|
Search This Site: |
 |
||||
|
|
|
|||
|
|
||||
Select a topic below
hoax alerts scam / fraud alerts virus warnings filtered notifications FAQThis page contains pertinent information and links to sites which contain important virus and malware information.
January 24, 2008
A recently discovered trojan that affects Mac computers has been found on campus. On Jan 24, 2008, CIS posted a tool to remove the trojan.
It is known as OSX/Puper (aka OSX.RSPlug.A) Trojan . To access the tool to remove the trojan, enter the following URL into the address field of your browser.
http://132.177.212.103
and look for the Stop Puper tool under Additional Resources.
The symptoms include losing connectivity after a brief connection, arriving at inappropriate webpages when following a link, and having the DNS settings redirected to non-UNH addresses.
Hoaxes are e-mail warnings that contain information about security issues that are not actual threats. These messages should be deleted immediately without being viewed. All virus related announcements pertaining to the University community will be directed from the department of CIS.
The following link will take you to Network Associates for more information:
http://vil.nai.com/vil/hoaxes.aspx
Scam / Fraud Alerts | back to top
The following is a list of current Scams and Frauds that are going around. Please be sure to read these carefully. Below each you will find a link to more information about the given Scam or Fraud alert.
The latest information from the FBI regarding Scams and Frauds can be found at
http://www.fbi.gov/majcases/fraud/fraudschemes.htm
- PHONE SCAM - 809 AREA CODE
- CHARTER ONE BANK
- MICROSOFT ANTI-PIRACY/CREDIT CARD SCAM
- FRAUD ALERT FROM BANK NORTH
- EBAY ACCOUNT SUSPENSION NOTICE
Virus Warnings | back to top |
The following is a list of known virus warnings. To get more information about any of the viruses listed, simply click on the associated link. The list is sorted from most recent to oldest.
To view the lastest threats as reported by McAfee, click http://us.mcafee.com/virusInfo/default.asp
- 8/17/2005 - W32/IRCbot.worm!MS05-039
- 7/20/2005 - W32/Sdbot.worm.gen.ac (ED)
- 5/2/2005 - W32/Oscarbot
- 4/15/2005 - MultiDropper-MY
- 4/15/2005 - BackDoor-CQY
- 3/18/2005 - StartPage-GT
- 3/18/2005 - Proxy-Agent.e
- 3/14/2005 - W32/Kelvir.worm.gen
- 3/14/2005 - W32/NoChod@MM
- 3/9/2005 - SymbOS/Commwarrior.b!sys
- 3/9/2005 - W32/Kelvir.worm.f
- 3/9/2005 - SymbOS/Commwarrior.a!sys
- 3/4/2005 - Downloader-WJ
- 3/3/2005 - W32/Mytob.gen@MM
- 3/3/2005 - W32/Bagle.dldr
- 3/2/2005 - W32/Mydoom.bi@MM
- 3/2/2005 - W32/Bagle.bn@MM
- 2/28/2005 - PWS-Goldun.dr
- 2/28/2005 - PWS-QQRob
- 2/28/2005 - W32/Mydoom.bg@MM
- 2/22/2005 - W32/Bropia.worm.q
- 2/22/2005 - W32/Mydoom.bf@MM
- 2/21/2005 - W32/Mydoom.be@MM
- 2/21/2005 - W32/Derdero.a@MM
- 2/21/2005 - W32/Sober.l@MM
- 2/19/2005 - W32/Mydoom.bc@MM
- 2/19/2005 - W32/Mydoom.bd@MM
- 2/19/2005 - W32/Bropia.worm.p
- 2/17/2005 - W32/Mydoom.bb@MM
- 1/31/2005 - W32/Sober.k@MM
- 1/31/2005 - W32/Bagle.bl@MM
- 1/27/2005 - W32/Bagle.bj@MM
- 11/10/2004 - W32/Mydoom.ah@MM
- 11/9/2004 - W32/Mydoom.ag@MM
- 10/14/2004 - W32/Netsky.ag@MM
- 9/28/2004 - W32/Bagle.az@mm
- 8/16/2004 - W32/Mydoom.s@MM
- 8/10/2004 - W32/Bagle.aq@MM
- 8/5/2004 - w32/Gaobot
- 7/26/2004 - W32/Mydoom.o@MM
- 3/10/2004 - Nachi.b
- 3/8/2004 - W32/Sober.d@MM
- 3/3/2004 - W32/Bagle.K@MM
- 1/27/2004 - W32/Mydoom@MM
- 1/19/2004 - W32/bagle@MM
- 11/14/2003 - W32/Mimail.i@MM
- 10/31/2003 - W32/Mimail.c@MM
- 10/24/2003 - W32/Alphx.worm
- 9/18/2003 - W32/Swen@MM
- 8/28/2003 - W32/Dumaru.a@MM
- 8/19/2003 - W32/Sobig.f@MM
- 8/18/2003 - W32/Nachi.worm
- 8/11/2003 - W32/Lovsan.worm
- 8/1/2003 - W32/Mimail@MM
- 6/25/2003 - Sobig.E
- 6/5/2003 - Bugbear.B
- 5/19/2003 - Palyh@MM
- 5/12/2003 - W32/Fizzer@MM
- 3/12/2003 - W32/Nicehello@MM
- 3/10/2003 - W32/Deloder.worm
- 2/24/2003 - Lovgate@M
- 1/13/2003 - Sobig@MM
- 1/8/2003 - Lirva.a
- 12/30/2002 - Yaha.k
- 9/30/2002 - BugBear@MM
- 7/15/2002 - Frethem.I
- 4/26/2002 - W32/MyLife.j@MM
- 4/23/2002 - W32/Klez.h@MM
