After the Systems Architecture and Administration (SAA) group replaced the old active directory filing appliance with honest to goodness Windows 2008 Servers, http://webfiles.uvm.edu went away.
Well, thanks to the SAA group, it’s back and in a supercharged version. Connect, log in using your UVM netID, and you not only can get at your personal active directory files, but you can also see any shared directory that you have rights to, and your Zoo files and your website on zoo. All in one big happy intuitive drag and drop environment that allows right clicking, downloading, uploading, folder creation, file deletion, etc etc etc. There’s no reason to use SFTP.
Recently we’ve seen a rash of people infected with official looking but entirely fake antivirus malware. In general, the user reports that they were just using a web browser, minding their own business when suddenly a window appears that looked like it came from Microsoft Windows, and which informed them that they were infected with everything under the sun. The window wouldn’t close when clicked and when they restarted their machine the fake antivirus software appeared to have become installed on their machine and couldn’t be removed, dire warnings of infections are appearing everywhere, popups to embarrassingly raunchy websites are coming up and the machine is basically unusable. Worse, the software wants you to subscribe in order to remove these “infections”. If you subscribe, now the bad guys have your credit card number.
First off, when you see one of these windows, DO NOT CLICK on anything! Immediately restart your computer.
Secondly, the primary method that these infections are getting to us is via compromised google searches. DO NOT automatically trust everything that you see in a Google search results screen. The bad guys know that people are searching for popular subjects (“Catherine’s wedding dress”) and they are setting up fast moving bogus websites just to get you to click. I’ve also just read an article that the popular Google Images website is chock full of malware linked images.
Third, the bad guys know that everyone has certain third party plugins installed in their browsers so that they can use them for work, or to view animated media. These third parties are not always entirely secure and are not updated via the usual Windows or Software update mechanism. You must update these products yourself or you risk infection. The top three examples are Adobe Flash, Adobe Reader and Sun Java VM.
The easiest method of determining what is out of date is to open Mozilla Firefox (this does not work in Internet Explorer) and go here:
The plugin check will tell you which of your plugins are out of date and provide links for downloading updated versions. Download and install, it’s as simple as that.
HOWEVER, because the third parties are also out to make a buck off you, be alert for offers to install unnecessary antivirus software (Adobe Reader) or assorted toolbars of the day (Adobe Shockwave or Sun Java). These “free” players are really ways for these companies to generate revenue by putting a vendor’s software in front of you.
Fourth, this fake antivirus software is big business. Estimates run as high as half a million people a day are infected. They change the malware configuration so quickly that antivirus software vendors are having a hard time keeping up. So do not rely on your antivirus software to protect you. Every single person that we’ve seen with one of these infections has had an active copy of ESET NOD32 running and the antivirus software was completely oblivious.
Lastly, MacOS is NOT immune to these infections. There is fake Macintosh Antivirus malware out there and we’ve seen one infection first hand already.
If you do get infected with one of these nasties, RUN don’t walk to our offices. The longer you wait, the more compromised your computer gets and the harder it is to remove the infection.
More information (kudos to Geoff Duke for these links)
Fake anti-virus hackers exploit engagement of Prince William and Kate Middleton
This is a general description of Fave AV:
SophosLabs – What is Fake Anti-Virus?
And some good detail:
How blackhat SEO and Fake Anti-Virus work
Are you still running Symantec Antivirus security software on your computer? If yes, it’s time to remove/replace it. ETS has just announced that they are decommissioning the on campus management servers for that software package as of November 30th. Although this shouldn’t affect your use of your computer, you should note that because Symantec hasn’t been updated here on campus for several years now, you are not completely protected from the various flavors of malware that have appeared in the interim.
Recently the only running installations of Symantec Antivirus that I’ve seen have been on MacOS computers. I am sure though that there are still older Windows computers out there that haven’t been updated.
Please take this opportunity to remove SAV, and if you have a Windows computer, replace it with ESET’s NOD32 product, found at http://www.uvm.edu/software Unless you are running a 64 bit version of Windows, you need the 32 bit version.
MacOS users can simply remove SAV by opening Macintosh HD then Applications then Symantec Solutions. There should be an uninstaller application available. You will need to authenticate as an administrator in the removal process. At present UVM does not have a recommended MacOS antivirus solution, but since there are still very few instances of MacOS malware in the wild, we feel that it is reasonably save to run your computer without it.
Windows users should open their Add/Remove Programs control panel, locate Symantec Security as well as LiveUpdate and remove BOTH. Then restart your computer, and install ESET’s NOD32 32 bit version from the location mentioned above.
Lastly, Windows users should get in the habit of visiting the UVM software download page to check for updates to NOD32. ETS does not make an announcement when they update the NOD32 client version and although NOD32 does update its definition files automatically, it does not update the client software itself. Having the most current recommended version of NOD32 is important in order to avoid performance issues and malware infection.
As always, contact us if you have questions. http://www.uvm.edu/artsandsciences/computingsvs/
Are you still looking at a red “eyeball” NOD32 icon in your Windows XP or Vista system tray?
It has come to my attention that some are still waiting for NOD32 to “fix itself” as I mentioned it would back in November. The NOD32 license has long since been renewed and thus if you’re still looking at a red “eyeball” icon, then there’s something else wrong and you’re going to have to take additional steps to get your anti-malware software working again.
Unfortunately at this point, you can’t just install the new version on top of the old. So, please do the following:
1) Download the most current 32 bit version of NOD32 from http://www.uvm.edu/software to your computer.
2) Go to Start | Settings | Control Panel | Add/Remove Programs on Windows XP or Start | Settings | Control Panel | Programs and Features under Vista.
3) Locate ESET NOD32 antivirus in the list of installed programs, click it and uninstall or remove it. When finished, restart your computer.
4) Double click the current version of NOD32 that you downloaded in step one and allow it to install. Under Vista, you will need to confirm any User Control alerts that appear during the install process.
Ultimately you should have a green eyeball in the system tray and, if you “hover” your mouse over the system tray icon a pop up will appear and it should tell you that you’re running version 3.0.684.0
As always, contact CAS Computing Services if you have questions.