Hackers Use Yale Name
A forged Yale e-mail address has been used to spread a security exploit that infected over one million computers in the last two weeks, including some on the University network.
The exploit, which attacks a weakness in the Windows operating system, can allow hackers to remotely control a computer that downloads it. In one version circulating in the United Kingdom, victims are tricked into clicking on a link in an e-mail purportedly sent by a Yale professor.
Yale Information Security Officer Morrow Long said the University received about 30 complaints from British citizens, but given that victims of hackers rarely bother to complain, many more were likely infected.
“We got some e-mails here from people … who thought we were somehow behind it,” Long said. “We weren’t happy … that we would have our name dragged through the mud in some major virus attacks.”
The Yale forgery is one of more than 200 versions of the bug, which takes advantage of a vulnerability in the way computers render Windows Meta File images. Several versions of WMF attacks — though not the one using the University domain name — successfully infiltrated about 10 Yale computers and attempted to infect 20 more, Long said. University officials first detected an attack on the network on Dec. 29, but Windows did not release a patch to fix the problem until a week later. Long said that given the exploit’s severity, the computers could have been completely destroyed.
Source: Yale Daily News.
There are currently no comments on this thread.