secure transactions over the web. You should update your mobile devices as soon as possible to avoid this vulnerability. As usual, the normal security precautions apply: don't use untrusted networks, use VPN to connect to NYU systems, and patch regularly. For more information on the vulnerability, see: http://www.cbc.ca/news/technology/apple-security-flaw-what-you-need-to-know-1.2549246.

APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
The security update for Mac OS X 10.9 Mavericks is now available from the Mac App Store or http://www.apple.com/support/downloads/.

September 24, 2013

"IT help Desk"

There are new reports about a phishing message that purports to come from "IT help Desk." The phishing message claims "verification and registration of all active Email Accounts on our database," and instructs the recipient to click on a web link "to verify his/her account for security reasons" An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading ""IT help Desk"" »

September 06, 2013

"NYU Email | Update"

There are new reports about a sophisticated phishing message that purports to come from "IT Service Desk" or Ask_ITS@nyu.edu. The phishing message claims "NYU's web mail and Calendar Service have been updated," and instructs the recipient to click on a web link "for information and instructions on how to access your email." An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading ""NYU Email | Update"" »

June 10, 2013

"Suspicious sign in alert"

There are new reports about a sophisticated phishing message that purports to come from "NYU ONLINE", INFODATA@NYU.EDU, "Suspicious sign in alert" or "NYU Services". The phishing message claims that NYU "just prevented a sign-in attempt on your *NYU* account from another location," and instructs the recipient to click on a web link to "to verify your profile". An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading ""Suspicious sign in alert"" »

March 31, 2013

"YOUR NET ID ACCOUNT" Phishing Scam (3/31/2013)

There are new reports about a sophisticated phishing message that purports to come from "NEW YORK UNIVERSITY", "NYU TEAM", NOTICE@NYU.EDU, "TASK ON YOUR NYU ACCOUNT" or "Information Technology Services (ITS)". The phishing message claims that NYU "noticed invalid login attempts into you account online from an unknown IP address" and instructs the recipient to " update your account information for your online webmail to be re-activated". An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

Continue reading ""YOUR NET ID ACCOUNT" Phishing Scam (3/31/2013)" »

February 14, 2013

Active exploits against Acrobat, PDF Reader (2/14/13)

There are various reports from multiple trusted sources about an active exploit affecting Adobe Acrobat and Adobe Acrobat Reader. At this time there is no security patch available to protect against this attack, however, enabling "Protected Mode" or "Protected View" in Adobe Acrobat Reader X/XI and Acrobat X/XI may mitigate a compromise.

Continue reading "Active exploits against Acrobat, PDF Reader (2/14/13)" »

January 11, 2013

1-14-2013: [UPDATE] Active Zero-Day Java Exploit

A newly discovered zero-day exploit for Java 7 Update 10 is being used by attackers to remotely execute malicious code on vulnerable computers. *UPDATE* As of 1/14/2013, there is a security patch to protect computers against this exploit. You may download it here: Java 7 RU11. Note that there are unresolved vulnerabilities in Java and it is recommended that you disable it if you do not need it.

Most websites and web applications do not require Java, therefore it is possible to disable it without causing any impact to your web browser's functionality. However, because Java is a well-known computing platform used on some websites, disabling it may cause certain web applications to stop working.

At NYU, certain web applications require Java, so disabling it may prevent access to these sites or cause performance stability issues. If you are unsure if disabling Java will affect access to certain web applications, contact your local IT support.

Continue reading "1-14-2013: [UPDATE] Active Zero-Day Java Exploit " »

December 07, 2012

12-07-12: Fake NYU login scam via Google Docs

There are new reports about a sophisticated phishing message that purports to come from "IT HELP DESK" and claims that NYU " is doing some maintenance in the server login page" and that NYU members are " advice to access their account in the temporary login page powered by Google.Do". The phishing message informs the recipient that the login page has been changed and that they should click on a link to sign in with their NetID and password. This message is a forgery and should be deleted immediately.

