Security Bytes: George Mason U. hacked; new Trojans on the loose

George Mason University hacked; 30,000 people affected
Hackers have made off with the personal information of more than 30,000 students, faculty and staff at George Mason University, the institution acknowledged Monday. Online intruders broke into a server housing information used on campus identity cards. Joy Hughes, the school's vice president for information technology, said in an internal e-mail sent over the weekend and seen by CNET News.com that "the server contained the names, photos, Social Security numbers and (campus ID) numbers of all members of the Mason community who have identification cards." Hughes warned that campus community members should contact the major credit bureaus to flag their accounts for possible identity fraud. "It appears that the hackers were looking for access to other campus systems rather than specific data," Hughes wrote. "However, it is possible that the data on the server could be used for identity theft."

George Mason is a public university in Fairfax, Va., a suburb of Washington, D.C., with smaller campuses in Arlington, Va., and Prince William County. It reported 26,796 students enrolled as of fall 2002, and 3,908 faculty and staff members. It also is home to the Information Security Institute, the Lab for Information Security Technology and the Center for Secure Information Systems, which has been designated a "Center of Academic Excellence" by the U.S. National Security Agency, CNET News.com noted.

Last year, George Mason said it would stop printing Social Security numbers on campus ID cards and would instead generate unique "G numbers" for each student and each member of faculty and staff, in reaction to a Virginia state law requiring state agencies and universities to change their practices to better protect personal information. But the server with the ID card information still stored Social Security numbers in its database, according to the George Mason e-mail.

Two new Trojans on the prowl
Glendale, Calif.-based PandaLabs said it has detected two new Trojan horses spreading through P2P networks in video files. Trj.WmvDownloader-A and Trj.WmvDownloader-B exploit new technology incorporated into Microsoft Windows Media player called Windows Media Digital Rights Management (DRM), designed to protect the intellectual property rights of multimedia content.

When a user tries to play a protected Windows media file, the technology demands a valid license. If the license isn't stored on the computer, the application will look for it on the Internet, so that the user can acquire it directly or buy it. This new technology is incorporated through Windows XP Service Pack 2 and the Windows Media Player 10 update, PandaLabs noted.

"If the user runs a video file that is infected by one of these Trojans, they pretend to download the corresponding license from certain Web pages," PandaLabs said in an advisory. "However, what they actually do is redirect the user to other Internet addresses from which they download a large number of adware, spyware, dialers and other viruses. Examples of malicious programs and viruses these Trojans download include:

• Adware.Funweb
• Adware.MydailyHoroscope
• Adware.MyWay
• Adware.MyWebSearch
• Adware.Nsupdate
• Adware.PowerScan
• Adware.Twain-Tech
• Dialer Generic
• Dialer.NO
• Spyware.AdClicker
• Spyware.BetterInet
• Spyware.ISTbar
• Trj.Downloader-GK

"Even though these Trojans have been detected in video files with extremely variable names which can be downloaded through P2P networks like KaZaA or eMule, bear in mind that they can also be distributed through other means, such as files attached to e-mail messages, FTP or Internet downloads, floppy disks, CD-ROM, etc," PandaLabs warned.

BMC Software acquires Calendra to enhance ID management line
BMC Software of Houston announced Monday it is buying Paris-based Calendra for $33 million. The acquisition will enhance BMC's identity management product line with additional directory-centric information and a customizable delegated workflow. It also will allow customers to create directory applications that ensure security policies are enforced across a network, from portals and PKI managed systems to legacy systems, the company said in its announcement. The company plans to merge Calendra's workflow and directly management capabilities into its signature CONTROL-SA provisioning software. Calendra has more than 200 customers and 5 million managed users worldwide, BMC said. A Gartner analyst said the acquisition was part of a vendor consolidation taking place in the popular ID management arena.

Arrests made in vast online scheme
Four high school students from Sydney, Australia, have been charged with helping an organized criminal gang steal millions of pounds from online bank accounts in a global Internet banking scam operating from Australia to Eastern Europe, according to Australian media reports. Nine more suspects have also been arrested, including two reported ringleaders of the gang's Australian operation. According to the media reports, the criminals used bogus advertisements and spam e-mails that secretly installed backdoor Trojans onto computers to capture passwords and other bank details. The Australian teenagers were then recruited as mules to aid in the transfer of stolen funds into Eastern European-based bank accounts. "Criminal gangs are getting more and more sophisticated with their tricks to make millions of pounds out of innocent people; tempting naive teenagers with the opportunity of making a quick buck is another one of their schemes," Graham Cluley, senior technology consultant at Lynnfield, Mass.-based antivirus firm Sophos, said in a statement. "It's reassuring to all online bank customers that these criminals are being uncovered and charged, however, users should still be on their guard when banking online."