Past Security Articles and Announcements

1/31/2008 - Veridian Credit Union Phishing Scam

A malicious e-mail is circulating claiming to be from Veridian Credit Union. This email is fraudulent. The University is blocking all traffic to and from the originating domain. See http://www.veridiancu.org/whats_new/security_alert.asp for more information. The text of the email is listed below.

Dear Veridian C.U. Customer,

We have detected unusual activity in your online account, caused by a 3rd-party intrusion. There were made several charges to your credit card. In order to cancel these charges, complete our online form by clicking on the following link:
Click here to access the online form (link removed)

By completing our online form your are in accordance with our Terms of Agreement and your online access will be continued as normal. Thank you for taking your time!
Please do not reply to this notification email as it will not be reviewed.
Copyright Veridian C.U., 2007

1/23/2008 - Malicious E-mail Requesting Account Verification

A malicious e-mail is circulating claiming to be from the "UIOWA.EDU TEAM" and requesting e-mail account verification, including passwords. The e-mail is a phishing scam and was not sent by the University of Iowa. ITS is working to block all traffic to and from the originating domain. If you receive the e-mail, you can ignore it and delete it. If you responded to the e-mail and included any personal information, including your password, change your Hawk ID password immediately at http://hawkid.uiowa.edu. An example of the e-mail can be found here.

1/16/2008 - Department of Justice Phishing Scam

A phishing scam is currently being spread through e-mail that claims to be from the Department of Justice. The Department of Justice web site lists the following about the scam: The Justice Department continues to be aware of fraudulent spam e-mail messages claiming to be from the Department. THESE EMAIL MESSAGES ARE A HOAX. DO NOT RESPOND. Click here for more information.

10/30/2007 Malicious E-mail Message Reported

Several users have reported receiving an e-mail message with the subject of “Confirm Your Email Address!” that requests you to reply with your password to confirm your email account or risk having your account deactivated (see the text of the message below). This is not a legitimate message. ITS will never request your password be sent in an e-mail. Please delete the message if you receive it. If you have already replied to the message with your password, change your Hawk ID password immediately at http://hawkid.uiowa.edu.

Text of Malicious E-mail Message

Dear uiowa.edu subscriber,

To complete and verify your uiowa.edu account, you must reply to this email immediately and enter your password here (*********)

Failure to do this will immediately render your email address deactivated from our database.

You can also confirm your email address by logging into your uiowa.edu account at https://webmail.uiowa.edu/

Thank you for using UIOWA. EDU!
The University of Iowa Webmail Team

10/30/2007 - IRS Phishing Scam

An e-mail scam is circulating claiming to be from the IRS telling taxpayers that they are eligible to receive a tax refund. The e-mail, however, directs you to a web page that requests personal information, such as social security number and credit card number. This e-mail is a phishing scam. Click here for more information.

8/31/007 - Safety in Social Networking

Blogs and social networking sites such as Facebook and MySpace allow for the posting and publishing of personal information and/or photos that can come back to haunt you. For example, it is becoming common for employers or investigators to search for information on current or potential employees by "Googling" them or seeking out and reading their blogs or Facebook sites for suspect or damaging information. Also, problems due to identity theft, web stalkers and Internet predators are serious issues that justifiably get a lot of press and attention. Keep yourself safe online by following these web best practices and Facebook security practices.

8/20/2007 - Storm Worm Virus Spreading Through E-mail "Postcards"

A Trojan horse virus known as Storm Worm or Trojan.Peacomm is currently spreading over e-mail around the nation, including the University of Iowa campus. The virus relies on users to click on links in unsolicited e-mail, often posing as an electronic greeting card or a news video with a sensational headline. Clicking on the link prompts you to install software, which will infect your computer, disable antivirus software, and allow your machine to be remotely controlled, sending the virus out to other users on the network.

Symantec AntiVirus has identified the Storm Worm virus Trojan.Peacomm. Virus definitions dated January 19, 2007, or later can detect it, but since the virus relies on social engineering in e-mail (that is, you must click on a link to activate it), it will not prevent it from being installed. For more information see: http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99.

Contact the ITS Help Desk at 319-384-4357 immediately if you think you've been infected with the Storm Worm virus. Scroll down for more information about protecting your computer.

