Carnegie Mellon University Website Home Page
 

SECURITY ADVISORY: Malicious DVDs Sent Through Mail

(US Eastern Time)
DAY: Tuesday
DATE: June 19, 2012

WHOM DOES THIS AFFECT?

Students, faculty and staff members

SUMMARY:

Several universities have recently reported that members of their communities have received malicious DVDs through the mail. The mail indicates that there is a possible security issue and includes a DVD with alleged details on the security issue. In reality, the DVD contains malware. Reports indicate that this malware is not being recognized by antivirus software.

WHAT YOU NEED TO DO:

If you receive an unexpected DVD in the mail indicating a possible security issue:

1. DO NOT insert the DVD into your computer.
2. Contact the Computing Services Help Center, your departmental computing administrator or your DSP consultant.
                

MORE INFORMATION:

As a general best practice, users should ensure that AutoPlay and AutoRun functionality is disabled on their computers.

Note: Windows computers managed by DSP already have the AutoRun feature disabled.

For Microsoft Windows users:
1. Select Control Panel > Hardware and Sound > AutoPlay
2. Adjust settings so that AutoPlay is disabled.

For Apple OSX users, AutoRun is not a feature. However, users can review AutoPlay features for music, photo and video media:
1. Select Apple > System Preferences > CDs & DVDs
2. Adjust your settings so that CDs and DVDs do not automatically play.


CONTACT:

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental administrator or DSP consultant.