Iowa State University

ITInformation Technology

New Wave of Malware Prompts Computer Security Alert

This news item expired February 28, 2010. It may contain out-of-date information.
IT Services has seen an increasing number of campus machines being compromised through seemingly routine web browsing. Please read this entire message and follow the instructions to protect yourself and your computer.

These ongoing attacks trick victims' web browsers into opening maliciously crafted PDF files that exploit outdated versions of Adobe Reader even when an updated version of antivirus is running. The exploit sometimes installs "fake antivirus" programs that demand payment or cripple the computer, but the exploit also has the potential to steal passwords and data. These types of attacks are not new, however this recent wave appears to be more effective than usual.

Furthermore, exploit information has been made public for a new flaw in Microsoft Internet Explorer that will likely not be fixed until February 9, 2010. We expect attacks using this flaw to begin shortly.

It is extremely important that you take the time to protect your computer because you may encounter maliciously crafted content through seemingly routine activities such as the following:

-- browsing legitimate websites that have been compromised or carry compromised ads
-- browsing social networking and other sites that allow posting of third-party content
-- browsing unfamiliar sites found through legitimate search engines such as Google, Bing, and Yahoo!
-- visiting links received through email and instant messaging
-- opening email and instant messaging attachments

Action Recommended: Update Vulnerable Software
NOTE: You must login with an administrative account/password before performing these recommended updates. If your computer is managed by ITS or your department, contact your support staff before attempting any updates.

Update Adobe Reader if installed
1. Launch Adobe Reader.
2. From the Help menu, choose the option labelled ’About Adobe Reader“.
3. If the version displayed is 9.3.0 or higher, then you are already updated. If the version is not 9.3.0 or higher, then download and install the latest version of Adobe Reader from Adobe Products - Reader.

Update Adobe Flash
1. Determine the Flash version you have installed by visiting the official About Adobe Flash Player page.
2. If your version of Flash is out of date, visit the Player Download Center link on the About Adobe Flash Player page and follow the installation instructions.
3. If you use more than one web browsing program, repeat this process with each additional browser.

Update Java
1. Determine if you have the current version of Java: Visit the website, http://www.java.com/, then click the link "Do I have Java?". You will be told if you need to update your version of Java and given the opportunity to download it.
2. Click "Download Java Now" and follow the installation instructions.

Restrict use of Microsoft Internet Explorer
A critical update to Internet Explorer will be released on February 9. Until that update is available, you should use an alternate web browser whenever possible. Unless you are accessing a trusted web site or application for work that requires Internet Explorer specifically (such as Passport Web to Host for ADIN), avoid using Internet Explorer. The ISU Outlook Web Access server is another example of a trusted web site where Internet Explorer is preferred.

Use an alternate, updated web browser such as Mozilla Firefox, Google Chrome, or Apple Safari
Use an alternate, updated web browser whenever possible - especially for casual browsing. Compromised legitimate sites and unfamiliar sites found through search engines, email, and instant messaging are often used to deliver maliciously crafted attack content.

Popular Options:

-- Mozilla Firefox
-- Google Chrome
-- Apple Safari

If you feel your computer has been compromised, contact your IT support staff or the Solution Center at 515-294-4000.

IT Security Incident Reporting Policy