Kansas State University


IT News

Malicious e-mails strike again; 130+ computers compromised

One thing I’ll say about hackers is they are persistent, and I guess that fact shouldn’t surprise me since the same ol’ tricks reap dividends. Last Thursday, Nov. 5, K-State was hit with a cyberattack nearly identical to one that wreaked havoc on campus last July and, like last summer, it succeeded in compromising more than 130 campus computers.

The attack consisted of four different e-mails that tried to trick people into opening a malicious .zip attachment. Users who opened the attachment instantly infected their computer with a new variant of malware that antivirus software did not detect. The compromised computers were then used to try to infect other computers by sending the same malicious e-mails to addresses harvested from local addressbooks on the infected computers.

Once again, the best solution for preventing these types of attacks is for you, the user, to be suspicious of any unexpected e-mail from unknown sources and do not open an attachment until you confirm its legitimacy. One troubling thing is the four e-mails were virtually identical to the ones from last summer, with the following four subject lines:

E-mail subject lines of malware

  • Your friend invited you to twitter!
  • You have received A Hallmark E-Card!
  • Shipping update for your Amazon.com order 254-71546325-658732
  • Jessica would like to be your friend on hi5!

The names of the attached files were likewise identical to last summer.

Filenames attached to malware

  • Invitation Card.zip
  • Postcard.zip
  • Shipping documents.zip

Samples of the malicious attachments were submitted to Trend Micro for analysis and they had a solution within an hour, but this attack propagated so quickly the damage was already done.

So, not enough people got the message the last time around. Perhaps more disconcerting is the fact that people are still opening unexpected e-mail attachments from unknown sources. If you ever have any doubt about the legitimacy of an e-mail message, ask your IT support person or contact the IT Help Desk (785-532-7722). Also visit K-State’s e-mail scam-report website to learn more about how to recognize scams. And finally, PLEASE think before you click!

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer