August 8, 2008

Purdue community warned of e-mail scam

The e-mails use CNN graphics and provide a link to what appears to be a CNN video player site, said Scott Ksander, executive director of networks and security for the Office of Information Technology at Purdue. Instead of playing the video, the site prompts the user to download a Flash player update, and the download contains a virus.

"These e-mails are prime examples of the use of social engineering to infect your computer," Ksander said. "The CNN brand is well-respected, and 'top stories' and 'alerts' are commonly used for valid communications. The stories featured in the malicious e-mail are either actual stories currently in the news or stories that are plausible. This piques people's interest. Eager to see more information, they click on a link that takes them not to CNN but to some site designed to infect them with malware."

The malicious software in this instance is named "flash_player.exe," "get_flash_update.exe" or something similar, Ksander said.

The false update installs an antivirus program titled "Antivirus XP 2008," which falsely informs the user that several viruses were detected, and that the user must purchase the full version of the program in order to remove them. The virus also installs other malicious software that could be used for other criminal activities.

Ksander said that maintaining up-to-date antivirus features is important to good security practices. Crucial practices include not opening or clicking links in unsolicited e-mails, not visiting untrusted sites, and not downloading untrusted or unknown links.

In order to receive a legitimate news alert from CNN, you first must subscribe to the service. Messages then come from CNN with the subject line "CNN Breaking News" and are sent from a "@mail.cnn.com" account.

Source: Scott Ksander, (765) 496-8289, ksander@purdue.edu

Purdue News Service: (765) 494-2096; purduenews@purdue.edu

To the News Service home page