“Heartbleed” OpenSSL Vulnerability (CVE-2014-0160)

A serious vulnerability in the OpenSSL library has been discovered. This vulnerability, known as “Heartbleed” (the bug is in the heartbeat extension of the OpenSSL code) makes it possible for a malicious entity to steal information from a server that utilizes the OpenSSL library.

The following OpenSSL branches are vulnerable:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive)

The following branches are NOT vulnerable:

  • OpenSSL 1.0.1g
  • OpenSSL 1.0.0
  • OpenSSL 0.9.8

More details are available at http://www.heartbleed.com .

Phishing Attempt – 2014/2/25

The Information Security Office has been made aware of a phishing attempt that has been sent to some UTA employees.  Please delete this email if you receive it:


From: IT.SYSTEM.ADMINISTRATOR@mta5.xxx.xxx.edu [mailto:IT.SYSTEM.ADMINISTRATOR@mta5.xxx.xxx.edu]

Sent: Tuesday, February 25, 2014 11:02 AM
To: Recipients
Subject: Your Input Needed: URGENT

Your EMPLOYEE ACCOUNT have been compromised. The is the cause of the recent increse in unsolicited emails. You are to CLICK HERE and verify your account so that we can effectively thwart the damage done by phishing on our network.


Systems Security

Phishing Attempt – 2014/2/04

The Information Security Office has been made aware of a phishing attempt that has been sent to some UTA employees.  Please delete this email if you receive it:


From: Support
Sent: Tuesday, February 04, 2014 8:28 AM
To: User
Subject: Your Email Account

Dear Subscriber,

Due to congestion on our webmail servers, all unused and unconfirmed accounts will be shut down. It is mandatory you confirm ownership of your webmail account by clicking ClickHere and following the instructions by completing the form or your account will be suspended.

We sincerely apologize for any inconveniences caused.

Customer Dept.

Copyright 2013, All Rights Reserved

New Ransomware Threat (Cryptolocker)

Malicious software (malware) come in the form of viruses, Trojans, bots, etc. There is a newer category called “ransomware” that may prevent access to a computer, or the data on it, unless the victim pays a the malware creator money. The Cryptolocker virus is one such ransomware that has recently surfaced that encrypts the victims files by making them inaccessible. If you fall victim to this virus, there is no way to unlock the files and you will need to rely on your backups. UT Arlington’s email system as well as computers that run System Center EndPoint Protection or McAfee software are protected from this malware.

Cryptolocker is typically sent via a Phishing email.

What does it Do?

Once a computer is infected with Cryptolocker the user’s documents are encrypted with a secret key that effectively keeps the user from accessing their files. It can also spread to your networked drives or attached flash drives. Cryptolocker then demands approximately $300 within a limited amount of time in order to provide a key to decrypt your files. If you don’t pay up, they delete the key, and your files will be unrecoverable.

What can you do?

The following preventative measures are recommended to protect your computer from a CryptoLocker infection:

  • As with all email – do not open suspicious e-mails or unexpected attachments.
  • With the holiday season approaching, be wary of unexpected messages that appear from UPS, FEDEX, US Postal Service or other such mail/package delivery services that include attachments or links – it is safer to go directly to the service websites and enter any tracking numbers than click included links.
  • As the calendar year comes to a close, be wary of any unexpected emails that include attachments or links relating to tax returns.
  • Be wary of any payroll deposit notifications that include unexpected attachments.
  • If an email message appears unusual verify the identity of the sender of any attachments, whether through an informal consistency check of the e-mail address and content of the e-mail or formal communication with the sender.
  • Perform regular backups of all systems to limit the impact of data and/or system loss – UTA computers can use share  drives for the backups (as appropriate) or contact OIT for CrashPlan.
  • Make sure your computer has updated anti-virus software and enable automatic updates for malware-signatures and software. Systems managed by OIT or that are part of the UTA active directory should have the antivirus software.
  • Antivirus software for university owned computers are available on OIT’s download site.
  • Make sure your computer is updated/patched of all software by using automatic updates.
  • Practice safe computing. Never open an attachment from someone you don’t recognize.
  • Keep your antivirus up to date and scan regularly.
  • Backup your data regularly and store it in a separate location. If you use an external hard drive, , disconnect it from your computer when not in use.

Note that the tips above apply to your home computers with the exception that you will need to acquire your own antivirus software. Free antivirus software is available for personal use (not to be installed on UT Arlington computers) on the BlazeWare site.

What do I do if infected?

  • Turn off your computer immediately. If you get infected, the virus will move faster than you can.
  • Get help from your tech support.

You can find more information about this at the following:


References: http://answers.uchicago.edu/page.php?id=34505

As always, the Information Security Office is monitoring the situation and can be reached at security@uta.edu.