 |
 |
The Computer Laboratory help desk has this alert for campus computer support staff: Some users on campus are receiving an email that appears to be a bill from “*** pilot.msu.edu’s accounting dpt. Notice ***”. The text tells the user to open and read the attached billing notice. If they do, it releases a Trojan horse called Trojan.dropper. Other text in the letter states “Note if you do not read this withing 24 hours we at Pilot.msu.edu regret we will have to terminate internet sevice”. (the typo of g at the end of the word within is actually in the letter). Some points to note: -- Obviously the "Pilot accounting department" hasn't mailed users with a billing notice, but the Computer Lab will be sending out a mailing to users who haven't upgraded to mail.msu.edu urging them to convert. -- The anti-virus feature in mail.msu.edu catches the Trojan that is attached to this message; however, since Pilot doesn't have this feature, users who haven't upgraded are exposed. -- It's a good idea to remind people not to respond to e-mail asking for their ID, PW, or account information. -- Here is the SARC report on the Trojan that's attached to the faux message: http://securityresponse.symantec.com/avcenter/venc/data/trojan.dropper.html /rich