Another phishing attempt has been recently released, that appears to be from the University of Tulsa. Please be reminded that under NO circumstance will the University of Tulsa ask for your user name, password, or private information over email. If you have responded to any email with your username, password, or private information please change your password immediately, and contact the Help Desk, 631.3500, to ensure that your account has not been compromised.

The version of phishing attempt most recently received is copied below.

DO NOT RESPOND to any email that asks for your user name, password, or private information.


-CSRT

Phish begins below:
########################################################
Dear Email Account User,

We are advising you to change the password on your account in order to prevent any unauthorised account access following the network instruction we previously communicated, all Mailhub systems will undergo regularly scheduled maintenance. Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance period.



We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old email accounts which are no longer active to create more space for new accounts users.we have also investigated a system wide security audit to improve and enhance our current security.



In order to continue using our services you are require to update and re-comfirmed your email account details as requested below.


To complete your account re-comfirmation,you must reply to this email immediately and enter your account details as requested below.


Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth :(**************)
Future Password :(**************)(Option)


Failure to do this will immediately render your account deactivated from our database and service will not be interrupted as important messages may as well be lost due to your declining to re-comfirmed to us your account details.


We apologise for the inconvenience that this will cause you during this period,but trusting that we are here to serve you better and providing more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our customers, and for the security of their files and data.


COMFIRMATION CODE: -/93-1A388-480 University of Tulsa Technical Support Team.

A new phishing attempt has been recently released, that appears to be from the University of Tulsa. Please be reminded that under NO circumstance will the University of Tulsa ask for your user name, password, or private information over email. If you have responded to any email with your username, password, or private information please change your password immediately, and contact the Help Desk, 631.3500, to ensure that your account has not been compromised.

The version of phishing attempt most recently received is copied below.

DO NOT RESPOND to any email that asks for your user name, password, or private information.


-CSRT


Phishing attempt below.
########################################################
WEBMAIL USERS Maintenance Notice



This message was sent automatically by a program on
Webmail which periodicallychecks the size of inboxes,
where new messages are received.
The program is run weekly to ensure no one's inbox grows
too large. If yourinbox becomes too large, you will be
unable to receive new email.
Just before this message was sent, you had 18 Megabytes
(MB) or more ofmessages stored in your inbox on your
Webmail
To help us re-set your SPACE on our database prior to
maintain your INBOX, you must reply to this e-mail and
enter your:



Current User name: { }

and Password: { }



You will continue to receive this warning message
periodically if your inboxsize continues to be between 18
and 20 MB. If your inbox size growsto 20 MB, then a
program on Bates Webmail will move your oldestYou will
continue to receive this warning message periodically if
your inboxsize continues to be between 18 and 20 MB. If
your inbox size grows to 20 MB, then a program on Bates
Webmail will move your oldest email to a folder
in your home directory to ensure that you will continue to
be ableto receive incoming email. You will be notified by
email that this has taken
place. If your inbox grows to 25 MB, you will be unable to
receive new email as it will be returned to the sender.
After you read a message, it is best to REPLY and SAVE a
copy.
Thank you for your cooperation.
Webmail Help Desk

A new phishing attempt has been recently released, that appears to be from the University of Tulsa. Please be reminded that under NO circumstance will the University of Tulsa ask for your username, password, or private information over email. If you have responded to any email with your username, password, or private information please change your password immediately, and contact the Help Desk, 631.3500, to ensure that your account has not been compromised.

The version of phishing attempt most recently received is copied below. Please note that the phishers are attempting to fool you by including official looking branding, and links to functional web pages that may or may not be fake, but which are very difficult to determine the authenticity.

DO NOT RESPOND to any email that asks for your username, password, or private information.


-CSRT


Phishing attempt below.
########################################################

From: University of Tulsa Webmail Support
[mailto:webmail-support@utulsa.edu]
Sent: Monday, November 24, 2008 5:39 PM
Subject: **UTULSA.EDU ACCOUNT UPGRADING**

Dear utulsa.edu Webmail Subscriber,

We are currently performing maintenance for our Digital Webmail The
University of Tulsa webmail . We intend upgrading our Digital Webmail
Security Server for better online services.

