Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
March
Security Alert - Database Upgrade Phishing Emails
Security Alert - SquirrelMail Phishing Emails
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Security Alert: SquirrelMail Phishing Emails

Who: Everyone

What:  SquirrelMail Phishing Emails

When:  Mar 14, 2008

How:
Phishing Emails Sent to Carnegie Mellon Accounts Fraudulent emails have recently been sent to Carnegie Mellon email accounts claiming to be from the Squirrel Mail Development Team <development@squirrelmail.org> asking people to login to a fake website to download an update.


A sample message follows:

From: Squirrel Mail Development Team <development@squirrelmail.org>
Date: Thu Mar 13 20:54:36 2008
Subject: We Advise All Asers Of  Squirrel Mail  1.4.11, and 1.4.12  To upgrade

Dear Clients,

Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server.
So upgrade to  Squirrel Mail Development Team by  click Squirrel Mail Login <http://XXXXXXXXXXXXXX>  here to upgrade to our new version 1.4.14-rc1

We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.

What You Need To Do:
If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

Follow the detailed steps below:

  1. If you entered your username and password into the fraudulent website indicated in the email, change your password immediately and contact the Computing Services Help Center.
    1. Change to a strong password by visiting the My Accounts: Password page.
    2. Contact the Computing Services Help Center at x8-HELP(4357) or send email to advisor@andrew.cmu.edu.
  2. If you received the fraudulent email, delete it.
  3. Secure Your Computer***
    Mac instructions
    Windows Vista instructions
    Windows XP instructions

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.