The past several days have presented a number of cyber security threats
that warrant a statewide warning. The two most serious are as follows.
The first is an Email "phishing attack" that uses the following social
engineered statement appearing to be from JP Morgan / Chase, which has been
broadly distributed throughout the state and possibly sent to targeted
users.
Due to the emergency situation with our server room and the closing of the
New Orleans Branch of the Federal Reserve, JPMorganChase is presently
unable to process wire transfers.
As always, do not trust any such Email notices and never click on any links
or respond to Email requests to verify or change user names, passwords, or
security credentials. This is a hoax.
The second issue to be aware of and avoid is the following. Over 10,000
legitimate websites have been compromised and now have a JavaScript link
that will direct visitors to a malicious website. The Office of State
Finance has been tracking the spread of the malicious antivirus software
offered for download after a user visits a web page. The software, posing
as XP Antivirus (among other names) is actually a password stealing trojan.
The following blogs have information that can be used to detect the
attempted downloads of this malware:
------------------------------------------------------------------------------------
The SANS Internet Storm Center:
http://www.isc.sans.org/diary.html?storyid=4144
-----------------------------------------------------------------------------------------
McAfee's Avert Labs: (contains a good video that illustrates the end user's
experience)
http://www.avertlabs.com/research/blog/index.php/2008/03/13/follow-up-to-yesterdays-mass-hack-attack/
-------------------------------------------------------------------------------------------------------
Finjan:
http://www.finjan.com/MCRCblog.aspx?EntryId=1905
|
Back