Recent computer attacks on campus target Macs, e-mail
by LESLIE CHURCH
It’s not just biologists who are studying infection at Rockefeller. Computer security experts based in the IT Pavilion have been kept busy in recent months managing outbreaks of viruses and other malware on campus computers.
In June more than a dozen people on campus fell victim to a phishing attack, a type of attack in which hackers send e-mails from what appears to be a trustworthy source asking for personal information such as a username and password. And the IT staff spent much of April working to repair damage caused by the Flashback trojan, a piece of malware that infected 30 Macintosh computers on campus and hundreds of thousands worldwide.
In the phishing attack, hackers sent e-mails to campus users stating that their e-mail quota was at capacity and prompting them to follow a link to fix the problem. Users who clicked the malicious link were prompted to enter their passwords, which the hackers then used to log on to that person’s e-mail account and send thousands of malicious e-mails to both university members and external e-mail addresses. This led HHMI, AOL and Gmail, among others, to quickly throttle the university’s e-mail traffic, drastically slowing the rate at which Rockefeller e-mails could be delivered.
“IT will never ever ask you for your password,” says Marty Leidner, chief information security officer. “Users must be particularly careful to only enter their passwords on a Web site they purposely went to. You can also hover your mouse, without clicking, over a link in an e-mail to see where the link will take you. If it looks the least bit suspicious, don’t click on it.”
The Flashback trojan works like the Trojan horse for which it is named: it sneaks onto computers when the user visits an infected Web site and agrees to a seemingly innocuous download of bad code. On the surface everything looked fine. But back in the IT pavilion, staff could see that computers on campus were being hijacked and forced to join a botnet: a network of computers controlled by a cybercriminal.
Meanwhile, the Flashback trojan was at work on the users’ browsers, intercepting search queries and returning fraudulent results. It’s part of a global criminal scheme: every time someone clicks on one of the fake results, the owners of the botnet get paid.
“This isn’t the lone hacker making a name for him or herself and showing off how cool they are,” says Bart Mallio, information security intelligence analyst at Rockefeller. “When the internet got monetized with electronic commerce, organized crime groups started getting involved. The cyber-criminals behind Flashback struck a deal with companies to get paid for making their sites come up first in a search results list.”
It’s not known who created the malware, but with more than 600,000 computers infected worldwide, it’s estimated the criminals were raking in $10,000 a day.
Rockefeller’s information security personnel responded to the outbreak by first quarantining and then patching the affected computers with software that blocks the trojan. Although no data was stolen, the potential for a data breach exists whenever a virus, worm or trojan enters the Rockefeller network.
“The malware had control of people’s machines — it could have done many damaging things. It could have, for example, stolen electronic banking credentials,” says Leidner.
The fact that only Mac computers were targeted shows a shifting trend in the world of computer viruses and hacking. Macs were traditionally thought to be resistant to malware because hackers would create viruses that targeted the majority of machines out there: Windows PCs. As Apple’s popularity has risen — Macs constitute about 40 percent of campus computers — cybercriminals see an easy target on devices that often don’t have antimalware software installed.
While the number of attempted attacks on all campus computers has seen a sharp rise in the last three years, the number of attacks that successfully infected computers has dropped, thanks to upgraded network hardware and antimalware software on campus computers. In the first four months of this year there has been a 60 percent reduction in malicious attacks on the campus compared to the same time frame in 2011 (see charts, above). However, although there have been fewer attacks, the severity of the average attack is increasing, requiring more time and resources to mitigate.
The most important steps one can take to safeguard a computer are to run antimalware and promptly and regularly patch all computer programs. IT launched a campus ad campaign in April to encourage Mac users to download Symantec Endpoint Protection, which is available for free to the Rockefeller community. The campaign resulted in over 200 Mac users on campus installing Symantec for the first time.