About UAB IT Alert: New Spam Campaign Discovered
UAB Information Security recently discovered a new spam campaign where users are tricked into opening an email attachment that contains a virus aimed at stealing passwords and financial information. As with any suspicious email messages you may receive, please report them to This e-mail address is being protected from spambots. You need JavaScript enabled to view it for inspection.
The recent spam email messages are crafted to look like they came from one of several legitimate companies such as Chase Bank, the Better Business Bureau (BBB), Department of Treasury, Dun & Bradstreet Financial Services or a wire transfer company. You should be aware that these emails are forged and that none of the information included in the email can be trusted including embedded links, e-mail addresses or phone numbers.
Here are some of the common email subject lines we have seen in this spam campaign:
• FW: Company 2013 Report
• Incoming Wire Transfer Notification
• D&B iUpdate: Company Order Requested
• Department of Treasury Notice of Outstanding Obligation – Case ######
• Better Business Bureau Complaint Case #######
• Merchant Billing Statement
• ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)
TweetUAB IT Guidance to Mitigate Java Vulnerability - Updated April 29, 2013
UAB IT Provides Critical Guidance to Campus on Appropriate Versions of Internet Explorer, Mac OS, and Java to Mitigate Risks of Exploitation
A critical security vulnerability was recently identified in the Java software used by many browsers for accessing Internet and internal web sites. In response the U.S. Department of Homeland Security recommended that all web users disable or remove Java to mitigate the risks. However, as many UAB systems require Java, UAB IT is providing guidance to the UAB Campus that will both protect the university and will provide the ability to continue accessing the required UAB systems. Part of that guidance includes using separate browsers for accessing UAB vs. non-UAB websites, and using certain browser versions and Java versions.
Windows Systems:
• On Windows 7 Install IE 9 and Java 1.7.0_21
• On Windows XP install IE 8 and Java 1.7.0_21
UAB IT has updated the minimum recommendations for versions of Internet Explorer and Java as UAB systems have improved functionality to support newer browsers and the currently secure version of Java. Internet Explorer 9 and Java 1.7.0_21 are recommended for installation on Windows 7 and IE 8 with Java 1.7.0_21 on existing XP systems. UAB IT also recommends using a separate browser with JAVA disabled for Internet use. Use IE for on campus with Java enabled and your choice of Firefox or Chrome for Internet browsing with JAVA disabled (for information on disabling Java click here).
Mac Systems:
• Install OSX 10.8 and Java 1.7.0_21
UAB IT has updated the minimum recommendations for versions of Mac Operating systems and Java as UAB systems have improved functionality that are compatible with the current version of Java. The recommended operating systems for use on Campus are Apple OSX 10.7x and 10.8x. While Apple OSX 10.6x is still supported by Apple, vendors are no longer testing against it for compatibility. Apple operating systems will not run any version lower than Java 1.7.0_21.
UAB IT also recommends using two different browsers — one for surfing the Web and one just for accessing UAB systems. For Internet Web browsing, use one of the following: Firefox Safari, or Chrome, with Java disabled (for information on disabling Java click here). For working with just UAB systems, choose a different browser and enable Java to work in it. If you run into compatibility issues with the local browser and UAB IT systems, use the IT terminal servers to access UAB resources via RDP client (for information on using IT terminal servers on Mac click here).
For more information, contact AskIT (www.uab.edu/askit).
Security Forum to Conduct IT Survey
The UAB Security Forum will be conducting a survey of information technology personnel across the entire campus, including UAB Hospital. A letter describing the content of the survey, and how to access it electronically will be sent to UAB leaders via email in the coming days. All employees who are being asked to complete the survey should respond as soon as possible. Questions can be directed to the Security Forum co-chairs, This e-mail address is being protected from spambots. You need JavaScript enabled to view it , School of Medicine, or This e-mail address is being protected from spambots. You need JavaScript enabled to view it , School of Business. Additional information will be available from This e-mail address is being protected from spambots. You need JavaScript enabled to view it , UAB Information Technology.
