Rapidly spreading virus/malware on Android

There has been a recent surge in compromises of Android devices by what appears to be drive-by malware (similar to a computer virus) that is infecting Android smartphones and tablets. Little or no user action needed beyond simply clicking a link or visiting a compromised website, and there may be no clear indications that a device is compromised afterward. You need not fall for a scam or go to a site with a poor reputation to be a victim, some very high profile sites and advertising services have been compromised recently to spread this malware.

This is a particularly sophisticated piece of software that in theory could similarly be used to exploit iOS, MacOS, Windows, and other devices though at present it has only been confirmed on Android.

Prevention and Remediation:

Install antivirus software and scan your device

Since most information about this malware is still preliminary and incomplete, any precautions we recommend may not offer complete protection. Regardless, the best information at the present recommends the use of one of the following antivirus solutions – they are typically available free for personal use in the Google Play store (in alphabetical order, we’re not recommending any particular one of these solutions over another at this time):

• Avast! Mobile Security
• Lookout Mobile Security
• Sophos Security & Antivirus

The latest information at the time of this writing is that AVG and a number of other antivirus products do not yet have the ability to detect this malware, though we expect that to change soon.

In addition, go to Settings -> System Updates to check for any software updates for your device.

If an infection is found, we strongly urge you to change the passwords for any accounts that may be saved on the device. Other accounts using that same password may be compromised as well.

Background:

Since April 28th, a relatively small number of e-mail accounts have been compromised, but we were unable for quite some time to determine how those account credentials might have been exposed. In addition we’ve been consistently seeing one new compromised account every day or two. Compromised accounts are typically used to send a simple e-mail like the one below to between 40 and 50 recent contacts:

androidspam

Washburn is not alone in seeing this. Washburn ITS staff have been working together with IT staff at other universities around the country who have been experiencing the same thing. Similar spam messages have been seen on commercial mail and chat services as well – Yahoo mail, Gmail, Hotmail/Outlook.com, Facebook, and Twitter to name a few.

While a full analysis of this malware is not yet available, we now know that these links were being used both to direct people to fake diet-pill websites and along the way Android devices were specifically targeted for compromise, infection, and exploitation.

We believe e-mail account credentials are being compromised as well if they have been saved in web browsers or applications on the compromised Android devices. There are also indications that if the same password is used on multiple accounts, other accounts using that same password may be compromised as well.

We’ll provide additional updates as they are available.

New Employee in User Services

Please welcome Bryan Carney to Washburn as a new employee in User Services.  Bryan fills the position of Technology Support Technician I and will eventually be located in Petro Allied Health Building as their building technician. 

Bryan is A+ certified in CompTIA A+ Essential hardware and Software and CompTIA A+ Remote Support Technician.  His recent work experience was working as a sale consultant for Office Max.  Prior to that position, he worked for EnsurePC as a computer repair technician and sales.  Bryan graduated from Washburn Institute of Technology with a technical certification in Computer Repair and Networking.

Bryan will spend part of the summer with his office located in Bennett Computer Center room 106 while he learns processes and procedures.  Prior to the start of the fall semester, he will be moved to Petro where he will be permanently located.  His office will be located in the School of Nursing department.  I know that the School of Nursing as well as all of Petro is excited to have Bryan hired and to start working.

Please help us welcome Bryan to Washburn!

Bryan Carney
Bennett 106
bryan.carney@washburn.edu

 

Washburn E-mail Quarantine Access and Purpose

Log on Window for E-mail Filter

Log on Window for WU E-mail Filter

The Washburn University email system has a spam filter in place to help protect from unwanted email, viruses, and other malicious messages.  We  have had this spam filter (WU E-mail Filter) for the past few years.  The system scans all incoming and outgoing email and assigns a numeric rating on whether the message being sent or received is a spam message.  The higher the rating the better chance that message has of going into the spam quarantine.

The WU E-mail Filter, or spam quarantine, is there to protect you from those malicious messages from the Internet.  To access your spam quarantine, visit the following web site:

https://mxgateway.washburn.edu/cgi-mod/index.cgi?locale=en_US

Log on using your MyWashburn user ID and password.  This will display any messages waiting in your spam quarantine.  From here, it is possible to see a list of any messages that have been held and not delivered to your e-mail inbox due to the message being tagged as spam.

