Malicious Phishing Assault Hits Ball State University

Recently, a phishing attack on the e-mail accounts of Ball State University (Muncie, Indiana, USA) deceived some of the University users.

The phishing e-mail received by Ball State users claimed to be coming from the "Webmail Administrator" of the school and carried an embedded link.

Deb Howell, Senior Systems Security Communications Manager, said that the security services (a division of University Computer Services) had started looking into the matter since June 15, 2010, as per the news published by bsudailynews.com on June 17, 2010.

She noted that the infected computer was observed sending e-mails in enormous numbers and measures were instantly taken to prevent it.

Howell added that in lack of an updated anti-virus solution, the malware got installed on the system if a user clicked on the link provided in the bogus e-mail. There's a key-logging feature in this malware that tracks passwords and other information entered by the user.

Meanwhile, Howell's office issued a warning e-mail advising people receiving this or any other fake/suspicious e-mail that they should avoid clicking on the embedded link or responding to the e-mail. According to the warning, symbols of the University used in the fake e-mail to give it a legitimate look were use unlawfully. It also said that the victims can contact concerned authorities.

It is noted that it's not just Ball State University that has been targeted by cybercriminals in the recent times. University of Houston was also attacked by a phishing scheme in early June 2010, although the attack in that case was a simple one.

Prompted by the attack, one of the University's officials, Chief Information Security Officer Mary Dickerson said that Universities throughout the US were regularly attacked by phishers that was resulting in the hacking of students' information by the criminals.

Dickerson noted that according to the information security vendor RSA's January 2010 Online Fraud Report, there was a 21% rise in phishing attacks in January 2010 over the preceding month, as per the news published by thedailycougar.com in the second week of June 2010. The report highlighted an increasing trend of phishing assaults against universities and colleges which was in fact the major finding of the report, stated Dickerson.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 6/26/2010