don't open

3 views
Skip to first unread message

Glenn Hampson

unread,
Mar 1, 2018, 10:57:55 AM3/1/18
to osi20...@googlegroups.com, OSI Summit Group, SCI...@listserv.nsf.gov, SCIT...@list.nih.gov, rsc...@googlegroups.com, scholcom...@lists.ala.org, Loet Leydesdorff, Jo De, ju...@twomentor.com, Abel L. Packer, Richard Gedye

Hi Folks,

 

Please don’t open the latest email from me with a Word attachment. Apparently my address has been hijacked---I’ll work on this immediately today. I’m so sorry about this---I’m running all the latest versions of Microsoft Office and have active virus protection running. Nevertheless, it’s 7:45 a.m. here in Seattle and I turned on my computer to find that this email has gone out to many people and lists. Those who know me know that I’m never that brief---never open an email from me with fewer than 500 words 😊

 

Best,

 

Glenn

 

 

Glenn Hampson
Executive Director
Science Communication Institute (SCI)
Program Director
Open Scholarship Initiative (OSI)

osi-logo-2016-25-mail

2320 N 137th Street | Seattle, WA 98133
(206) 417-3607 | gham...@nationalscience.org | nationalscience.org

 

 

image001.jpg

Glenn Hampson

unread,
Mar 1, 2018, 1:56:46 PM3/1/18
to osi20...@googlegroups.com, OSI Summit Group, SCI...@listserv.nsf.gov, rsc...@googlegroups.com, scholcom...@lists.ala.org, Loet Leydesdorff, Jo De, ju...@twomentor.com, Abel L. Packer, Richard Gedye

Hi Folks,

 

After a little more digging here, I think a number of the lists in our communities (more than just those cc’d above) may have been exposed to the Usrnif trjoan phishing virus. Here’s a description of it---it’s very malicious: https://www.hipaajournal.com/ursnif-trojan-spear-phishing-emails/. The Word document---if it’s opened and if your computer isn’t running anti-virus software at the time---can rewrite the code on your computer that allows keystrokes to be intercepted, ransomware to be installed, and other things to miserable to mention.

 

Make sure to run a security scan on your computer (and make sure your security definitions are up-to-date), and to always open Word docs in preview mode unless you’re sure about them. A security scan should detect and disable the usrnif trojan, but if you opened this doc and aren’t running anti-virus software, the damage this trojan can cause may need to be repaired. If you have an IT department, let them know right away and they can help (the affected files can be repaired).

 

This virus seems to be running off a server somewhere and not off a laptop---mine is clean and my email address was spoofed, not stolen. I spoke with the folks at GoDaddy today, who manage our web and email services, and it’s not them---there are no red flags on our account or other reports of this happening with GoDaddy accounts. If this happens to you as well, this virus will send out replies to emails from about a month ago, cc’ing everyone on those chains. In this particular attack, the virus attempted to post to Wikimedia lists, open source lists, library lists, and more, but was rejected in many instances due to a lack of posting privileges.

 

Anyway, that’s the scoop for now. If this happens to anyone else, please get your IT people involved asap in order to keep this from spreading.

 

Sincerely,

image001.jpg
Reply all
Reply to author
Forward
0 new messages