Virus & Phishing Attacks on Swiss Universities
Phishing messages attempt to convince a user to reveal personal
information, such as computer passwords or bank account and credit
card details. Phishing messages can be seen as a sort of intelligence
test.
Virus messages are more dangerous because they attempt to „infect“
a user’s computer by installing software to steal passwords or credit
card details, to seize control of the computer, or to rob a user’s
bank account.
The virus/phishing defense mechanism used by most Swiss universities,
is dependent upon the presence of so-called „signatures“ used by the
scanning software.
A signature is basically a fragment of the virus or phishing message.
A virus or phishing message must be received by a large number of
people before it comes to the attention of an anti-virus organization
and a signature is created.
We have anti-virus software on our mail gateways, on the central Exchange
mail server and on individual work stations. Even with this three-layer
defense, work stations still get infected.
Since mid-summer, Swiss universities received several waves of e-mail
messages containing virus or phishing messages. Since these messages
were specifically directed at the universities, the number of recipients
was relatively small and no signatures were available at the time of the
attack.
We have responded to these attacks by creating our own signatures and
sharing them with the other universities.
We are currently working on a faster response mechanism to handle
virus/phishing waves and investigating ways to quickly identify
infected computers.
Posted on
in Mail, Web