Continue reading "12-07-12: Fake NYU login scam via Google Docs" »

July 26, 2012

Fake NYU Financial Aid "$1000 Visa Gift Card" Scam

There are new reports about a sophisticated phishing message that purports to come from "Nyu Office Of Financial Aid". The phishing message (see below) claims that Financial Aid has "issued [you] a $1,000 Visa Gift Card free of charge" and that you have to visit a " website to claim your card and have it shipped to the address of your choosing.". The link then takes you to a website (omitted here for security reasons) that requests your personal information. This message is a forgery and should be deleted immediately.

Continue reading "Fake NYU Financial Aid "$1000 Visa Gift Card" Scam" »

May 05, 2011

Fake "NYU Google" spam detector and upgrade email

There are new reports about a sophisticated phishing message that purports to come from "WEBMASTER" or "NYU WEBMASTER". The phishing message claims that NYU has "decide[d] to upgrade our NYU.EDU database to guard and attack against spam database" and that "you are expected to CLICK HERE and fill in the account verification form as required and we shall upgrade your account.". The link then takes you to a Google doc that requests, amongst other things, your current email address, NetID and NYU password. This message is a forgery and should be deleted immediately.

Continue reading "Fake "NYU Google" spam detector and upgrade email" »

April 06, 2011

"googlemail.com" account upgrade phishing scam

There are new reports about a sophisticated phishing message that purports to come from "nyu.edu SUPPORT tech-support@nyu.edu". The phishing message claims that NYU "would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our webmail service" and that "your original password will be reset". The message then informs you to email your current NetID password to "upgrade.acc00unt.******@googlemail.com".

Continue reading ""googlemail.com" account upgrade phishing scam" »

January 25, 2011

"Announcement" Phishing Scam

There are new reports about a sophisticated phishing message that purports to come from "New York University webmasterr@nyu.edu". The message claims that NYU has "upgraded our server to new secured 2011 version" and that "You are require to upgrade your account to 2011 version by clicking here". The link, aptly labeled "https:/secure.nyu.edu", takes you to a fraudulent, non-NYU website where recipients are asked to enter in their NYU credentials.

Continue reading ""Announcement" Phishing Scam" »

October 05, 2010

Facebook, Amazon Trojan Email Attack

There have been numerous reports that NYU community members are receiving malicious emails that purport to be from Facebook.com or Amazon.com. These fake messages often contain attachments, in ZIP and EXE formats. When the email and attachment are opened, the trojan is installed onto the computer. Once infected, the compromised computer will begin sending similar messages to all parties listed in the infected computer's address book and email client.

Continue reading "Facebook, Amazon Trojan Email Attack" »

May 27, 2010

Beware of phishing message with NYU Logo

There are new reports about a sophisticated phishing message that purports to come from "New York University member@nyu.edu". The message claims that NYU "noticed recent changes on your Email Account" and requests that you click on an URL labeled "UPDATE" or else your account will be suspended. DO NOT click on the URL titled "Update".

Continue reading "Beware of phishing message with NYU Logo" »

March 24, 2010

DaughtersOfColumbus "Lawsuit" Phishing attack

There are new reports about a sophisticated phishing message that purports to come from Crosby & Higgins LLP lawfirm. The message claims that there is "...a lawsuit that we filed against you in court on March 11, 2010... " and requests you click on an URL to open a Word DOC file containing the complaint. This email is NOT legitimate.

Continue reading "DaughtersOfColumbus "Lawsuit" Phishing attack" »

March 09, 2010

Beware of "IT Service" phishing message

There are new reports about a sophisticated phishing message that purports to come from "WEBCTSERVICE/Administrator". The message claims that "You have exceeded the limit of your mailbox" and requests you "re-validate" your account by clicking on a link to a non-NYU website. This website then asks for your NYU password, name, and other personal information to avoid shutting down your NYU email account. The fraudulent message requests that the recipient reply back to non-NYU email accounts, and in this case, "@bmc.org", "@yahoo.com.hk", "@admin.in.th" or "@hotmail.com" email addresses.

