copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
Security Bul...
»
AusCERT Advi...
» AA-2008.0036 -- Targeted phishing attacks directed t...
AA-2008.0036 -- Targeted phishing attacks directed towards Australian universities
Date:
07 February 2008
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AA-2008.0036 AUSCERT Advisory Targeted phishing attacks directed towards Australian universities 8 February 2008 - --------------------------------------------------------------------------- AusCERT Advisory Summary ------------------------ Impact: Inappropriate Access Access: Remote/Unauthenticated OVERVIEW: Over the past week, we have had several reports of targeted phishing email attacks directed towards Australian Universities. Similar attacks have been reported elsewhere [1]. IMPACT: The desired result from these emails is to obtain usernames and passwords for university email accounts. Reports suggest that these accounts are then being used to send out further phishing spam. However AusCERT is currently unaware of the ultimate intended abuse of these credentials. MITIGATION: Users who receive such email are advised not to respond, but instead report this email to the appropriate institution or AusCERT. Administrators at Universities or other affected institutions may wish to educate staff and students (particularly those new to the institution) about phishing attacks. Email administrators may wish to closely examine the access to the university email systems and outgoing email for unauthorised use. Institutions using single sign-on solutions may wish to also monitor the systems which allow access to more sensitive resources using the same credentials. DETAILS: The following are two examples of emails reported in recent incidents: ------------------------------------------------------------------- From: XXXXXX EMAIL TEAM <XXXXXX1@XXXXXX.edu> To: Undisclosed recipients: ; Subject: VERIFY YOUR XXXXXX.EDU EMAIL ACCOUNT NOW !!! Reply-To: XXXXXX@hotmail.com VERIFY YOUR XXXXXX.EDU EMAIL ACCOUNT NOW !!! Dear XXXXXX.edu Email Account Owner, This message is from xxxxxx messaging center to all xxxxxx email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused xxxxxx.edu email account to create more space for new accounts. To prevent your account from closing you will have to update it below so that we will know that it's a present used account. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username : .......... EMAIL Password : ........... Date of Birth : ................... Country or Territory : ........... Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently. Thank you for using XXXXXX! Warning Code:VX2G99AAJthem Thanks, XXXXXX Team XXXXXX.EDU.AU ------------------------------------------------------------------- To: xxxxx@xxxxxx.edu.au Subject: Confirm Your E-mail Address From: "xxxxxx.edu.au" <support@xxxxxx.edu.au> Reply-To: xxxxxx.helpdesk@yahoo.com.au Dear User, We wrote to you on 1st of february 2008 advising that you change the password on your account in order to prevent any unauthorised account access following the network intrusion we previously communicated. Whilst we have found the vulnerability that caused this issue, and have instigated a system wide security audit to improve and enhance our current security. To complete your harvard account, you must reply to this email immediately and enter your password here (*********) Failure to do this will immediately render your account deactivated from our database. We apologise for the inconvenience that this will cause you during this period, but trust you understand that our primary concern is for our customers and for the security of their data. our customers are totally secure. ------------------------------------------------------------------- REFERENCES: [1] SANS Handler's Diary - Universities in the US being targeted in a Spear Phising attack. http://isc.sans.org/diary.html?storyid=3917 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBR6vz/ih9+71yA2DNAQI3ogQAj8DK0cCUspyovC2rHMp79XEIj/3mGMV5 RUMU3sZH9zDo6YtS8I8waqjUucxSuMecZLLUA09uV+MX65yMKKezE8AAW5dZ+2ee LK8og/XRZCOtT5ufumq8IRvjuXyz1xUcQ33ILzrzsMGrVeS2xJRVaip9hWtbhcgO vyfosm29F0I= =Xyhn -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=1978&it=8766