Mac Malware, HomeRun & Other Phish Tales

Little round green creature representing a virusThis past spring Brown computing users fell prey to some nasty malware and phishing schemes, like so many others did unfortunately.

The Help Desk and ISG continue to receive a steady stream of spam and phishing alerts, which is both bad and good.  While this shows that phishing continues to be an unrelenting threat, it also indicates that users are becoming more aware of their presence and avoiding them.

Drop down list in Gmail from which you can report a phishing emailIf you spot a phish, we recommend reporting and then deleting it. To do so, open the original copy of the email, click on the down arrow to the right of the REPLY button, and select “Report phishing.” This will send that message immediately to the GMail Team for analysis and filtering.

Cyber bad guys, however, just keep getting more and more clever. This spring, Brown got hit by HomeRun’s free movie ticket emails. The very professional and seemingly legitimate messages — they would come from someone you know — didn’t promise millions of dollars, just a free movie ticket.

Sample email from HomeRun.com with free movie ticket offerThose who responded had their contact list mined for names, who were then sent the email. The responders were not only at risk of malware but had had their accounts accessed and used to send more messages. Further HomeRun spams attacks were prevented on Brown’s network when the domain (HomeRun.com) was blocked, which kept links pointing back to the HomeRun site from working.

But it was “Mac Malware” that garnered the most press and caused the biggest headaches here at Brown for those affected.  Malware that looks like anti-virus software, but instead shuts off legitimate AV software such as Symantec, then runs nasty programs in the background has become a growing problem.  A brazen variant — called by such names as rogue-, extortion- or ransomeware — will then display the harmful files it finds and promise to rid you of them if you pay for their assistance.

Pop up box which says: The system is inifected. Your system isinfected. It's highly recommended to cleanup your system to protect criticaol infromation like credit cards numbers, etc.Before this spring, it was Window users who were hit by the threat.  But this changed with the arrival of MacDefender and similar programs that targeted Mac software and prompted Apple to release a special advisory in late May. You can read more about this in a recent malware alert in the CIS blog post Mac Attacks.

Bottom Line?

As always, let common sense be your guide.  If it seems too good to be true, or is something that went looking for you instead of the other way around, the best advice is to ignore it.  If you think that you may have been caught and your computer and/or account compromised, get help fast.  Change your password immediately if you can, and if not, contact the Help Desk for assistance with the reset and with clean-up.

Posted in Safe Computing, Summer 2011 Edition | Comments Off