[WARNING] Emails with a virus (Emotet) that impersonates the name of a real faculty member
Since June 13 (Mon.), an e-mail with a virus (Emotet) that impersonates the name of an actual faculty or staff member appears to have been circulating. The following text has been confirmed (other text may also exist). This is caused by a virus called Emotet, which, after infection, collects user account information, passwords, address books, and other information, which may lead to unauthorized access to the school's systems and information leakage.
- The email comes with an encrypted zip file attached, which can be opened with the password in the email, and the user is infected by opening the Office file contained in the zip file and performing some kind of operation.
(Generally, it should be necessary to click "Enable Content" or "Enable Editing," but we have not been able to confirm this pattern in this case, so we do not make a determination.) - Although the text and the sender's name are the names of actual faculty members, the sender's e-mail address is not keio.ac.jp or keio.jp, but an e-mail address with a domain completely unrelated to Keio University. Currently, domains under com.ar and com.br are confirmed, but there may be others.
-
Encrypted Zip files are very dangerous because they slip through virus checks.
When opening attachments, be sure to check the e-mail address as well as the name of the sender of the e-mail before opening it.
In addition, if you encounter any unusual situation (e.g., a file cannot be opened properly, an empty file when opened, or abnormal termination of Office software when opened), please contact the CSIRT or ITC immediately.
[Email examples] -------------------------------------------------------------------------- Please confirm.
Archive file attached to email: ************.zip Password: **********
[Names of actual faculty and staff] Tel [Phone number] Mobile [Phone number] Mail [Email address]
> ----Original Message----- > On Mon, Jun 13, 2022 at 01:39 wrote: Aw: [Names of actual faculty and staff] ........... --------------------------------------------------------------------------
Last-Modified: June 14, 2022
The content ends at this position.