Continue reading "Beware of "IT Service" phishing message" »

January 28, 2010

"WEBMAIL" phishing scam targeting NYU community

There are new reports about a sophisticated phishing message that purports to come from "Webmaster Online Department NYU.EDU-MAIL". The message claims that NYU is "currently verifying our subscriber's webmail accounts in other to increase the efficiency of our webmail features" and requests your password, name, and other personal information to avoid shutting down your NYU email account. The fraudulent message requests that the recipient reply back to non-NYU email accounts, and in this case, a "@ucla.edu" or "webmaster.XXX@live.com" email addresses.

Continue reading ""WEBMAIL" phishing scam targeting NYU community" »

November 18, 2009

"Webmail" phishing scam targeting NYU community

There are new reports about a sophisticated phishing message that purports to come from "New York University District Information technology Service ( ITS )". The message claims that ITS is "undertaking some essential, but extensive, maintenance to improve our webmail this week" and requests your password, name, and other personal information to avoid shutting down your NYU email account. The fraudulent message requests that the recipient reply back to non-NYU email accounts, and in this case, a "@upgrade.com" and "@yahoo.com" email addresses.

Continue reading ""Webmail" phishing scam targeting NYU community" »

August 21, 2009

DGTFX Webmail Phishing Scam

TSS has received several reports about an ongoing phishing scam targeting the NYU community. The message claims the "the virus DGTFX has been detected in your folder" and that the recepient must provide their password information in order to "upgrade" to the "secured DGTFX anti-virus 2009 to prevent damages to webmail logs". The fraudulent message requests that the recipient reply back to non-NYU email accounts, and in this case, an " @ns.sympatico.ca " email address. Below is a copy of the scam:

Continue reading "DGTFX Webmail Phishing Scam" »

May 27, 2009

More sophisticated phishing scams target NYU Email

There have new reports about a sophisticated phishing message that purports to come from "New York University Information technology Service ( ITS )". The message claims that ITS is "undertaking some essential, but extensive, maintenance to improve our webmail this week" and requests your password, name, and other personal information to avoid shutting down your NYU email account. The fraudulent message requests that the recipient reply back to non-NYU email accounts, and in this case, a "@esagelink.com" email address.

Continue reading "More sophisticated phishing scams target NYU Email" »

March 31, 2009

Confickr Worm: Regarding 'Attack' on April 1st

Recently, there has been much media attention focused on Confickr, a somewhat pervasive internet worm targeting Windows PCs. Upon infection, Confickr will disable firewalls, antivirus/antispyware and Windows Updates. The worm propagates over the network and can even infect connected flash drives. The worm is scheduled to attack various systems across the internet on April 1st, 2009.

The Technology Security Services (TSS) group has been carefully monitoring the situation over the past several weeks. At this time, we do not believe there is a significant threat to NYU network resources. That said, we do recommend that all Windows PC clients do the following:

  1. Make sure you have downloaded and installed the latest Windows Updates.
  2. Update your antivirus and antispyware software with the latest definitions. NYU ITS provides Symantec Antivirus for free to most NYU faculty, staff and students.
  3. If you have not already done so, create a computer account password comprised of 8 alphanumeric characters or longer. Password creation tips can be found here.

If you wish to verify whether or not your computer is infected with Confickr, visit the following sites for removal tools and more information.

Microsoft: Virus alert about the Win32/Conficker.B worm
Microsoft: Malware Removal Tool

If you need further help cleaning up your computer from a possible virus infection, contact the ITS Client Services Center at 212-998-3333 or askits@nyu.edu.