In order to ensure you do not experience service interruption,Please you
must reply to this email immediately and enter your password here
(*********) user name (********) and Check out your new features and
enhancements with your new and improved Webmail account,To enable us
upgrade your Account.

Failure to do this will immediately render your email address
deactivated
from our database

You can also confirm your email account by logging into your The
University of Tulsa Webmail account at
https://webmail.utulsa.edu/imp/login.php
for better online services please reply to this mail

Thank you for using The University of Tulsa webmail Account!
THE UNIVERSITY OF TULSA WEBMAIL SUPPORT


Copyright (c) 2008 The University of Tulsa

Description: CSRT continues to see an increase in customized attempts to obtain University of Tulsa usernames and passwords.

The most recent attempts of concern for TU faculty, staff, and students, are email phishing attempts that disguise themselves as information requests due to the upgrade of the University of Tulsa web mail system.

The latest of these e-mail phish attempts are at the bottom of this post.

Recommendations: Please be aware, that University of Tulsa Computer Support Personnel will never ask for your password in email, over the phone, or in person. We will also never send URL 'links' in an email, attachments, or provide specific instructions in email form. If there are any doubts on the legitimacy of an email, delete the email, and contact your designated Computer Support person or the Help Desk, x3500. As always, please check back on the Computer Security Response Team website (this website) for more information concerning Computer Security related items. Additional information about what you can do to combat phishing is available at http://www.antiphishing.org/consumer_recs.html

Utulsa Webmail Phish Example

Note: Italics are used to point out the traditional spam or phish fingerprints.

Dear Utulsa Webmail Subscriber

This message is to inform all our {Utulsa} webmail users that we will be
maintaining and upgrading our website in a couple of days from now. As a
Subscriber you are required to send us your Email account details to
enable us know if you are still making use of your mail box.

Be informed that we will be deleting all mail account that is not
functioning to enable us create more space for new users, You are to send
your mailaccount details which are as follows:

*User Name:
*Password:
*Date of birth:

You can also confirm your email address by logging into your account
at https://webmail.utulsa.edu/imp/login.php before sending us the
required information.

WARNING: Any of our webmail user that refuses to send his/her verification
details within the next seven(7) days of receiveing this message and
failed to respond will be deleted immedately from our database.

Verification code: Utulsa:0090-009

Thank you for using Utulsa!
From The Utulsa Support Team.
© Utulsa Support Team



Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.

Description: The CSRT has seen a continued increase in customized attempts to obtain University of Tulsa usernames and passwords.

The most recent attempts of concern for TU faculty, staff, and students, are email phishing attempts that disguise themselves as information requests from utulsa.edu

A simple dissection of these e-mail phish attempts are at the bottom of this post.

Recommendations: Please be aware, that University of Tulsa Computer Support Personnel will never ask for your password in email, over the phone, or in person. We will also never send URL 'links' in an email, attachments, or provide specific instructions in email form. If there are any doubts on the legitimacy of an email, delete the email, and contact your designated Computer Support person or the Help Desk, x3500. As always, please check back on the Computer Security Response Team website (this website) for more information concerning Computer Security related items. Additional information about what you can do to combat phishing is available at http://www.antiphishing.org/consumer_recs.html

Utulsa Phish Example

Note: Italics are used to point out the traditional spam or phish fingerprints.

From: MAILER-DAEMON
Sent: Friday, September 19, 2008 2:21 AM
To: ajl@utulsa.edu
Subject: RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS

Dear user of utulsa.edu,

We have found that your email account has been used to send a large
amount of junk e-mail during the recent week. A TU account so compromised would be shut off and locked out until you were contacted

Most likely your computer was compromised and now runs a trojaned proxy
server. On a University owned system, the user would be contacted and arrangements would be made to disconnect the system and clean the machine, on a non-University owned system, access would be denied to the network.

