BreachExchange mailing list archives
(wtop.com) Fwd: NOTICE OF HACKING INCIDENT AND POSSIBLE MALWARE ATTACK (fwd)
From: security curmudgeon <jericho () attrition org>
Date: Tue, 14 May 2013 17:49:50 -0500 (CDT)
-------- Original Message -------- Subject: NOTICE OF HACKING INCIDENT AND POSSIBLE MALWARE ATTACK Date: Sun, 12 May 2013 11:02:41 -0600 From: WTOP <website () community wtop com> Reply-To: Hubbard Radio, DC <reply-fecc167275600d7f-28697_HTML-79048353-1066862-0 () community wtop com> To: To view this email as a web page, go here. http://click.community.wtop.com/?qs=[..] Forward to a Friend http://click.community.wtop.com/?qs=[..] | Unsubscribe http://click.community.wtop.com/?qs=[..] WTOP *WTOP SPECIAL MESSAGE* Dear WTOP.com User, You are receiving this notification because you registered on WTOP.com sometime since 2006 (most likely to receive an email alert or to make comments on our website). _Please read this entire message. It contains important security information._ We recently learned that WTOP.com was the victim of a cyber attack. Upon discovery, we immediately launched an investigation, removed malicious code and notified federal law enforcement officials of the incident. _If you accessed the WTOP.com website approximately between May 5 and May 7, 2013_, your computer may have been infected with malware. If you accessed the site recently, you should run your security software and perform a malware scan on your computer. For more information, see our Frequently Asked Questions which are posted below. In addition, during the cyber attack, our database of WTOP.com emails and passwords may have been compromised. We have no evidence yet that your WTOP.com username and password were taken. We do not have any social security numbers or credit card numbers in our database. The only information we have is the WTOP.com username and password and possibly your address and phone number if you provided it. However, the security of our listeners' information is of utmost importance to us and, out of an abundance of caution, we want to provide you with the following information on steps we have taken to keep your information secure. _The following applies to all WTOP.com community members._ As a precaution, we have reset your password. You will be asked to reset your password the next time you log in. You may also reset your WTOP.com password here: https://www.wtop.com/public/member/password_send <http://click.community.wtop.com/?qs=[..]> We also recommend that you immediately change other accounts that you have established using the same username and/or password to keep secure any information you have placed on those sites. This is particularly important if you use your email address as your username. More information on best practices for online privacy and security, and the use of passwords can be found here. (http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts <http://click.community.wtop.com/?qs=[..]>) We take your privacy very seriously and are taking steps to prevent similar occurrences. We apologize for any inconvenience that this has caused. If you have questions or need additional information, please contact us at moreinfo () wtop com <mailto:moreinfo () wtop com>. Regards, Joel Oxley Senior Regional Vice President WTOP and Federal News Radio ------------------------------------------------------------------------ Frequently Asked Questions 1. How do I know if my computer was infected? The malware attack targeted the Internet Explorer browser. If you accessed WTOP.com or FederalNewsRadio.com from Internet Explorer recently, you may have been infected. While other browsers may not have been directly infected, the malware may have still installed a cookie on your browser. We urge everyone to clear their cookies and browser cache <http://click.community.wtop.com/?qs=[..]> no matter what browser they have been using to access FederalNewsRadio.com and WTOP.com, and to do a full virus scan on their machine (see instructions below). An infected machine may exhibit some or all of the following behavior: 1. Active programs will be shut down. 2. Fake virus scanner, often labeled "Internet Security," will automatically open and run. 3. Inability to open or access any programs or applications. Attempting to do so may result in a fake virus warning. 4. Periodic pop-ups displaying a fake warning and/or prompting the user to purchase the full product. 