March 06, 2009

Phishing scam targeting NYU Email

There have been various reports from sources at NYU as well as from other colleges about a phishing message that purports to be the 'upgradingteam09', 'NYU web_mail Team', 'ACCOUNT Team NYU MAIL ACCOUT' or the like. The message requests your password, name, and other personal information to avoid shutting down your NYU email account. The message requests that the recipient reply back to non-NYU email accounts, usually an @live.com email address.

Continue reading "Phishing scam targeting NYU Email" »

April 04, 2008

Phishing scam targeting NYU Home Mail

There have been various reports from sources at NYU as well as from other colleges about a phishing message that purports to be the 'help desk'. The message requests that the person reply back to the email with the email address & password in order to avoid the email account from being 'shut off'

NYU members should not reply to the fraudulent phishing emails. Instead, forward the messages to our spam filtering system's email address is.spam@nyu.edu. Doing so trains our email filters to prevent such types of spam from arriving into inboxes.

As a reminder of better security practices, always remember that:

  • No NYU member will ever ask for your account password, especially not over email
  • Do not reply back to emails from unidentified, untrusted sources.
  • Forward all spam to is.spam@nyu.edu. This helps train our email filters to block such messages in the future
  • Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to is.spam@nyu.edu. When in doubt, do not reply and contact security@nyu.edu.
  • If a message informs you of an impending 'account closure' unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

A sample of the phishing message can be found below:


Dear Email Account Owner,

This message is from webmail messaging center to all webmail account owners. We are currently upgrading our data base and e-mail account center. We are terminating all unused email accounts to create space for new accounts.

To prevent your account from being terminated, you will have to update it by providing the information requested below:

***********************************************************
CONFIRM YOUR EMAIL IDENTITY NOW
E-mail Username : ...............
E-mail Password : ...............

***********************************************************

Warning!!! Account owners that refuses to update his or her account within
Seven days of receiving this warning will lose his or her account permanently.

Warning Code:11XXTT8765

Thanks,
Webmail Administrator


March 19, 2008

BBB Better Business Bureau Phishing Scam Email

We have received several reports from NYU members of a suspicious email purporting to come from the BBB, i.e. the Better Business Bureau, which indicates to click on a link and to provide personal information. The sender may appear to come from seatac@bbb.org, operations@bb.org, or some other address ending with "@bbb.org". The link points to a site that pretends to be a legitimate BBB website, such as:

http:// w w w . n a t i o n a l - b b b . o r g

That message is a scam and should be ignored. Do not click on any link in the message and do not reply to it.

Simply forward the message to the following addresses and then delete it:

  • is.spam@nyu.edu (sending spam to this email address will help our email gateways filter it out in the future)
  • spam@uce.gov (this is a branch of the FTC that tracks these types of phishing scams)

As always, never open emails from unexpected sources & never click on links inside emails asking you to provide personal information or asking you to download software to your computer. Always be skeptical when you receive messages asking you to provide personal information.

When in doubt, feel free to contact NYU ITS's Technology Security Group for more information. We can be reached at security@nyu.edu

January 07, 2008

Beware of Fake "NYU Federal Credit Union" Phishing Attack

ITS Technology Security Services has received widespread reports about a phishing scam targeted at NYU community members using the NYUFCU (Credit Union) domain. The from address on the email was spoofed using that domain which may make it appear legitimate , but it also contains a few classic phishing characteristics such as:

  1. New York University Federal Credit Union will never ask members to call any number or visit any website for security reasons. Anyone who receives an e-mail that purports to be from New York University Federal Credit Union and asks for any information or action by the member should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
  2. The link in the message does not point to the domain the message supposedly came from, or any legitimate domain associated with the NYU Federal Credit Union.
  3. The message contains many spelling and grammar errors.
  4. The message implies urgency: "update your profile as soon as possible" and "your access will be continued as normal". Phishing attacks try to convince victims of the urgency of the "problem" in order to steal as much personal information as possible prior to ISPs bringing down the phishing websites.