10/12/2006 - Stay Secure - Update Your Computer's Operating System

An important part of keeping your computer safe from viruses and malicious attacks is updating your operating system (OS) regularly. See Protect Your Computer for more information on keeping your computer safe and updating your operating system.

6/1/2006 - Security Patches Available for Symantec AntiVirus 10.1.0.394

Symantec has released security patches for Symantec AntiVirus Corporate Edition. If you are running SAV 10.1.0.394 (click here for help checking your version of SAV), you should download and install the patches from Symantec AntiVirus page of the ITS Software Download site. If you are running a previous version of Symantec AntiVirus, you should download and install the latest version of SAV to help ensure your computer's security.

5/25/2006 - Potential Exploit in Symantec AntiVirus Products

Symantec has announced a potential vulnerability in several of their products that could allow for a malicious attack on an affected computer. Symantec has released IPS signatures to protect against such attacks and suggests customers run LiveUpdate to make sure the signatures have been applied. For more information, see the Symantec Security Bulletin from May 25, 2006.

4/26/2006 - Symantec AntiVirus Corporate Edition Now Available for Mac OS 10

Symantec has released a corporate edition version of their AntiVirus product for Mac OS 10.3 and above called Symantec AntiVirus 10. The previous antivirus software available on the ITS Software Download site was the consumer based product, Norton AntiVirus. ITS is making the switch to supporting the corporate edition of Symantec AntiVirus 10 for Mac because the consumer based Norton AntiVirus may soon no longer be licensed for University use. Click here for download and installation instructions.

3/28/2006 - Symantec AntiVirus 10.0.1 Available for Windows Vista

Symantec has provided a version of their Corporate Edition AntiVirus software that is tweaked to run on Windows Vista Pre-release builds. It should be noted that this software is not a beta version of Symantec's software that will be specifically designed to run on Windows Vista. There is no support currently available for this software either through Symantec or through the ITS Help Desk, but if you wish to get more information you may visit this site. You may download the software from the ITS Software Services Site here (requires authentication).

1/27/2006 - E-mail Attachment Virus Threat

An e-mail is currently circulating with a message about a potential sexual assault on campus (From: admin@southern.edu, Subject: Rape on Campus). The e-mail is a hoax attempting to trick users into launching an attachment with a supposed picture or video of the suspect, asking for help with identification. The attachment includes a virus. The University's campus gateway is blocking and stripping the attachment (suspect photo.exe) from the e-mail. If you receive this e-mail in your University account, you can delete it. If you use a non-University account and receive this message with the attachment, you should delete the e-mail; do not click on the attachment.

10/20/2005 - Avoid Instant Messenger Viruses

You've just clicked on a link you received from your buddy via an instant messaging program (AIM, MSN, etc.). What happens next? Unfortunately a lot more than you may think. Click here for more information.

10/12/2005 - PayPal Phishing Scam

A PayPal phishing scam is currently being spread through e-mail (view the text of the e-mail). This scam is more sophisticated than previous scams in that it accesses PayPal cookies on your local system and uses your PayPal username or e-mail, making it look more official. As a general practice, reputable companies will not ask you in an e-mail to enter personal information on a web site. See the ITS Help Desk Security Center Phishing page for more information about phishing scams and how to protect yourself.

8/15/2005 - W32.Zotob.A Virus

A new virus, W32.Zotob.A, has been detected that takes advantage of Microsoft vulnerabilities announced last week. The worm spreads via port 445, and a user can be infected without taking action. Windows computers that are fully patched and have a firewall turned on should not be vulnerable to this virus. See Protect Your Computer on the main Security Center page for more information on keeping your computer safe. The following Symantec security response article provides more information on the W32.Zotob.A virus: http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.a.html .

8/8/2005 - CoolWebSearch Spyware

A recent identity-theft ring was discovered centering around a spyware program known as CoolWebSearch. CoolWebSearch is a "browser hijacker" and one of the most difficult spyware programs to remove. The software "hijacks" your web browser home page and can send personal information, such as passwords, credit card numbers, etc. to a remote server. Click the link above to learn more about CoolWebSearch and how to remove it.

6/23/2005 - MarketScore Spyware

The ITS Security Office has seen increased instances of the MarketScore (also known as RelevantKnowledge) spyware program on the network. MarketScore is a spyware program that poses an extreme security risk and has special instructions for removal. Click the link above for more information about MarketScore spyware and how to remove it.

