Contents: Latest news New Virus Alert (October 6, 2005) Virus Alert -- "Sober" (May 2, 2005) Microsoft Update Scam (April 10, 2005) MSN Messenger Virus (March 7, 2005) Fraud alert (November 23, 2004) Kellogg Spam control efforts (November 23, 2004) Virus alert (November 8, 2004) Quick Links: Best practices for computer security & virus prevention Symantec AntiVirus Documentation Previous Virus Alerts Computer and Network Security from Northwestern IT

New Virus Alert October 6 , 2005 A pair of new computer viruses are spreading quickly on the Internet. You may receive an email message with an attached .ZIP or .EXE file. Please be very cautious when opening attachments, even if sent by someone you know. DO NOT OPEN THE FILE – it will infect your computer with a virus. Just close the message and delete it if you get a copy. Update your Symantec Antivirus - Symantec has just released new antivirus definitions. To update your antivirus definitions, go to Start > select Symantec Antivirus > and then click the LiveUpdate button on the lower right hand side of the Symantec window. Once the update installs, click Close, and exit out of Symantec Antivirus. If you have opened a .ZIP file or clicked on the .EXE file from a message like this, please contact the KIS Technical Support Center at (847) 467-2100, kis-help@kellogg.northwestern.edu, or visit us at the Jacobs Center, room 163. Virus Alert -- "Sober" May 2, 2005 A new computer virus is spreading quickly on the Internet. You may receive an email message with an attached ZIP file. DO NOT OPEN THE ZIP FILE – it will infect your computer with a virus. Just close the message if you get a copy. The virus messages are often forged to look like notifications of email delivery errors. Another version of the message says “Account and Password Information are attached!” Both versions include a virus-infected ZIP file. An example of a message generated by the virus is included at right. If you have opened a ZIP file from a message like this, please stop by our Technical Support Center (TSC) in Jacobs Center room 163, call us at 847-467-2100 or email kis-help@kellogg.northwestern.edu.   We recommend updating Symantec AntiVirus to help protect your computer. To update Symantec AntiVirus, double-click the yellow shield () in the bottom right corner of the screen, then click the LiveUpdate button. If you have any questions, please call the TSC at 847-467-2100 or email kis-help@kellogg.northwestern.edu. Microsoft Update Scam April 10, 2005 A new campaign by computer hackers uses a Web site disguised as Microsoft's Windows Update page to trick users into infecting their computers with a Trojan horse remote access program. This program could give hackers complete control of your computer. The scam uses e-mail messages that appear to come from Microsoft to get recipients to visit the fake Microsoft web page and download the malicious program.  The messages have subject lines like "Update your windows machine" or "Urgent Windows Update.” A link in the body of the e-mail message appears to take users to the Microsoft Windows Update Web site, but actually forwards them to a Web site operated by the hackers and installs a Trojan horse program.  The site looks very much like the actual Microsoft Windows Update page and displays Microsoft's corporate logo. A screen shot of the fake site is included below: Everyone should be on guard when receiving an unsolicited e-mail that contains an attachment or asks the reader to click a link to a Web page.  These types of messages are generally “Phishing” scams. Phishing is a form of online identity theft that uses spoof e-mails and fraudulent Web sites, among other techniques, to lure people into divulging personal financial data such as credit card numbers, account usernames, passwords, and, social security numbers.  This particular attack is infecting computers with a program that opens a back door that allows the hackers to remotely control your computer. Although the Web page used in the latest attack has been disabled, those behind the scam could post the content in a new location and restart the attack.  Microsoft does not directly email security updates to students. Kellogg Information Systems will email students if there is a security threat, and these messages will always be signed by a KIS staff member. If you are suspicious of any security warnings you receive, please contact KIS. KIS did send out a message Thursday about the Windows XP Service Pack 2 Upgrade, which we encourage students to install, if you have not done so already. The documentation is also available online here: www.kellogg.northwestern.edu/kis/laptop/updates/xpsp2/ If you visited the fake Microsoft site pictured above, or if you have any questions, please stop by the KIS Technical Support Center in Jacobs Center room 163, call us at 847-467-2100 or email kis-help@kellogg.northwestern.edu. MSN Messenger Virus ("Kelvir") March 7, 2005 A new computer virus is spreading on the Internet. You may receive a message through MSN Messenger from someone you know asking you to click on a link. This message is a virus. DO NOT CLICK ON THE LINK - it will infect your computer with a virus. Just close the message if you get a copy. The message will say "omg this is so funny!" (or something similar) followed by a web link. An example of