Purdue Students Asked to Watch Out for Phishing E-Mail
According to reports received from Purdue University's Information Technology Network & Security Incident Response team, it is cautioning the Purdue community of a phishing e-mail purporting to the university students to read current news stories from CNN or view CNN videos.
Scott Ksander, Executive Director of Networks and Security for the Office of Information Technology at Purdue, said that the fraudulent e-mails use CNN graphics and include a link apparently pointing to a CNN video player Website, as reported by Media Newswire on August 10, 2008.
However, according to Ksander, in place of playing the video, the Website suggests that the user download an update to Adobe's Flash Player, while the download actually contains a computer virus. And the malicious file is named 'get_flash_update.exe' or 'flash_player.exe.'
Further, security experts said that the bogus update loads an anti-virus solution named "Antivirus XP 2008", which deceitfully informs the end-user that viruses have been spotted on his system. These viruses could be removed with the complete edition of the software that needs to be purchased. Moreover, the virus further installs other malware.
Commenting on anti-virus programs, Ksander said that it is a good security habit to regularly update anti-virus software. He added that crucial security habits include avoiding opening links in spam mails, avoiding un-trusted sites as well as avoiding downloads from unknown links.
Further, users desiring to get genuine news warnings from CNN must first register with the service. E-mails would then arrive from CNN showing the subject head "CNN Breaking News" dispatched from a "@mail.cnn.com" account, say security researchers.
Meanwhile, security specialists are trying to draw users' attention to the phishing e-mails as well as to the manner in which they are exchanging usernames and passwords from the mailboxes of students of Purdue University. According to them, the particular e-mails illustrate phishers' use of social-engineering techniques to infect computers.
They also sai that 'alerts' and 'top stories' from CNN are normally regarded as valid communications. In the current phishing e-mail, the stories could either be real or plausible. Whatever the case it arouses young students' curiosity and thus make them click the malicious link.
Related article: Pirate Bay Charges Top Media Players for Sabotage
» SPAMfighter News - 28-08-2008