5. The malware (often called amsecure.exe) resides in memory and adds itself to the list of startup programs. An infected machine will likely open numerous windows with error message such as: 1. ?Amsecure.exe warning! Application cannot be executed. The file cmd.exe is infected. Please activate your antivirus software.? 2. ?Warning! Running Trial version!! The security of your computer has been compromised! Now running trial version of the software! Click here to purchase the full version of the software and get full protection for your PC!? 3. ?Attention. Suspicious software activity is detected by Amsecure.exe on your computer. Please start system files scanning for details.? 4. ?Amsecure.exe detects application that seems to be a key-logger. System information security is at risk. It is recommended to enable the security mode and run total System scanning.? 5. ?Warning! Name: taskmgr.exe. Name: C:\WINDOWS\taskmgr.exe? You may also see error messages when trying to access the Internet, such as the ones below: 1. Iexplore caused an Invalid Page Fault in module3 (the number at the end can vary) 2. The web page you requested is not available offline 3. Explorer caused an exception C06D007EH in module Sens.dll 2. What do I do if I was infected with malware? If you don?t already have an anti-virus program on your machine, download one. Some free possibilities are AVG <http://click.community.wtop.com/?qs=[..]> or Avast <http://click.community.wtop.com/?qs=[..]>. A removal tool, which may help, can be found here <http://click.community.wtop.com/?qs=[..]>. The best practice for removing malware is to download the anti-virus program to a trusted, non-infected computer instead of the computer which you believe has the virus. If you have access to a trusted, non-infected computer: 1. Download the anti-virus program and save it to a CD or flash drive. *__* 2. Reboot the infected computer. 3. As soon as you see the screen come on, begin tapping the F8 key. 4. You should soon see a menu of options. Use the arrow keys to move up and down the options list (your mouse won?t work) until the ?Safe Mode? option is highlighted. 5. Press ?Enter? to choose ?Safe Mode?. 6. After the computer is done booting into safe mode, insert the CD or flash drive that contains the anti-virus program you downloaded earlier. Navigate to the drive that contains the program. Run the anti-virus program by double clicking on it. 7. Run a full scan on the computer and have it remove any infected files. 8. Restart the computer into its regular state. If you do not have access to a trusted, non-infected computer: 1. Reboot the infected computer. 2. As soon as you see the screen come on, begin tapping the F8 key. 3. You should soon see a menu of options. Use the arrow keys to move up and down the options list (your mouse won?t work) until the ?Safe Mode with Networking? option is highlighted. 4. Press ?Enter? to choose ?Safe Mode with Networking?. 5. After the computer is done booting into safe mode, open a browser and download the removal tool from: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~FakeAV-GOJ.aspx <http://click.community.wtop.com/?qs=[..]> 6. Run a full scan on the computer and have it remove any infected files. 7. Restart the computer into its regular state. For more information visit WTOP.com <http://click.community.wtop.com/?qs=[..]> or tune to 103.5 FM. Facebook [..] ------------------------------------------------------------------------ Please do not reply to this email, as the reply will not be read. To contact WTOP Radio, please click here <http://click.community.wtop.com/?qs=[..]> WTOP Radio is located at 3400 Idaho Avenue, NW, Washington DC, 20016. Privacy Statement <http://click.community.wtop.com/?qs=[..]> This email was sent to: *[redacted]* This email was sent by: Hubbard Radio DC 3400 Idaho Avenue, NW Washington, DC 20016 United States We respect your right to privacy - view our policy <http://click.community.wtop.com/?qs=142a7bd2762dbfcb2caab8984851b60f2a0594a35fcd5a5a65d8160cf984cec2> <http://click.community.wtop.com/?qs=142a7bd2762dbfcb9698e61d47fe5af77904a5b582a63095a21a2748221ae807> Manage Subscriptions <http://click.community.wtop.com/?qs=f428cf20b44e520e63a6eb91f90431b01e25d7ed5968a62cde0d02f08174ca84> | Update Profile <http://click.community.wtop.com/?qs=f428cf20b44e520ee50ef21fe1c2cf793fe190c0885497323366e12dd718cac5> | One-Click Unsubscribe <http://click.community.wtop.com/?qs=f428cf20b44e520ea9c87fa59bf820ada9e888916551426e9f0746570f4394a3> _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- (wtop.com) Fwd: NOTICE OF HACKING INCIDENT AND POSSIBLE MALWARE ATTACK (fwd) security curmudgeon (May 15)