Skip to content

Welcome to ACES

Alamo Colleges Education Services is a secure portal connecting Faculty, Staff & Students to Academic Resources, Email, and other Online Resources.

Support Contacts Helpdesk (210) 485-0555 Weather Line (210) 485-0189

Vertical_Bar 

Click Here to Login

Having Problems Logging In? Click Here

Close
Library Info

SAC Library Info

Location:
1001 Howard St.
San Antonio TX, 78212
(210) 456-0554
Hours:
Mon - Thu 7:30am - 8:00pm
Fri 7:30am - 4:00pm
Sat 9:30am - 5:00pm
Vertical_Bar
Close
Selected Log File:

Alamo PC User Name:
Alamo PC Password

Log MessageTypeAuthorPost DateExpiration Date

Security Alert!

 

Beware of Ebola Phishing and Malware Campaigns!

 

NOTE: If you no longer wish to receive these alerts, send a reply with “disable”

 

National Cyber Awareness System:

Ebola Phishing Scams and Malware Campaigns

10/16/2014 04:31 PM EDT

 

Original release date: October 16, 2014

US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.

Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:


This product is provided subject to this Notification and this Privacy & Use policy.

Information Onlymrosado610/17/201410/24/2014 9:00:00 AM

Security Alert!

 

Client-Side Vulnerabilities – Adobe Malware attacks targeting sensitive information!

 

NOTE: If you no longer wish to receive these alerts, send a reply with “disable”         

 

 

 TLP: WHITE

CIS CYBER ALERT

 

TO: All Members

 

DATE ISSUED: October 16, 2014

 

SUBJECT: Invoice Phishing Spam Campaign Distributing Dyre Banking Trojan

 

CIS recently became aware of a massive spam campaign targeting users in various sectors. Phishing emails used in the campaign contains a PDF attachment named Invoice621785.pdf. This attachment is a weaponized PDF document exploiting a vulnerability in Adobe Reader (CVE-2013-2729). After successful exploitation, user’s system will download additional malware from hxxp://rlmclahore.com/Resources/Search/1510out[.]exe. This is a banking trojan similar to Zeus/Citadel that it targets sensitive user information including banking credentials.  As of this writing, all of the major AV products are detecting this malware as Tojan Dyre/Zbot/Fondu. 

 

Phishing Email Characteristics:

Subject:  "Unpaid invoic” [Please note the typo in the subject line]

Attachment: Invoice621785.pdf

 

System Level Indicators (If successful in exploitation):

Copies itself under C:\Windows\[RandomName].exe

Created a Service named ""Google Update Service” by setting the following registry keys:

HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\ImagePath: "C:\WINDOWS\pfdOSwYjERDHrdV.exe"

HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\DisplayName: "Google Update Service" 

Network Level Indicators:

 

First Stage Download:

rlmclahore\.com/Resources/Search/1510out[.]exe

Second Stage C2

stun\.rixtelcom\.se

stun\.sip\.telia\.com

stun\.puhe.sonera\.com

stun\.voipbuster\.com

stun.rixtelecom.se

stun.sipgate.com

stun.ideasip.com

37.59.48\.138

62.71.2\.168

188.165.227\.37

77.72.174\.163

77.72.174\.161

77.72.174\.165

77.72.174\.167

217.10.68\.152

208.97.25\.20

 

Please note that the Domain and IP indicators above were observed during our analysis and the list does not represent all network indicators for this campaign.

 

We also noted that the network communication is using a certificate with organization name “internet widgits pty ltd”.

 

Recommendations:

Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

Do not open email attachments from unknown or untrusted sources.

Limit user account privileges to those required only.

Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.

Keep all operating system, applications and essential software up to date to mitigate potential exploitation by attackers.

Ensure that systems are hardened with industry-accepted guidelines.

Make sure all AV products are up-to-date with their signatures.

Implement filters at your email gateway for filtering out emails with subject line “Unpaid invoic”. [Note the typo]

 

 

REFERENCES:

PhishLabs:

http://blog.phishlabs.com/enhancements-to-dyre-banking-trojan

 

CVE:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729

 

Center for Internet Security (CIS)

Multi-State Information Sharing & Analysis Center (MS-ISAC)

31 Tech Valley Drive

East Greenbush, NY 12061

Phone: (518) 266-3485

7x24 SOC: 1-866-787-4722

Email: soc@msisac.org

Information Onlymrosado610/17/201410/24/2014 9:00:00 AM

Many Alamo Colleges email users have received the SPAM Email below.  This is another attempt to obtain login information for the purpose of gaining access to Alamo systems. Although this uses Alamo terminology and Alamo graphics, this is not an official Alamo Colleges email. The link associated is not affiliated with Alamo and District ITS will never ask for login credential information.

Please do not click on the link provided in the email.

 Let me know if you have any questions. Thanks, 

Roger Castro

District Director of Information Technology Services

rcastro50@alamo.edu

210-485-0400

From: Alamo Colleges [mailto:portal@alamo.edu]
Sent: Thursday, October 16, 2014 10:50 AM
Subject: Account Update Needed

 

cid:5vf7uxba337k@webmail.FoxValley.net

Dear Portal User,

Due to high numbers of inactive portal accounts on the server, all users are advised to sign in to their portal account within 24 hrs of receiving this notice, using the link below, to confirm their portal account activity.

Use
this link to login and confirm your portal account activity.

Failure to update might process your portal account as inactive. Please kindly comply.

Thanks,
Alamo Colleges

 

 

Information Onlymrosado610/16/201410/23/2014 9:00:00 AM