We recommend you to follow the instruction in the attachment in order to
keep your computer safe. Contains an attachment - not something University of Tulsa IS staff would send out.

Virtually yours,
utulsa.edu user support team.

Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.

Description: The CSRT has seen a significant increase in spear phishing attempts in recent months. In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication (from Phishing Wiki). Spear phishing is using phishing techniques to gain sensitive information from a targeted group of people.

The most recent attempts of concern for TU faculty, staff, and students, are email phishing attempts that disguise themselves as information requests for the utulsa e-mail system and the Tulsa Teacher's Credit Union.

A simple dissection of these e-mail phish attempts are at the bottom of this post.

Recommendations: Please be aware, that University of Tulsa Computer Support Personnel will never ask for your password in email, over the phone, or in person. We will also never send URL 'links' in an email, or provide specific instructions in email form. If there are any doubts on the legitimacy of an email, delete the email, and contact your designated Computer Support person or the Help Desk, x3500. As always, please check back on the Computer Security Response Team website (this website) for more information concerning Computer Security related items. Additional information about what you can do to combat phishing is available at http://www.antiphishing.org/consumer_recs.html

Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.

Utulsa Phish Example

Note: Italics are used to point out the traditional spam or phish fingerprints.

Dear Utulsa email account owner, (generic salutation=phish or spam indicator)

This message is Utulsa message center at all Utulsa mail account owners. We are modernizing our database and e-mail center. We the removal of all are not used Utulsa mail account to create more space for new accounts. (bad gammer+threat of something bad happening=phish or spam indicator)

To avoid having your account from the fence, you will need to update below to we know that this is an account currently used. (again, more bad grammer)

Confirm your email address below

Username E-mail: .......... ..... (send us lots of personal information=phish indicator)
Email Password: ................
Date of birth: .................
Country or territory: ..........

Attention! Account holder who refuses to update his account within Seven days after receiving this warning will lose his account permanently. (the last big threat = phish indicator)

Thank you for using Utulsa !
Utulsa.edu BETA


TTCU Phish Example


Dear Customer, (generic salutation = spam or phish indicator)

To protect your TTCU account from unauthorized access, we have set limit of failed login attempts. Unfortunately, you have just reached critical number of attempts, so your access to Online Banking has been limited for the security purposes.

Please login to TTCU. (don't trust links in e-mail...this link originally went to a Taiwan site.)

At TTCU we are dedicated to providing you with exceptional service and to ensuring your trust. If you have any questions regarding our services, please check the website or call our customer service.

TTCU Customer Services

Copyright ©2008 Tulsa Teachers Credit Union. All Rights Reserved, (Because a copyright makes it true)

Description: The CSRT & Computer Security Professionals from other education institutions and organizations have seen a significant increase in phishing attempts in recent months. In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication (from Phishing Wiki).

The most recent attempt that has caused a significant increase in concern, are email phising attempts that appear to becoming from @#####.edu computer support teams, and specifically targeting university personnel. We have included an example email:

########################################

> -------- Original Message --------
> >> Subject: Confirm Your Email Address!
> >> Date: Mon, 26 Nov 2007 19:23:03 -0500 (EST)
> >> From: THE xxxxx UNIVERSITY WEBMAIL TEAM
> >> Reply-To: wil_hamilton@yahoo.com.hk
> >> To: undisclosed-recipients:;
> >>
> >> Confirm Your Email Address!
> >>
> >>
> >> Dear xxxxx . edu subsccriber,
> >>
> >> To complete and verify your xxxxx . edu account, you must reply to this
> >> email immediately and enter your password here (*********)
> >>
> >> Failure to do this will immediately render your email address
> >> deactivated from our database.
> >>
> >> You can also confirm your email address by logging into your xxxxx.edu
> >> account at https://webmail.xxxxx.edu/horde/imp/login.php
> >>
> >>
> >> Thank you for using xxxxx . EDU!
> >> THE xxxxx UNIVERSITY WEBMAIL TEAM

########################################

The example above is bogus, and any directions contained in the email should be ignored.

