DarkFiber Consulting – IT Managed Services

DarkFiber Consulting is aware of public reports of malicious code circulating via phishing email messages that appear to come from the Social Security Administration. The messages indicate that the users’ annual Social Security statements may contain errors and instruct users to follow a link to review their Social Security statement. If users click this link, they will be redirected to a seemingly legitimate website that prompts them for their Social Security number. If users enter their Social Security number and continue to the next page, they will be given an option to generate a statement. If users attempt to generate a statement, malicious code may be installed on their systems. This malicious code attempts to collect online banking traffic to gain access to the users’ bank accounts.

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:

• Install antivirus software, and keep the virus signatures up to date.
• Do not follow unsolicited links and do not open unsolicited email messages.
• Use caution when visiting untrusted websites.
• Use caution when entering personal information online.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting will provide additional information as it becomes available.

DarkFiber Consulting is aware of public reports of malicious code circulating via spam email messages related to the IRS. The attacks arrive via an unsolicited email message and may contain a subject line of “Notice of Underreported  Income.” These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.

DarkFiber Consulting encourages users and administrators to take the following measures to protect themselves:

• Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website.
• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting is aware of public reports regarding a search engine result poisoning campaign affecting search results for the Montgomery County Animal Shelter. Users seeking details on rumors about the closure of a “Montgomery County Animal Shelter” may be led to click on illegitimate search results which attempt to download malicious code. The rumors are being spread via e-mail, forums, and social networking sites, usually taking the form of a plea for readers to contact the shelter and adopt animals prior to the shelter’s closing.

DarkFiber Consulting is monitoring the situation and will provide updates as they become available.

DarkFiber Consulting is aware of public reports of an increased number of spam campaigns, phishing attacks, and malicious code targeting the recent deaths of Michael Jackson and Farrah Fawcett. These email messages may attempt to gain user information through phishing attacks or by recording email addresses if the user replies to the message. Additionally, email messages may contain malicious code or may contain a link to a seemingly legitimate website containing malicious code.

DarkFiber Consulting would like to remind users to remain cautious when
receiving unsolicited email. Users are encouraged to take the following measures to protect themselves from these types of attacks:

• Do not follow unsolicited web links received in email messages.
• Install and maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.

DarkFiber Consulting encourages users to take the following measures to protect themselves:

• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

UPDATE: Due to these potential phishing attacks and email scams, DarkFiber Consulting encourages users to visit the Center for Disease Control (CDC) website for trusted information regarding the Swine Flu.

In the past, DarkFiber Consulting has received reports of an increased number of phishing scams that take advantage of the United States tax season. Due to the upcoming tax deadline, DarkFiber Consulting would like to remind users to remain cautious when receiving unsolicited email that could be a potential phishing scam.

Phishing scams may appear as a tax refund, an offer to assist in filing for a refund, or contain details about fake e-file websites. These messages may appear to be from the IRS and directly ask users for personal information. These messages may also contain a link and instruct the user to follow the link to a website that requests personal information or contains malicious code.

DarkFiber Consulting encourages users to take the following measures to protect themselves from this type of phishing scam:

• Do not follow unsolicited web links in email messages.
• Maintain up-to-date antivirus software.
• Refer to the IRS website related to phishing, email, and bogus website scams for scam samples and reporting information.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting is aware of public reports of an email scam circulating that is targeting holiday travelers. The email messages related to this scam appear to come from legitimate major airlines and contain a .zip attachment.  This .zip attachment appears to contain a purchase invoice and flight ticket. If a user opens this attachment, malicious code may be installed on the system.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signatures up to date.
• Use caution when opening attachments.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting is aware of public reports of malware spreading via popular social networking sites. The reports indicate that this malware is spreading through spam email messages appearing to come from Myspace.com, Facebook.com, and Classmates.com. The email contains a message indicating that there is a YouTube video available and instructs the user to follow the link to view the video. If users click on this link, they will be prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update–it is malicious code.

DarkFiber Consulting encourages users and administrators to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signatures up to date.
• Do not follow unsolicited links.
• Use caution when downloading and installing applications.
• Obtain software applications and updates directly from the vendor’s website.
• Configure your web browser as described in the Securing Your Web Browser document.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting is aware of public reports of an increase in malicious code propagating via USB flash drive devices. Currently, there are two popular methods by which USB flash drives are being infected with malicious code. Please note that these are not the only two methods available.

The first of these methods is referred to as simple file copy. This means that the malicious code initially resides on an infected computer and copies itself to all the storage devices connected to the affected computer. This method requires the user to access the USB flash drive and execute the malicious code.

The second method is referred to as AutoRun.inf modification. This means that the malicious code alters or creates an autorun.inf file on targeted storage devices connected to the affected computer. When an infected USB flash drive is connected to another computer, the malicious code can be automatically executed with no additional user interaction.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signatures up to date.
• Do not connect an unknown or untrusted USB drive to your computer.
• Disable AutoRun or AutoPlay features for removable media.
• Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting your USB flash drive.
• Review The Dangers of Windows AutoRun Vulnerability Analysis Blog entry for more information regarding AutoRun.

DarkFiber Consulting is aware of public reports of a fraudulent email scam circulating via messages that falsely appear to be from the U.S. Federal Reserve. These email messages contain information about a phishing scam and links for users to follow to obtain additional information about the scam. If a user follows the links, they will be redirected to a malicious website where a PDF exploit is used to install malicious code on the affected system.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

• Do not follow unsolicited links.
• Use caution when visiting untrusted websites.
• Install antivirus software and keep the virus signatures up to date.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.