DO NOT click on any link in that message. At this time, the best thing to do is to:

  1. Forward the spam message to is.spam@nyu.edu
  2. Delete the message
  3. Inform your coworkers of the phishing scam

In the event you or another NYU member may have clicked on the link and provided personal information, contact TSS immediately at security@nyu.edu.

If you believe your financial information may have been compromised as a result of this phishing attack, you can also contact the NYU Federal Credit Union at:

http://www.nyufcu.com/asp/contact.asp

To find out more information about these types of phishing attacks and how to report them, visit:

Federal Internet Crime Complaint Center

July 17, 2007

Multiple critical updates from MS, Apple, & Adobe

July '07 has been a busy one for software companies: multiple critical updates have been issued for Adobe, Microsoft, Apple operating systems and applications.

Adobe:

Two (2) vulnerabilities in Adobe's popular Flash player may allow a specially crafted website to load malicious arbitrary code and possibly even take control over a victim's computer. These updates apply to both Windows and Mac OS X.

Adobe recommends all users of Adobe Flash Player 9.0.45.0 and earlier versions upgrade to the newest version 9.0.47.0. Click here to download the latest version.

Apple:

Eight (8) vulnerabilities in Apple's popular Quicktime player may attackers to load malicious arbitrary code and possibly even take control over a victim's computer. These updates apply to both Windows and Mac OS X.

Apple recommends all users download the latest version of Quicktime player 7.2, available here

Microsoft:

Eleven (11) vulnerabilities in Windows (i.e. Windows XP SP2, Vista, etc.) and Office suite may allow attackers to load malicious arbitrary code and possibly even take control over a victim's computer. These updates apply to Windows only.

Microsoft recommends all users update their computers via the Automatic Updates feature or by visiting: http://update.microsoft.com

June 15, 2007

Security Updates for Windows Safari

On June 13th, 2 days after launching the beta version of the Safari web browser for Windows, Apple released several security updates to patch critical vulnerabilities that could be potentially exploited.

The 3 "critical" vulnerabilities could permit remote attackers to launch a "Denial-of-Service" condition or execute arbitrary code. Just as is the case with any software that is in the "beta" development stage, vulnerability issues should be expected until further testing can be completed.

The updated Safari browser, version 3.0.1, is now available for download here:

http://www.apple.com/safari/

June 12, 2007

Download Windows Updates: 06/12

Microsoft released several critical Windows patches on June 12 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Windows, Office and Internet Explorer.

This update affects multiple versions of Windows including Windows 2000, XP Professional SP2, & Vista.

Download the latest updates here:

http://update.microsoft.com

May 29, 2007

Mac OS X Update 05-24

On 05-25-07, Apple released several critical security updates that address vulnerabilities in applications such as iChat, VPN, PPP and others. These updates should be downloaded and installed as soon as possible.

To update your computer in OS X, simply navigate to the Apple Menu on the top left corner & click on Software Update

You can read more about this critical update here:

http://www.apple.com/support/downloads/
securityupdate20070051039client.html

April 27, 2007

MacBook & MacBook Pro Battery Update

Apple has issued an important battery update for all versions of MacBook and MacBook Pro laptops. The update addresses a battery firmware issue and improves battery functionality.

It is highly recommended that you install this update as soon as possible. To get this and other updates immediately, go to the Apple menu & choose "Software Update". The update will require a restart.

More info can be found here:

Apple MacBook & MacBook Pro Battery Update

March 30, 2007

Windows Animated Cursor Attack

On Wednesday, March 28, Microsoft announced a new vulnerability that targets the "animated cursor" function in Internet Explorer 6 and 7.

Animated cursors are used on different websites for legitimate reasons. However, this latest vulnerability uses the animated cursor function to install and execute a trojan file on the victim computer. Infected computers may be controlled by a remote attacker, who may install a keylogging tool or other malicious files

The attack does not require any user interaction. Computers can be compromised simply by visiting a website that contains the malicious code. The infection happens in the background and the user may not be aware that the computer is compromised.