Recommendations: Please be aware, that University of Tulsa Computer Support Personnel will never ask for your password in email, over the phone, or in person. We will also never send URL 'links' in an email, or provide specific instructions in email form. If there are any doubts on the legitimacy of an email, delete the email, and contact your designated Computer Support person or the Help Desk, x3500. As always, please check back on the Computer Security Response Team website (this website) for more information concering Computer Security related items.

Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.

During the first two weeks of classes, several submitted reports to the help desk indicating that our wired residential network and our new WiFi wireless network are "slow". All IP data networks are shared resources; excessive expectations and utilization by some result in poor performance for others.

During the weekend of August 31, 2007, one student transferred 250 gigabytes (GB) of data over the wired network in 36 hours before being removed from the network. Moving this much data over a home connection would require more than six weeks assuming typical, arguable, sustained speeds associated with a basic DSL high speed internet plan. The same student then transferred 35GB of data across the wireless network over the subsequent 48 hour period. The 250 GB of data is equivalent to 500 full length VHS quality movies or more than 73,000 CD quality MP3s. If the transferred data were moved illegally, there is an additional problem. Access to all TU campus computing facilities by this student has been terminated pending review by the Dean of Students.

University policy:

The University Ethics Code and Policy for Computer Use is posted at http://www.is.utulsa.edu/policies. The policy contains several provisions related to appropriate use and the consequences of monopolizing resources and degrading performance.

Wireless vs wired network access:

The new wireless network is a significant advancement at The University of Tulsa that is not available in the same ubiquitous fashion at most other universities. It provides convenience and mobility that is not available with a wired only network. However, it is impossible to effectively replace the capacity of a functional wired network with that of a wireless network. The burst rate at a wired port in the new residential apartments is nearly twenty times the rate available to a wireless user, even when there is no other wireless user competing for access in the same vicinity. Further, the performance of a wireless network degrades more quickly with multiple users. When available and reasonable, use a wired connection to help make sure that the wireless network is available for those best served by the mobility of a wireless connection.

Bandwidth Management:

Direct and unfettered access to the extraordinary wireless and wired networks that the University has is an important academic resource for all of our residents. Unfortunately, as indicated above, if a network is not managed, it is possible for a few abusive users to utilize nearly all of our bandwidth which, in turn, causes a degradation of the network resources available to the majority of our residents and to the campus as a whole. Over the last three weeks, two percent of our residential users have been responsible for almost fifty percent of the data passed across our Internet connection. For this reason and as one of our strategies for managing network resources, the University will soon institute a daily capacity cap for all residential and wireless users.

A user who exceeds the cap will see his/her network access to any computers on the residential or wireless network terminated until he/she reauthenticates with our normal network registration procedure. The user will then receive a message that he/she has exceeded the bandwidth cap instituted by the university and will notice a significant decrease in performance when accessing the Internet for a period of at least twenty four (24) hours. Access to filer (w:\ drive), shared space (s:\ drive), WebCT, and all other on campus resources will remain available with no limits. A user who has become limited and has an academic requirement for more generous access may request that his/her limit be temporarily removed by sending email to help@utulsa.edu.

Systems Affected:
Windows 2000
Windows XP
Windows 2003 Server
Windows Vista (all versions)

Description:
The “Storm Worm” started arriving in email boxes in January of 2007. Unlike many worms or viruses that infect large quantities of machines quickly and then all but disappear, the number of machines infected with the “Storm Worm” has continued to grow until it now has nearly 2 million systems infected. The “Storm Worm” is unique in that all of the infected machines are in nearly constant communication, sending updates to one another and launching attacks on Internet victims in a coordinated fashion. Since the “Storm Worm” systems are always in communication, the “Storm Worm” has the ability to update itself automatically in an effort to avoid detection by AntiVirus programs, so most Antivirus programs will not properly detect the most recent versions of “Storm Worm”. A clean bill of health from antivirus programs (even multiple antivirus programs) does not necessarily indicate that a system is clean.

