Back Door Trojan (Virus) Update
Status of Building Network Problems
Recent Occurrences of Forged E-mail
Improvements in How E-mail is Stored
SSCC Account Renewals Underway
Two Remaining SSCC Training Sessions
Once we determined how the intruder(s) gained access to infect various PCs in the building, we were able to put a stop to the attack. DoIT is still trying to determine the identity of the intruders but this will be very difficult. If nothing else, this whole event reminds us of how important it is to use secure passwords. Also, judging from the number of calls we received, it also reminds us of how important it is to back up all of our important files. There were a lot of people copying files from their local drives (which are not backed up by SSCC) to their NT home directory (which is backed up by SSCC).
We believe faulty networking equipment has been the cause of the networking problems we have been experiencing since last week (dropped UNIX sessions, e-mail time outs, slow network access etc.). Two of our switches were intermittently rebooting themselves, and each time they came back up they were broadcasting so much network information to other switches that the entire network was affected. We received and installed replacement hardware that we hope has fixed the problem.
About 80 SSCC members recently received an e-mail message from someone who used a forged "From:" address to make it appear that the message was from some other SSCC member. Luckily, judging from the table of the message, it was obvious that the sender of the message was not whom she/he claimed to be. A careful examination of the header of the message revealed that the message originated at some off-campus address. The forger probably found the names on a web page somewhere and sent the message as a prank.
Forging e-mail messages is actually not very difficult to do. We've seen numerous cases of it at SSCC over the years. So, how can you tell if an e-mail message has been forged? Take a careful look at the header portion of the message. (In Eudora, open the message and then click the "Blah, Blah, Blah" button in the message tool bar.) Make sure the "Received: from" lines (there's usually more than one if it's not from within SSCC) match the "From" address. Also, check the "envelope-from" address to make sure that matches.
If you receive a suspicious message and would like us to take a look at it, please don't delete the message from your mailbox. Forwarding the message to Consultant doesn't always preserve all the headers so please just contact us and we'll come to your office.
Unfortunately, there's not much we can do to prevent you from receiving this or other types of spam e-mail without censoring e-mail.
SSCC has made improvements in the way IMAP mailboxes are stored. The standard setup had each user's mail folders (except for the INBOX) stored in their UNIX home directory (under /home/u/username/mail). These mail boxes were recently moved to a new storage location (a RAID array purchased with Capital Exercise funds) in /mail/u/username. This provides two advantages:
A symbolic link has been created in users' home directories to point to the new mail location (so IMAP users wouldn't have to reconfigure their clients). PLEASE DO NOT DELETE IT.
IMPORTANT NOTE: IMAP users with non-standard mail directories (mailboxes stored in anything other than /home/u/username/mail) will need to be moved manually because client e-mail software will need to be reconfigured. Please contact Consultant if this applies to you in order to arrange the move.
This is a reminder that it's time to renew your SSCC computer account. SSCC
requires that all accounts be renewed annually. Please take a moment to fill
out the short form.
It should take no more than two minutes. Note that you will need to complete
this form for EACH user name that you have on the SSCC system. The account renewal
deadline is June 30.
This is your last chance to take advantage of SSCC training opportunities this semester. We have just two classes remaining: "Condor Basics", April 11, 1-3 and "Creating a Web Page", April 11, 10-12. Course descriptions and required preregistration information are available at SSCC's training web pages.
We're already thinking about this summer's training schedule. Please send any suggestions to firstname.lastname@example.org.
Go to previous editions of
Go to the SSCC Home Page.
© 2002 University of Wisconsin Social Science Computing Cooperative