This vulnerability affects the following operating systems:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • (See link below for more Operating Systems)

Vista's IE 7 in protected mode shields the computer against drive-by installations.

There are no patches for the vulnerability at this time. Microsoft suggests that customers avoid visiting unknown websites or open email from unknown, untrusted addresses. It is also suggested that users open emails in plain text format since it will reduce the risk of malicious code executing.

Read more about this alert on Microsoft's Security Bulletin website:

Microsoft Security Advisory (935423)

Continue reading "Windows Animated Cursor Attack" »

March 07, 2007

Download FireFox Javascript Patch

Mozilla, the company which owns and distributes Firefox, has released a patch that addresses a javascript vulnerability in Firefox 2.0 & 1.5. This update addresses that security issue and is availble for both the Mac and Windows versions of FireFox.

Following recent updates, Mozilla discovered that disabling the javascript feature in the web browser could be circumvented by specially crafted image file tags.

Click here to download the latest patch for your version of Firefox.

Download Patches for Quicktime

On Monday March 5th, Apple released 8 security patches for both the Windows and Mac versions of Quicktime. Quicktime is an Apple media player application that is bundled with iTunes.

Without the patches, Mac's and Windows PC's are vulnerable to a cyberattack. A malicious file can be created that when opened with Quicktime, could give the attacker full control over a computer.

If you have Quicktime installed, click here and download the latest updates for your operating system.

February 12, 2007

Download Windows Updates: 02/14

Microsoft released several critical Windows patches on Feb. 12 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Microsoft Office, Word, PowerPoint, Visual Studio, and Windows 2000 workstations.

This update affects multiple versions of Windows including, but not limited to, Windows XP Professional SP2. The patches for MS Office and its family of applications affect both the Windows and Mac versions. It is very important that you update as soon as possible.

Download the latest updates here: (Windows)

http://update.microsoft.com

Download the latest updates here: (MS Office for Mac OS X)

MacTopia Downloads

February 08, 2007

Firefox 1.5.0.9 Pop-Up Blocker Attack

There is a a flaw in the pop-up blocker of Firefox that could allow an attacker to access local files. However, this vulnerability only affects Firefox 1.5.0.9. This vulnerability does not affect Firefox 2.0 which is the latest version of the browser.

When the pop-up blocker feature is disabled, Firefox gives unnecessary access to local files. If a malicious file containing exploit code is already on the computer, then it can be remotely launched.

This is not easy, since the file would have to be planted on the system by tricking a user to click on a link that would download the file. The malicious file could then enable access to other files, which could be transferred to a remote computer belonging to an attacker.

Mozilla, the distributor of Firefox, is currently working on a solution. In the meantime, make sure your pop-up blocker is enabled whenever possible. Alternatively, you can upgrade to the latest version of Firefox, version 2.0 here:

Download Firefox 2.0

December 06, 2006

Zero-Day Attack for Microsoft Word

Microsoft issued a security bulletin regarding a recently discovered vulnerability in Microsoft Word. The attack involves a specially crafted Microsoft Word document that contains malicious code.

Once the Word Doc is opened, the code is executed and corrupts the computer's memory. This can lead to an attacker taking control of a user account on the compromised computer.

This attack affects many varieties of Microsoft Word, including those available for the Apple Macintosh platform.

  • Word 2000
  • Word 2002
  • Word 2003
  • Word Viewer 2003
  • Word 2004 for Mac
  • Word 2004 v. X for Mac
  • Works 2004, 2005, and 2006

There is no patch or fix for this issue as of yet. Microsoft is working on a solution.

It is recommended that you do NOT open any Word Doc's from un-trusted sources. If you do receive Word Doc's from trusted sources, verify that the document was intentionally sent.

We will update this alert as information becomes available

You can read more information regarding this latest vulnerability here:

Microsoft Security Bulletin: Microsoft Word

December 04, 2006

Email Scam: "Nyu Abuse Department"

There is a phishing email that is being sent to NYU users requesting that the recipient click on a link or else face the risk of an account suspension.

