EGUSD Information Security

How many of you have heard the phrase used in the title?  Essentially, it refers to a professional being so busy with work that their own family lacks the very services they provide to others.

I had occasion to reflect on this statement as I worked on my wife’s laptop this weekend.  Yes, I am ashamed to admit that my own wife’s computer was infected with malware!  You would think a computer security professional’s computers would be safe, right?

Continue Reading »

Well, it was only a matter of time until someone figured out how to use the H1N1 “swine flu” scare as a part of a scam. 

Continue Reading »

A new phishing scam is showing up and being caught by the district’s spam filters.  Please be wary of these scams in your personal e-mail accounts.

The scam comes posing as a message ostensibly from the Social Security Administration:

From: credentialj3@sermar.be [mailto:credentialj3@sermar.be]*
Sent: Mon 11/23/2009 5:28 PM
To: [Name Deleted]
Subject: Watch for errors on Social Security statement

Due to possible calculation errors, your annual Social Security statement may contain errors.

Use the link below to review your annual Social Security statement:

——————————————————————
This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.

If you click on the link, it takes you to a page that requests you “verify” your personal information, including your Social Security number. If you are foolish enough to do so, the site will say that it is generating a report on your account status.  You will then be asked to download a file called “statement.exe”, which is presented as a self-extracting ZIP archive.  In reality it is a Trojan called Zeus that will steal any banking information on your computer and turn your machine into a “zombie”, part of a bot-net controlled by criminals without your knowledge.

Pleast note a couple of characteristics of this phishing message.  First, the sender could be from any number of domains, but it will NOT be from “ssa.gov”, the domain of the Social Security Administration.

Second, if you hover your mouse over the link, you will see that the domain address of the link STARTS with “http://statements.ssa.gov”.Sounds official, right?  But remember that the true domain of a web URL is the last two components of the URL before the first “/”.  For example, in the address “http://www.egusd.net/”, the domain is “egusd.net”.  Looking more closely at the URL from the phishing e-mail I examined, the URL was “http://statements.ssa.gov.ujilld.be/”. So the actual domain this URL is directed to is “ujilld.be”, which is located somewhere in Belarus. The scammers added the “statements.ssa.gov” to the beginning of the URL to fool the unwary.

Finally, remember that agencies like the Social Security Administration will neve ask for your information in this manner.  If you receive e-mails like this and are concerned, go to the phone book and look up the number of the agency in question and call them. 

Happy Thanksgiving!

An e-mail purporting to be from Verizon Wireless is hitting mailboxes around the globe. The e-mail warns the reader that their Verizon Wireless account is over the limit.  The message has a ZIP file attached named “balancechecker.zip”.  This contains an executable file that the reader is asked to run in order to check their account balance.  In reality, the file installs a Trojan known as Regrun.  Trojans are usually designed to allow remote users to take control of the infected systems.

The district spam filter is correctly identifying these e-mails and preventing them from reaching district e-mail boxes.  If you receive messages such as these in your personal e-mail, immediately delete them.