Current Security Threats

08.18.2008 E-Mail Phishing Messages

In recent months the University has been targeted by individuals attempting to gain user information by way of phishing attacks These individuals are sending e-mails to large numbers of University e-mail accounts claiming to be "system administrators". Please be very careful when dealing with any messages asking for personal information. University system administrators will NEVER ask for your personal information. For more information please visit the STS Phishing information page If you feel that you may have inadvertently provided your information to a non-GW individual please contact the STS hotline at 202-994-7041.

04.18.2008 Facebook Third-Party Applications Resulting in Infections

Multiple users have been infected by currently unknown threats via installation/use of malicious Facebook third-party applications. Users are advised against installing any software associated with untrusted web applications, as they may provide an infection vector for malware. As Facebook's third-party app functionality continues to expand, this threat will continue to evolve/expand.

03.27.2008 Multiple Critical Vulnerabilities Identified in Safari 3.1 for Windows

Security researchers have identified multiple vulnerabilities in Safari v3.1 for Windows which may allow a hacker to remotely execute arbitrary code on the user's system. Researchers are currently analyzing other versions of Safari to determine if the vulnerability extends to other releases. Users can mitigate their vulnerability to this threat by utilizing a different web browser and/or avoiding untrusted websites. For more information on this threat, please click here.

Note: Many Windows-based iTunes and Quicktime users may have recently unknowingly installed this version of Safari, as it was bundled and deployed along with updates to other Apple software.

03.25.2008 Winamp Versions Vulnerable to Exploitation

Security researchers have identified a vulnerability in multiple versions of Winamp media player which may facilitate the execution of unauthorized code and/or installation of malicious programs. Winamp versions 3.x - 5.0 which utilize the "Modern Skin Support" feature are currently vulnerable. Users can upgrade to version 5.05 or disable the Modern Skin Support feature to reduce their exposure to this threat. For more information, please click here.

02.13.2008 Fake Bank of America Email

Multiple users have received emails claiming to be from Bank of America which indicate that the user must take steps to update the security certificates on their computer. Although these messages use branding similar to the Bank of America website, the messages are not authentic. Users should avoid opening emails that claim to originate from banks, and should never comply with messages or links that request personal or account information.

02.05.2008 Facebook Photo Uploader Vulnerability

A buffer overflow vulnerability  in the Facebook Photo Uploader ActiveX control may permit a hacker to infect a user's computer and take control of the system. Users can use an alternate browser that does not use ActiveX such as Firefox or Safari to reduce the risk of infection. For more information on this threat, please click here.

01.05.2008 Facebook Widget Installing Zango Adware on User Computers

Users who install the "Secret Crush" widget in Facebook are prompted to download and install a desktop application. Additionally, users must invite at least 5 friends in order to determine who their "secret crush" is. However, the desktop application is actually a form of spyware/adware. Users are again advised against installing third-party software from unknown sources. For more information on this threat, please click here.