PC Training & Consulting Weblog: CIRT Alert: email threat

CIRT Alert: email threat

November 09, 2004

Campus email users are receiving many copies of a new malicious message. It
may contain one of two messages:

"Congratulations! PayPal has successfully charged $175 to your credit card.
Your order tracking number is A866DEC0, and your item will be shipped within
three business days. To see details please click this link."

"Hi! I am looking for new friends. I am from Miami, FL. You can see my
homepage with my last webcam photos! Hello!"

The text you receive may differ slightly from these examples. The email may
appear to be sent by someone you know. The subject line may mention PayPal,
or may simply say 'Hi' or 'Hey'. Other variants of the subject line may also
exist.

WHAT YOU SHOULD DO
==================
DELETE these messages WITHOUT CLICKING ANY LINKS in the email text. Clicking
the link runs a script that opens multiple windows, installs the worm on
your machine, and may damage data on your computer.

DO NOT forward copies of the messages to security or the help desk. We have
examples of the code, and we are working to limit its spread on our network.
Sending us copies will further slow down the delivery of email.

WHAT WE ARE DOING TO LIMIT THIS THREAT
======================================
We have prevented new copies of this message coming on to campus, but many
affected machines are sending these messages from inside our network. We are
working to disconnect these systems.

We are working to prevent further copies of the email being sent through our
email server.

We will be installing anti-virus definitions to provide better protection as
soon as they are released. Desktop users can expect virus definitions to be
available 11/10/04 from McAfee and others.

Thank you for your cooperation.

---------------------
CIRTALERTS
---------------------

THIS IS AN AUTOMATED MESSAGE - REPLIES WILL BE DISCARDED

For questions, please use the Ask A Question feature in FastInfo

Fast Info at http://fastinfo.unm.edu for:

* Knowledge Base Search
* Support Requests
* Campus Alerts/Status
* Network Alerts/Status

For information concerning CIRT projects, see
http://www.unm.edu/cirt/projects/index.html

CIRT Support Center - 2701 Campus Blvd (by the parking structure)
Normal hours:
Mon-Fri - 8:00am to 5:00pm

Extended hours (during semester):
Mon-Thurs until 7pm

After hours emergencies:
Call the CIRT Command Center at 277-4646.

UNM entry by mjh at 05:26 PM | email this