Click on the message in the quarantine to see a preview of the message.  This will allow you to see the contents of the message without it being delivered to your inbox and possibly infecting your computer.  When clicking on the email in the list, this opens a new window, which allows you to preview the message.  If the message should be delivered, click the deliver button.  However, if the message should not be delivered, close the window and either click delete next to the message, or check the box to delete a list of messages.

Occasionally, messages that should be delivered to your inbox end up in the quarantine.  In order to keep that from happening, there a few options.  The first option is to click the deliver button which would allow the message to deliver.  If the sender is someone you expect to hear from often, click the link for whitelist.  This will add the sender address to your whitelist so that those messages will not be held in the quarantine.  It is also possible to manually enter e-mail addresses into the whitelist through preferences.  This option also allows the adding of entire domains.  So, if you are working with a vendor and multiple people are contacting you, you could add their domain.com into your whitelist and anyone sending from that vendor would make it into your inbox.

The feature I use often is to go through and mark those messages in my spam quarantine that I know are spam. It is possible to mark multiple messages that based on the sender and subject I know I do not want to see.  Check each message and then click on Spam at the top of the list.  This does two things for you.  First, it adds them to your spam list and second it sends the sender information to the vendor who manages the product so they can possibly block it for other people too.

WU E-mail Filter Preferences

Preferences for changing settings within the WU E-mail Filter

The preferences menu is at the top of the window.  From the preferences, it is possible to see the Whitelist/Blacklist items that you have marked.  It is also possible to add/remove addresses from the list.  Click the Whitelist/Blacklist link to view this section.

The Quarantine Settings is the section where it is possible to specify how often the WU E-mail Filter notifies you when there are messages in your spam quarantine.  By default, the notice will be sent to your Washburn e-mail address.  I prefer to have mine set to daily as I get a lot of e-mail and many of the messages end up in my quarantine.  This is also the area where it is possible to disable your spam quarantine.  If the spam quarantine is disabled, messages that would normally be held for review would be delivered to your e-mail inbox and tagged with [SPAM] or [POSSIBLE SPAM].  This can be turned on or off as needed.  The recommendation is to leave this setting turned on to protect you and your computer from possible harmful e-mail messages.

The last tab is the Spam Settings.  This is the area where it is possible to change how messages are tagged.  The default is to use the system settings, but it is possible to change to your desired settings if needed.

If there are any questions or problems regarding the WU E-mail Filter, please contact ITS User Services at support@washburn.edu or by calling 785.670.3000.

 

New employee in Online Education Support

Please help me welcome Qing Zhang to Washburn as a new employee in Online Education Support. Qing will fill the Online Education Support Specialist II position.

Qing Zhang Online Education Support Specialist II at WashburnHer primary responsibilities will be support of faculty, students, and staff in the use of Desire2Learn and Respondus; as well as assisting Marc Routsong, Online Education Support Coordinator; in the administrative functions of Desire2Learn.
Qing has a Master of Science degree in Instructional Design and Technology from Emporia State University. She has extensive experience presenting at conferences on topics such as: Integrating Digital Tools into the Classroom, Teaching and Learning with Mobile Devices,and Using Google SketchUp in Teaching and Learning. Qing was also a graduate teaching assistant at Emporia, co-teaching courses such as Advanced Instructional Technology for Educators and Technology in the Classroom.
Qing will start at Washburn tomorrow. Help us welcome Qing to Washburn. We are excited to have her join our staff!

Qing Zhang -Online Education Support Specialist II
Henderson Learning Resource Center-room 3A
qing.zhang@washburn.edu
785-670-2381

Norm Koester’s retirement video

If you missed the retirement reception for Norm Koester on Friday, May 10th you still have a few days (until Wed., May 15th) to wish him well!

See what other Washburn, ITS employees have to say about Norm!

New Guest Wireless Network

On Tuesday, May 14th ITS will begin activating a new wireless network for guest users.  The wireless network will show up as WUGuest and will be open to anyone for Internet access without requiring special provisioning by ITS staff.

