Infosec News and Events

New Infosec Website Launched!

We are pleased to present the newest version of the Infosec website, with many new features to help make navigation as easy and pleasing as possible. While the visual style, and many key pages have been updated, much of the content has been copied over from the old site. With that in mind, some information may still be out of date. I will be going through every page of content over the next couple months and making sure the information is current and useful.

Please contact sate@uga.edu if you have any suggestions for the website. I am particularly interested if you have any questions you had trouble finding answers for on our website. I will add any reasonable requests to the website, or to our FAQ.

Advisories

A worm named Conficker (W32.Downadup.C) is set to activate on April 1st, which promises to cause headaches in trying to remove the worm, as well as security risks and network congestion. The best way to prevent a Conficker infection is to ensure any Windows computer is up to date on Critical Windows Update security patches, specifically MS08-067.

Conficker is a worm that exploits a vulnerability in Microsoft Windows in order to download and execute malicious code. It will also infect any other vulnerable computers on the network. Variant C is especially dangerous as it will disable many security functions built into Windows, as well as most anti-virus programs, including F-Secure. Many third party security tools, and security websites will also be blocked by variant C.

To test whether your computer is already infected with Conficker, try to access F-Secure's website. If access to the page is blocked your computer may be infected. Contact the EITS Help Desk at 706-542-3106 for assistance.

For more information regarding Conficker, please use the following links:

• SC Magazine: No joke -- Conficker worm set to explode on April Fool's Day
• Wikipedia: Conficker
• EITS Press Release

This is to notify the University community that emails received on campus requesting that you send your password via return email are fraudulent. Do not respond to these emails.

Please be aware that you will never be asked to send your password in an email from official UGA communications. Indeed, you should never send your password through email to anyone under any circumstances.

Phishing attacks are a common threat when using your e-mail account. Never trust an e-mail requesting your login or password. These scams will often provide links to pages that look like a credible institution. However, once you submit your information, your account can be compromised and used for illegal purposes. This is especially dangerous with financial accounts, but you should also be careful with your MyID, and all other personal information.

If you are concerned your bank or UGA needs to speak with you, call customer support or the help desk and ask. You can also look on the front page (or login page) for the organization in question. If there is a large scale problem, information will be readily available on one of these front pages. But never even click on a link in a potential phishing e-mail, as it might contain a virus.

One final tip to know you are dealing with a phishing scam is to mouse-over the link and look at the status bar or pop-up describing where the link leads. If the first part of the link looks very unfamiliar, followed by the legitimate link at the end, it is definitely a phishing scam. An example would be http://1jklh.s0mwhere.ru/asfi/ugamail.uga.edu/

For more information, please visit our phishing information page.