Monday, OIT Helpdesk received notification from a student in CSEE and from campus users that an error occurred when accessing the campus web site. OIT staff were able to put some mitigations in place and determine how this attack was done. The nature of this attack indicates hackers targeted the UMBC user community. The attackers used a undocumented vulnerability to insert a small image into the main web site. When the page was accessed this image would redirect the user to a site in the Ukraine. If you were using Windows and the Internet Explorer browser, version IE 6 or IE 7, the attackers would use an unpatched vulnerability in IE to compromise your system (on Tuesday 11/14 Microsoft released a critical patch for IE that blocks this attack).
We have reviewed logs and know that only a small number of machines on campus were potentially impacted. We will be working with the departmental IT liaisons and those directly impacted unless we discover additional information that warrants a notice to the campus.
Nationally, attacks such as these, called Malware, have been on the rise. Foreign criminal groups are focusing on attacking Windows systems and creating a large number of systems they can control, often called botnets. These systems are used primarily as vectors to send out Spam but once on your system they could target other information. National statistics recently released by Microsoft, indicate that 50% of machines reviewed by Microsoft have some form of Malware installed on them. Most members of the campus community have home computers. We urge everyone to review their home computer configuration. OIT has created a website that explains seven steps you can take to help secure your computer.
http://www.umbc.edu/oit/sans/security/awareness/steps.html
Follow our easy to use steps by clicking on the numbers to receive how-to instructions.
For on-campus users, while OIT has a number of network protections in place it is critical for those that are not part of OIT’s active directory setup, sometimes referred to as AD, to follow these same seven security steps we recommend for home users. We also want to reiterate that for campus users it is critical that all institutionally owned computers running Microsoft Windows, run Windows XP release SP2 and the Mcafee virus protection software we distribute. If you have a computer that is not running these it should be considered unsecure and no sensitive information should be stored or activity should take place on that machine.