The message appears as the following:

---

"Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended for security reasons.

http://www.nyu.edu/confirm.php?account=(Your NetID)@nyu.edu

After following the instructions in the sheet, your account will not be interrupted and will continue as normal.

Thanks for your attention to this request. We apologize for any inconvenience.

Sincerely, Nyu Abuse Department"

---

This message is NOT legitimate. DO NOT click on any link in that message. The link may trigger a download of malicious software and compromise your PC.

It is recommended that you forward this phishing message, and any message like it, to is.spam@nyu.edu .

November 30, 2006

Download Apple OS X Updates: 11/28

On November 28th, Apple began distributing 31 updates for Mac OS X 10.4.8. These updates address a mulititude of issues in OS X, including a severe vulnerability regarding the Airport Wireless Card in PowerPC Macintosh models.

It is important that you update your computer as soon as possible. To learn how to update your Mac, click on the link below:

http://www.nyu.edu/its/security/getsecure/#step2

November 16, 2006

Download Windows Updates: 11/14

Microsoft released several critical Windows patches on Nov. 14 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Adobe Flash Player 6+, Remote Code Execution, and ActiveX scripting.

This update affects multiple versions of Windows including, but not limited to, Windows XP Professional SP2. It is very important that you update your Windows operating system as soon as possible.

Download the latest updates here:

http://update.microsoft.com

October 10, 2006

Download Windows Updates: 10/10

Microsoft has released 10 updates for October's "Patch Tuesday" monthly cycle. These updates are the largest amount of grouped updates for the year so-far. The updates will fix 26 known vulnerabilities being actively exploited on the Internet.

Due to a software glitch, MS is not able to push out the updates to their users automatically at this time (10/10/06 @ 5PM EDT). It is suggested that you visit their website below to manually download & install the latest updates:

http://update.microsoft.com

September 26, 2006

Download Critical Windows Update

Microsoft, in an effort to mitigate further exploits from the latest vulnerability, has released a Microsoft Windows patch ahead of the scheduled October 10th "Patch Tuesday" update.

Download this critical update by going to Microsoft's Windows Update page here:

Microsoft Windows Update

September 22, 2006

New Internet Explorer & Outlook Attack

Reported 09/15/06 in the Security Alerts page, Microsoft's latest vulnerability is quickly gaining momentum with many malicious sites and hackers crafting code and HTML to exploit vulnerable computers. Currently, even the most patched versions of Windows XP are completely vulnerable to this attack and there is no projected patch until sometime in October.

This new attack targets Internet Explorer and the HTML component in Outlook and can result in a computer being compromised by an attacker. So in theory, visiting a malicious website or opening an email with the malicious HTML code can leave the computer fully compromised.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.

Critical Apple WiFi Update

Apple released an update today for their Airport wireless cards that addresses multiple vulnerabilities. Those vulnerabilities put all wireless-capable OS X computers at risk of being compromised by an attacker, including the new Intel-based Macs.

Without the update, an Apple computer connected to a malicious "WiFi spot" could potentially be compromised to the degree that an attacker can gain control of the computer and execute arbitrary code.

To get the latest update, simply go on the Apple menu and select "Software Update". Download any updates available.

You can read up on the vulnerability here:

Apple releases Airport update

September 19, 2006

AIM Users: Beware of Links

Recently a new worm that propagates itself via AIM began circulating the Internet. Known as W32.pipeline, this worm transmits itself via AIM, contacting all individuals on the victim's "Buddylist".

The worm sends an innocuous IM message to the individuals on the victim's Buddylist with the message "Hey, would it be okay if I upload this picture of you to my blog?" If the recipient clicks on the link, an executable file that looks like a JPEG will download into a Windows folder.