- 4/22/2002 - W32/Klez.e@MM
- 3/26/2002 - W32/MyLife.b@MM
- 3/18/2002 - W32/Gibe@MM
- 3/15/2002 - W32/Fbound.c@MM
- 2/19/2002 - W32/Yarner@MM
- 1/28/2002 - W32/Myparty.a@MM
- 12/5/2001 - W32/Goner@MM
- 9/18/2001 - W32.Nimda.A@MM
- 7/20/2001 - W32/SirCam@MM
- 7/20/2001 - Code Red
Filtered Notifications | back to top |
Below is a list of those viruses being filtered by CIS:
| Virus Name | Date Added |
| js/zerolin | monday, september 13, 2004 |
| w32/mywife | monday, september 13, 2004 |
| w32/valla | monday, september 13, 2004 |
| w32/pate | monday, september 13, 2004 |
| w32/elkern | monday, september 13, 2004 |
| w32/kriz | monday, september 13, 2004 |
| js/illwill | monday, september 13, 2004 |
| w32/sober (all variants) | march 8, 2004 |
| w32/mydoom (all variants) | january 26, 2004 |
| w32/bagle (all variants) | january 19, 2004 |
| w32/netsky (all variants) | february 19, 2004 |
| w32/klez (all variants) | december 16, 2003 |
| w32/swen@mm | december 16, 2003 |
| w32/mimail (all variants) | december 16, 2003 |
| w32/dumaru (all variants) | december 16, 2003 |
| w32/sobig (all variants) | december 16, 2003 |
Protecting the UNH Campus From A Large Volume Of Infected E-mail Messages
The two primary public e-mail systems on the UNH campus are the CISUNIX and the Microsoft Exchange systems. Together, these systems serve 16,000 e-mail accounts, providing services for faculty, students and staff throughout the campus. These systems are subjected to continuous malicious activity from infected software from the Internet. Both e-mail systems are currently protected against malicious software, and intercept infected e-mail messages. When an infected message is blocked, a notification is typically sent to the intended recipient indicating that the infected message was intercepted. The problem faced by campus clients is that most of these notifications are about messages that were not valid electronic mail messages in the first place.
During the first few months of the fall 2003 semester, campus clients on these two central systems were subjected to an average of 30,000 to 90,000 attempted infections per month, with peaks of 100,000 per day, and up to 5,000 per hour. While these malicious software attacks involved a wide variety of virus types, approximately six types (or variants) account for about 90% of these attempted infections. These six types are known to be automatically generated and are infected mail messages that have no content value for the intended recipient; their only purpose is to cause further proliferation of the malicious software or to produce other more ominous impacts. This large volume of notifications fills up client e-mail boxes, and degrades the performance of the electronic mail servers.
Because of the rapidly rising volume of malicious e-mail software attacks, and the highly disruptive notification volumes experienced by the campus clients, the e-mail administrators of the protected systems (CISUNIX and Microsoft Exchange) will, effective 12/16/03, be suppressing the recipient notification for the most common malicious types of infected e-mail messages that are known to be automatically generated and have no content value for the intended recipient. MS Exchange clients must be using an alias (exp: Firstname.Lastname@unh.edu) as their Reply To: e-mail address in order to take advantage of this protection.
E-mail resulting from the following list of viruses is currently being blocked. As new viruses are discovered and become a problem on the e-mail servers, messages resulting from those viruses will also be blocked. This page will be continuously updated to provide the University e-mail clients with up-to-date information as to what message types are being blocked. Additional information about these and other common viruses is available by going to http://www.virus.unh.edu and clicking on “Virus Warnings” in the links on the left. Complimentary virus protection software is also available to UNH community members, as well as additional virus-related information, from that webpage.