5/5/2005 - What really happens when you click on a link in an instant messenger program

4/14/2005 - MSN Messenger Virus

A new virus threat is spreading through MSN Messenger. The virus arrives as a link named "unknown@hotmail.com." At this time, several computers in the residence halls have been infected, resulting in disabled ports and loss of Internet access. Infected computers must be reformatted (see the Help Desk Software Repair and Troubleshooting Support site for assistance). Contact the Help Desk if you have questions or think you may have been infected.

3/16/2001 - How do you know if a web site is secure?

Sending personal or confidential information such as your social security, bank account, or credit card number over the Internet can put you at risk of fraud or identity theft. Click here to learn how to minimize those risks and how to identify secure web sites.

3/7/2005 - Sdbot Instant Messenger Virus Alert- AIM, MSN Messenger

There is a virus circulating through instant messaging programs, including AOL Instant Messenger (AIM) and MSN Messenger, that can track keystrokes (passwords, credit card numbers, etc.) and sends itself to all members on your list. The virus, a variation of Sdbot, sends a message directing you to click on a link to a web site. Clicking on the link will infect your machine and expose those on your buddy list to the virus.

Sdbot alters the operating system of the machine to hide itself. It installs a keystroke logging program that captures and sends everything typed on the keyboard (including passwords, account numbers, etc.) to a remote site, and also has a program that steals software license keys and other private information with resale value. The worm scans the Internet for machines that have not been updated which it can infect, breaks into neighboring machines with easy-to-guess or blank passwords, and uses your AIM to send everyone in your buddy list a message with a link to the virus. The virus installs a "back door" program so that a hacker can control your computer from anywhere on the Internet.

The only way to repair infected machines is a complete system rebuild, which involves erasing all of the information on the computer and reinstalling the operating system. If your machine is infected by this virus, stop using the infected machine immediately and change all of your passwords (from an ITC or other "clean" machine).

If you have questions or need assistance, please contact the ITS Help Desk.

2/16/2005 - AOL Instant Messenger Virus Alert

There is a virus circulating through the buddy list feature of AOL Instant Messenger (AIM) that can track keystrokes (passwords, credit card numbers, etc.) and sends itself to all members on your list. The virus, a variation of Sdbot, sends a message directing you to click on a link to a web site. Clicking on the link will infect your machine and expose those on your buddy list to the virus.

2/8/2005 - Symantec AntiVirus Vulnerability

Symantec has confirmed a vulnerability in many versions of Symantec and Norton AntiVirus that could allow a file that is scanned by the antivirus software to execute malicious code and compromise the machine. The versions of Symantec and Norton AntiVirus products that are affected are listed in this security response from Symantec.

ITS recommends using the latest version of Symantec AntiVirus Corporate Edition (version 9.0.3 for Windows) or Norton AntiVirus Corporate Edition (version 9.0.2 for Mac), available to University of Iowa students, faculty and staff through the Software Download site. For more information or if you have further questions, feel free to contact the ITS Help Desk.

1/20/2005 - Instant Messenger Virus: Bestfriends.scr

There is a virus circulating through the buddy list feature of AOL Instant Messenger (AIM) that can track keystrokes (passwords, credit card numbers, etc.) and sends itself to all members on your list. The virus, a variation of SDbot, sends a message directing you to click on a link to a web site that ends in "bestfriends.scr" or "shrek2.scr." Clicking on the link will infect your machine and expose those on your buddy list to the virus.

If you have been infected with this virus, you will not be allowed to access the University's network until the virus has been removed. In most cases, this means reformatting the computer (erasing all data and reinstalling the operating system). If you have further questions, feel free to contact the ITS Help Desk.

12/16/2004 - MarketScore Spyware

New spyware has been found to route secure information through the companies servers causing a potential security risk. Click on the link to learn how to remove MarketScore spyware from your computer.

11/9/2004 - E-Mail Scam: PayPal Phishing Scam

There is a virus e-mail being circulated that appear to be from PayPal, an online payment service. The contents of the e-mail are:

Congratulations! PayPal has successfully charged $175 to your credit card.
Your order tracking number is A866DEC0, and your item will be shipped within three business days.

To see details please click this link.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This email is being sent by an automated message system and the reply will not be received.

Thank you for using PayPal.

If you receive one of these messages, just delete them. If you have further questions, feel free to contact the ITS Help Desk.

Return to Security Center

Last Updated: 04/24/2008