Once installed, the file then begins to contact other individuals on the new victim computer to infect their machines as well. Another side effect is that the victim computer acts as a botnet, downloading in the background malicious files and viruses onto the computer, and possibly even sending out large quantities of spam

The best solution to this problem is to:

  • If you receive the above IM, ignore it and do not respond. If you receive a suspicious variant, or are unsure, reply to the Instant Message and verify that the person really did send it to you. 3-4 IM messages should verify the status of the sender.
September 18, 2006

Download Critical Firefox Update

Following a week of updates from both Microsoft & Apple, the team over at Mozilla also issued critical updates for its popular Firefox web browser.

The update comes on the heel of multiple vulnerabilities being recently discovered. Secunia.com rates these vulnerabilities as being highly critical, because they allow a remote attacker to exceute arbitrary code, and possibly take over a compromised computer.

These updates should download automatically, however, you can also upgrade your current browser to version 1.5.0.7 by going to:

GetFireFox.com

September 15, 2006

No Patch Yet for Internet Explorer Attack

Following Microsoft's monthly "Tuesday Patch Day", whereby Microsoft provided multiple critical Windows & Office updates, a new vulnerability began circulating the Internet. This new attack specifically targets Internet Explorer and can result in a computer being compromised by an attacker.

Once an individual visits a specially crafted website, the attack can either force IE to crash or the attacker can use the vulnerability to launch arbitrary commands and compromise the victim computer.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. Beyond suggesting that users avoid "bad websites", users are also being told to disable "ActiveX scripting" in IE or secure it to your trusted security zones as a precaution.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.

September 14, 2006

Download Critical Windows Update

On September 13th, Microsoft issued a 3rd patch for an ongoing vulnerability that was cited in August. Following 2 previous updates, Microsoft received multiple reports of computers still being vulnerable to attack. Specifically, the type of attack involves running long, processor-power consuming tasks that may result in serious performance issues.

At this time, it highly recommended to download the latest Microsoft Windows updates.

Download Microsoft updates by going to:http://updates.microsoft.com

September 05, 2006

New MS Word Attack Circulating

There is a critical MS Word vulnerability circulating the Internet and it is appearing as a simple Word document file. This specially crafted Word document contains an embedded trojan file that can put a computer at risk to a malicious attack.

Once the infected Word file is opened, it loads a trojan file onto the computer. Following the trojan's installation, it then initiates a backdoor command that allows more malicious files to be downloaded onto the infected computer. Those malicious files can include keylogging tools, which can be used to record what you type on your computer.

For the moment, Microsoft does not have an update available. Users are being told to not open untrusted Word document files. Once an update is available, a link will be posted in the alerts page.

Confirmed affected systems for this paritcular attack are computers running both Windows 2000 & Microsoft Word 2000. Although not yet confirmed, it is cautioned that this vulnerability may affect other versions of Microsoft Windows and/or Word.

More information regarding this attack can be found here :

MS Word 0-day attack flaw


Update available 09/12/06


Microsoft has stated that there will be one Office and two Windows updates available on 09/12/06 that will address multiple critical vulnerabilities. It is believed that these updates will fix the current Word vulnerability, amongst other exploits. We will issue an alert when this becomes available.

August 25, 2006

Apple, Dell Recall Millions of Laptop Batteries

Due to a few recent cases of Sony-manufactured laptop batteries overheating, and in some cases even exploding, both Apple and Dell have issued free battery recalls. The affected batteries may pose a serious fire risk and potentially injure the user. The affected laptops are:

Apple

  • 12-inch iBook G4
  • 12-inch PowerBook G4
  • 15-inch PowerBook G4

Dell

  • Latitude
  • Precision
  • Inspiron
  • XPS

Consumers that are affected by the recall are being told to remove the battery immediately and to power the laptop via the AC adapter only.

To find out if your laptop is affected by the recall, visit the corresponding manufacturer's battery recall information website:

Apple Battery Exchange Program iBook G4 and PowerBook G4

Dell Battery Return Program