Performance: Messaging Malware Attack Block: usps.com
Last Updated:
2011-10-17 04:00:00
Event:
2011-10-17 04:00:00
Status:
Closed
Brief Description:
User Impact:
N/A
Workaround:
There is no workaround for this issue
Current Status:
N/A
Services Affected:
Full Description:
This morning CIT Messaging staff blocked a large-scale mail attack purporting to be from addresses at usps.com, carrying malware that could infect client machines. Since it is impossible to distinguish these forged addresses from legitimate usps.com addresses, no mail from usps.com is currently getting through. This action was necessary to protect the Cornell mail system and other IT systems from the attack.
CIT TDX ID:
Timeline of Changes
| Description | Current Status | Date | Time |
|---|---|---|---|
| We will restore incoming mail from legitimate usps.com addresses as soon as we have a way to do so. | We will restore incoming mail from legitimate usps.com addresses as soon as we have a way to do so. | 2011-10-17 | 04:00:00 |
| The CIT Exchange Admins are still investigating this\nproblem and continue to monitor the issue.\n | The CIT Exchange Admins are still investigating this\nproblem and continue to monitor the issue.\n | 2011-10-17 | 04:00:00 |
| The complete block of any email with a @usps.com \naddress has been lifted. We have isolated the \nappropriate information and we are blocking solely on \nthat. Initially due to the volume and variants of the \ninfected email it seemed prudent to block all @usps.com \ntraffic, even though almost all of it was already being \nblocked by our normal systems. We apologize for any \ninconvenience this may of caused. | The complete block of any email with a @usps.com \naddress has been lifted. We have isolated the \nappropriate information and we are blocking solely on \nthat. Initially due to the volume and variants of the \ninfected email it seemed prudent to block all @usps.com \ntraffic, even though almost all of it was already being \nblocked by our normal systems. We apologize for any \ninconvenience this may of caused. | 2011-10-17 | 04:00:00 |