the instant message is included below: Full-time Students: If you have clicked on the link in a messenger message like this please stop by the Technical Support Center (TSC), call 847-467-2100 or email kis-help@kellogg.northwestern.edu. Faculty & Staff: If you have clicked on a similar link please enter a Service Request in the Service Request System. We recommend updating Symantec AntiVirus to help protect your computer. To update Symantec AntiVirus, double-click the yellow shield () in the bottom right corner of the screen, then click the LiveUpdate button. If you have any questions, please call the TSC at 847-467-2100 or email kis-help@kellogg.northwestern.edu. See also: Symantec Security Response article on the virus, "Kelvir.b" Click for larger image Fraud Alert November 23, 2004 A new form of online fraud, dubbed "phishing," attempts to trick victims into providing personal information such as bank account numbers. Potential victims receive an email that appears to be sent by a bank (such as CitiBank, SunTrust Bank, Wells Fargo, etc.) asking the recipient to click a link and "confirm" their account information. The links appear to be legitimate, but recipients are actually directed to another web site. The third-party site takes advantage of vulnerabilities in Internet Explorer to display the correct login page (for example, CitiBank's login page), then open a pop-up window requesting the bank account number or username & password. This information is not submitted to the financial institution but rather the scam artists who sent the email. Hovering your mouse cursor over the message reveals that the message is actually an image file that links to a different web site than the one listed in the email. Looking for hidden URLs by hovering your mouse over the message can be a good way to identify fraudulent emails, but in general, you should be skeptical of any email from a financial institution that is not a regular/monthly account statement. When in doubt, type in the URL to the bank's front page (i.e., www.citibank.com) and login to your account instead of clicking an emailed link. Kellogg Spam Control Efforts November 23, 2004 KIS is aware of the concerns expressed by club members regarding SPAM messages being sent to Kellogg student club lists. We too are concerned about SPAM, the inconvenience it causes and the added load on the network and email servers worldwide. There are a number of steps that are being initiated to help stop SPAM from reaching Kellogg email lists. In our efforts to control SPAM, we also run the risk of deleting or delaying legitimate and important email messages. As a result of the risk of deleting critical electronic communications, KIS must move carefully in making changes to Kellogg email lists. KIS is in the process of making major change to the MailSite server which manages our email lists. Once this is complete, MailSite will be able to distinguish if a message is coming from within the northwestern.edu domain. Once key club lists are moved into the northwestern domain only area, no messages will be relayed that are not sent from the northwestern.edu domain. This should significantly cut down on SPAM being sent to club lists. KIS is working with the KSA VP of Technology, Mike Baird, as well as club leaders, to define the best approach for all Kellogg club lists. We ask your patience and understanding as we confront this issue. The Internet has been a wonderful place and email has changed how we communicate. Unfortunately, other people have realized the power of the Internet and email too and are now using its power in a negative way. Another option that exists for carefully controlling what is sent to an email list is moderation. The class lists are moderated to prevent unwanted messages such as SPAM from reaching 1200 recipients. Moderation is the safest method for controlling what goes out, but the moderator must take responsibility for checking the queue daily. Often times, students wait until the last minute to email the list and if the moderator has already checked the queue for the day, their message may not go out for 24 hours. This is the biggest drawback to moderation, it takes manual management. For more information on moderating a club mailing list, click here. SPAM as well as computer viruses and Spyware have made IT organizations world-wide struggle to find the best approach to making the Internet and email once again friendly and effective. Virus Alert November 8, 2004 A new computer virus is spreading on the Internet. You may receive an email from PayPal informing you that your credit card has been charged. This email is a hoax. DO NOT CLICK ON THE LINK – it will infect your computer with a virus. Just delete the message if you get a copy. We have included an example of the message below: Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days. To see details please click this link. DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This email is being sent by an automated message system and the reply will not be received. Thank you for using PayPal. If you have clicked on the link in an email like this please bring your computer to the Technical Support Center (TSC) in Jacobs Center room 163. If you have any questions, please stop by the TSC, call us at 847-467-2100 or email kis-help@kellogg.northwestern.edu.