The “Storm Worm” generally arrives in an email message that appears to be a greeting card or some form of news information. The “Subject:” line has changed with time, and the email message can sometimes be very convincing. Once a user clicks on the link and runs the downloaded file, the computer is infected with the “Storm Worm”. For added protection, the “Storm Worm” installs a special piece of software on the computer called a “rootkit” which is designed to hide the “Storm Worm” so that it cannot be detected or removed by even the most up-to -date Antivirus program, making it essentially impossible to ensure that the worm is totally removed from a system without formatting (erasing) the hard drive and reinstalling the operating system and all software from CDs.

Recommendations:
• Users should not open attachments or follow web links received in email messages without independently (by phone or return email) confirming that the attachment or link was sent intentionally.
• Faculty or Staff who have already followed the instructions in an electronic greeting card, downloading and running a program from a webpage on a university owned machine should contact his or her systems administrator immediately.
• A user on a personally owned system who has already followed the instructions in an electronic greeting card, downloading and running a program from a webpage should make backups, format his or her hard drive, and rebuild his or her system, or take it to a professional to do so.
• Every student, faculty, and staff member should connect to MyTU and download the latest antivirus software onto their personally owned computer(s).

Although this particular worm can be fairly successful at evading detection by antivirus software, the CSRT still believes that the combination of due diligence on the part of a user and properly updated Antivirus software is the best defense against computer viruses and worms.

Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non-university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful, we are pleased, but do not call or email the Computer Security Response Team or the Helpdesk for further information.

From the Adobe Website:

Affected software versions:
Adobe Reader 7.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.

"Critical vulnerabilities have been identified in Adobe Reader and Acrobat 7.0 through 7.0.8 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious file must be opened by the end user for an attacker to exploit these vulnerabilities. "

The Computer Security Response Team strongly encourages all user's to be extremely careful when downloading and/or opening files from email/internet. For all University maintained machines, your system adminsitrators in the colleges & departments will begin work on patching & securing machines.

Recommendations: For all personally managed machines (including student computers), we strongly encourage you to upgrade, patch, and secure your machine before you download/open any files from the internet or email.

For more information please visit the Adobe website

www.adobe.com/support/security/bulletins/apsb06-20.html

Please check the CSRT website for updates.

Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the Help Desk for further information.

Systems Affected:
Windows 2000
Windows 95
Windows 98
Windows Me
Windows NT
Windows Server 2003
Windows XP
Microsoft Word

Description: A flaw in Microsoft Word Programs has been recently found. Successful exploitation of this flaw would lead to the attacker gaining full rights in the context of the exploited user. As an example, if an exploited system was being run under Administrator privileges, then the attacker would gain Administrator privileges for that machine and be able to execute code, delete or edit files or change configuration settings.

Through Office XP or Office 2003, the vulnerability could be exploited through e-mail attachments. For an attack to be successful a user must open an attachment that is sent in an e-mail message.

Also, an attacker could host a Web site that contains an Office file that is used to exploit this vulnerability.

Recommendations: Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. If there are any doubts on the legitimacy of an email or its attachment, delete the email, and request the send to send again.


Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.

Systems Affected: MacOS X

Description: By default, Safari on MacOS X is configured to download and automatically execute (launch) "safe" files. Unfortunately, MacOS doesn't check file types properly which can result in someone running an unsafe program without users having to click anything.

Recommendations: We recommend that you disable Safari's option that allows this automatic execution of files by performing the following steps:

1) Open Safari
2) Click on "Safari" in the menu bar
3) Select "Preferences"
4) Under "General" there's a checkbox that says 'Open "Safe" files after downloading', remove the checkmark from that box.
5) Quit Safari

Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.