This guest network will have some important limitations and is intended to provide access the most commonly used Internet services.  Because of its open nature we have taken measures to limit misuse and abuse.  If you are hosting guests who will need access that exceeds the limitations noted below contact ITS at support@washburn.edu or at 785.670.3000

  •  Visitors will have to provide their name, e-mail address, and phone number and accept our terms of service in order to use the network.  You can preview the sign-in page here:  https://netreg.nix.washburn.edu/wuguest.shtml (note that this link will not work off-campus)
  • Visitors will be able to use WUGuest for up to 3 days at a time, after 3 days they will be locked out of WUGuest for another 3 days before they can access the network again
  • Access to websites will have the same content restrictions in place at Washburn Institute of Technology.  Because of K-12 students there we are mandated to restrict access to certain types of content (e.g. pornography and other material considered harmful to minors), we will extend that content filtering to this guest network
  • While we are not currently a member of Eduroam, we will be following Eduroam access standards as listed here: https://www.eduroam.us/node/69

The following services can be expected to work normally:

  • Standard web browsing (HTTP and HTTPS)
    • Web-based e-mail like Gmail, Outlook.com/Office365, Yahoo, and most corporate webmail clients
    • Basic video services like YouTube
    • Any publicly-accessible Washburn web services
  • Dropbox or similar file storage services that use web-only protocols
  • IMAP, POP3, and Secure SMTP for e-mail
  • VPN connections
  • Windows remote desktop
  • SSH connections

Due to restrictions on the guest network, the following services will not work in most cases:

  • Insecure SMTP for sending e-mail (port 25)
  • Network printing
  • Many chat programs
  • Most videoconferencing applications
  • Enhanced video services such as Netflix
  • Most peer-to-peer file sharing applications
  • Most multiplayer online games
  • Anything determined by the content filter to be potentially harmful to minors

We will still register visitors sponsored by faculty or staff for unrestricted Internet access on WUPublic on request.  Current faculty, staff, and students will still be able to register their own devices for unrestricted access on WUPublic as well.  Note also that WUPublic will be renamed WUCampus on August 1st.

We invite your feedback on this and other issues as we continue to work on improving services to campus.

Norm Koester retirement reception

Norm Koester has worked at Washburn University as an Electronics Technician for the past 25 years and will retire this month!  Norm’s last day at Washburn will be May 15th, 2013.  We will have a  retirement reception for Norm and hope that you will be able to stop by and wish him well as he transitions into retirement!

Norm Koester ITS Electronics Technician

Norm Koester ITS Electronics Technician

Norm Koester
Retirement Reception

Friday, May 10th

1:00-2:00pm

Kansas Room

(Refreshments will be served)

Norm began work at Washburn in the Media Center and continues to work in the Instructional Services area of Information Technology Services until his retirement.  He has performed repair and maintenance on many electronics from mediated classroom projectors to adding wiring for installation of new emergency security buttons for the business office and president’s office.  Norm has been a dedicated employee for Washburn University demonstrated through his quick response for classroom projection systems for instructor use to his broad knowledge of security cameras, cable television system, and audio and video equipment. Norm is also known in ITS for his cooking expertise, sharing everything from his famous chocolates at holiday time to his variety of breads and baked goods and vegetables from his garden.
We will miss Norm’s quick wit and wonderful humor, but wish him the best in his retirement!  Happy Retirement NORM!

Name change to WUPublic wireless August 1st

ITS will be renaming the WUPublic wireless network to WUCampus at the same time as our annual purge of wireless device registrations on August 1st.

We’re doing this to reduce confusion between the new WUGuest wireless network and WUPublic.

No other changes to that network are planned at this time, nor will we be making any changes to WUPrivate.

Office 2013 Evaluation with Deployment for Fall 2013

Microsoft has released a new version of the Office suite.  Over the course of the summer, we will be evaluating when we should migrate to the new version.  The new version is 2013 and while it has a lot of the same features, the user interface has been updated.

The new version has already shown up on new computers and students, faculty, and staff are able to purchase Office 365 which includes Office 2013 for their personal computers.  Microsoft always allows for backward compatibility and in this case it is no different.  Office 2013 will be able to open older versions and there is a conversion tool available to be able to open 2013 files on older installations.

By July, we will have reviewed Office 2013 to determine if there are issues that would delay us to a later date for the update.