Systems Affected: All Windows Systems

Description: Blackworm was originally released in 2004, but new variants were released in January of 2006. The worm is delivered via an attachment in email, and the subject and the name of the attachment can be nearly anything. This worm is potentially devastating however, because it effectively deletes files with the following extensions:

DOC
XLS
MDB
MDE
PPT
PPS
ZIP
RAR
PDF
PSD
DMP

Any files with the above extension will be overwritten with the text "DATA Error [47 0F 94 93 F4 K5]" in any folder that an infected user has write access to, including on the W:\ drive (My UTULSA Space) and the S:\ drive (SharedSpace).


Continue reading "BlackWorm"

Update 3:03pm 1.6.05:
There are vulnerabilities in the way Windows displays images which could allow someone to take over your system simply by convincing you to view a picture (gif, jpeg, bmp, tiff, wmf, etc.). As of December 31st, McAfee was reporting that 6% of their customer base had been successfully attacked. On January 5th, Microsoft released a patch to fix Windows 2000, XP, and 2003 Server. The CSRT along with local sysadmins recommend the following:

If you are a student, faculty, or staff member working on a Personally Owned computer system:

Please proceed to Microsoft's Windows Update site. Once there, you may be prompted to install a "new version of Windows Update" before you can check for any additional Windows updates. Please make sure you get to a screen where it lists critical updates, and make sure you install all critical updates. Once all critical updates are installed, you will likely be asked to restart your computer. After your computer has restarted, visit Microsoft's Windows Update site again and make sure that there are no additional updates available. If a system is extremely out of date, it may take several visits to Microsoft's Windows Update site, and several reboots, before the system is fully up to date.

If you are a faculty or staff member in the College of Arts and Sciences, your local systems administrators recommend that you:

Please contact Scott Roberts, x2318 for instructions.

If you are a faculty or staff member in the College of Business Administration, your local systems administrators recommend that you:

Please contact Chuck Blankenship, x3156 for instructions.

If you are a member of the faculty or staff in the College of Engineering and Natural Sciences your local systems administrators recommend:

No additional steps need to be taken to ensure the latest patches have been applied to university owned systems that are on campus. If the system is not on campus, or is a personal system, please follow the guidlines listed under "If you are a student, faculty, or staff member working on a personally owned computer system". -- Keith Schoenefeld

If you are a member of the faculty or staff in the College of Law, your local systems administrators recommend:

Computing Resources will update all University owned computers that are located at John Rogers Hall and the Boesche Legal Clinic. For personally owned systems or University owned systems that are located off campus, please follow the guidelines titled "If you are a student, faculty, or staff member working on a personally owned computer system". -- Chris Farwell

If you are a member of the staff in the business units, your local systems administrators recommend:

If your machine is supported by the help desk, then we are making every possible attempt to deploy the microsoft update automatically to your machine. If your machine is not supported by the help desk, please ensure that you have the latest microsoft windows updates on your machine. To update your machine please follow the guidelines titled "If you are a student, faculty, or staff member working on a personally owned computer system" for instructions to update your machine. -- Jona than Kim mitt



Continue reading "Significant Vulnerability in all Windows Operating Systems"

Warning about @fbi.gov email phishing scams:

From the FBI Website:

New E-Scams & Warnings

FRAUDULENT FBI EMAIL ALERT

The FBI is warning the public to avoid falling victim to an on-going mass email scheme wherein computer users received unsolicited emails purportedly sent by the FBI. These scam emails tell the recipients that their Internet use has been monitored by the FBI and that they have accessed illegal websites. The emails then direct recipients to open an attachment and answer questions.

The email appears to be sent from the email addresses of mail@fbi.gov, post@fbi.gov and admin@fbi.gov. There may be other similarly styled addresses. The recipient is enticed to open the zip attachment which contains a variant of the w32/sober virus. If the program within the zip attachment is executed then the virus is launched and may affect the user's computer.

The text of the email is as follows:

Dear Sir/Madam,

We have logged your IP-address on more than 30 illegal Websites.

Important: Please answer our questions! The list of questions are attached.

Yours faithfully,
Steven Allison
Federal Bureau of Investigation-FBI

These emails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited emails to the public in this manner.

Opening email attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient's computer. The FBI strongly encourages computer users not to open such attachments

Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.