The University of Waikato - Te Whare Wānanga o Waikato
ICT Self Help
Home Waikato Home  >  ICT Self Help  >  Information Security Awareness  >  Latest Security Alerts Staff + Students Login |  - Logout

Latest Security Alerts

Copyright phishing email targeting academics

It has been reported that the academic staff received emails claiming ‘alleged copyright violations in classroom’ from what appears to be (but is not) a US law firm. The email comes with an attachment '' which contains a pdf file named 'Details.pdf. This pdf contains a script which displays a popup saying the user needs to get and additional font in the ‘Legal MT Font Family’.  If a user google the “Legal MT” font, it takes him to a malicious website contains malware download. The advantage here is that the spammer doesn’t have to send malicious file which would then be highly likely to be blocked by the Google spam services.

The email text contains some kind of law suit warning and the sender domain is which is a close match to the legitimate law firm

Staff are reminded to be vigilant about opening suspicious or unexpected emails containing links or attachments.

An example of the current campaign received by academics is as shown:


Pursuant to Title 17 of the United States Code and International Copyright treaty


February 20, 2016

This law firm represents Digital Canvas Inc. If you are represented by legal counsel, please direct this letter to your attorney immediately and have your attorney notify us of such representation.

We are writing to notify you that your unlawful use of copyrighted infographic chart infringes upon our client's exclusive copyrights.  Accordingly, you are hereby directed to


All copyrightable aspects of the infographic chart are copyrighted under United States copyright law and Digital Canvas Inc. is the owner of such copyright. Under United States copyright law Digital Canvas Inc.'s copyrights have been in effect since the date that the material was created.

One of your student has bought this to our attention and provided necessary evidence, that you have been using our client's infographic chart within your classroom material. Evidence includes photos of you presenting the unlawfully copied infographic chart in a classroom. We have also obtained and preserved as evidence, a copy of your presentation slides which contain an unlawful copy of our client's infographic chart [see attachment]. Your actions constitute copyright infringement in violation of United States copyright laws.  Under 17 U.S.C. 504, the consequences of copyright infringement include statutory damages of between $750 and $30,000 per work, at the discretion of the court, and damages of up to $150,000 per work for willful infringement.  If you continue to engage in copyright infringement after receiving this letter, your actions will be evidence of "willful infringement."

We demand that you immediately (A) cease and desist your unlawful copying of our client's infographic chart and (B) provide us with prompt written assurance within ten (10) days that you will cease and desist from further infringement of Digital Canvas Inc.'s copyrighted works.

If you do not comply with this cease and desist demand within this time period, Digital Canvas Inc. is entitled to use your failure to comply as evidence of "willful infringement" and seek monetary damages and equitable relief for your copyright infringement. In the event you fail to meet this demand, please be advised that Digital Canvas Inc. has asked us to communicate to you that it will contemplate pursuing all available legal remedies, including seeking monetary damages, injunctive relief, and an order that you pay court costs and attorney's fees. Your liability and exposure under such legal action could be considerable.

Before taking these steps, however, my client wished to give you one opportunity to discontinue your illegal conduct by complying with this demand within ten (10) days. Accordingly, please sign and return the attached Agreement within ten (10) days to

Traverse Legal, PLC

810 Cottageview Drive, G20

Traverse City, Michigan, US 49684

CryptoWall Ransomware Campaign Impacting New Zealand organisations - 19 March 2015

In recent months, it has been observed that the CryptoWall ransomware campaign through email is on rise. The CryptoWall ransomware is a Trojan horse that encrypts files on the compromised computer and then prompts the user to purchase a key in order to decrypt them.  The CryptoWall ransomware infects the Windows based Operating Systems only. The authors of these malicious threats have a very strong financial motive for infecting as many computers as possible, and have put substantial resources into making these threats prevalent.  New variants are seen all the time and these threat are impacting New Zealand organizations.

These CryptoWall Ransomware Campaign emails would contain an attachment that, when opened, infects the computer. These .zip attachments contain executables that are disguised as PDF files: they have a PDF icon and are typically named something like FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and trick victims into opening them.

The current campaign is using a "Resume" theme with a zip file attachment containing a malicious JavaScript file.

An example of the current campaign received by University staff is as shown:

ransomware email

Please see NCSC Security Advisory and recommendations to mitigate this threat.

SSL v3 Vulnerability aka Poodle Vulnerability - 17th Oct 2014

SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users' private information.

This week, Google researchers announced a bug in the SSL 3.0 protocol aka Poodle vulnerability . The exploit could be used to intercept critical data that's supposed to be encrypted between clients and servers.

It is a protocol flaw, not an implementation issue. To stay secure on internet, you may disable SSL v3 on your browsers.


To test if your browser is vulnerable: Open the webpage . If you can connect, then your client supports SSLv3.

Okay, so how do I disable SSLv3?

Firefox browser

Open about:config ( type about:config in the Location Bar (address bar) and press Enter to display the list of preferences) , find security.tls.version.min and set the value to 1 . Then restart your browser to drop any open SSL connections.


Firefox from version 34 onwards will disable SSLv3 by default and thus require no action.

Google Chrome

Right click the Google Chrome shortcut on the desktop.


Click Properties from the drop-down menu. You will see the properties menu for the shortcut to Google Chrome.


Click inside the "Target" box and scroll all the way to the right (past the quote (")). Enter --ssl-version-min=tls1 Click " OK " on the properties menu. When asked for administrator permissions, click " Continue ".


Click " OK " on the properties menu. When asked for administrator permissions, click " Continue ".


Internet Explorer

To disable SSLv3 in Internet Explorer on Windows Vista and newer, uncheck the "Use SSL 3.0" box on the "Advanced" tab in the Internet Options program.

Launch " Internet Options " from the Start Menu. Click the " Advanced " tab. Uncheck " Use SSL 3.0 "

IE config

Click " OK "

Gameover Zeus: The advanced financial fraud Trojan - 6 June 2014

Staff are reminded to be vigilant about their computer's virus protection. The alert follows the latest threat from the Gameover Zeus computer virus. This malicious software installs itself on a computer when you click on a link in an unsolicited email or via a website. The virus will attempt to harvest banking information or encrypt information on your PC and hold you to ransom to release the encryption.

The University's Symantec AntiVirus will detect and block the virus. Although virus definitions on University-based PCs (desktop computers) are automatically updated, you are encouraged to check your machine's status in the taskbar on the bottom of your screen – if there is a green dot on the Symantec shield your anti-virus software is up to date. If there is no green dot, please contact the ITS Service Desk on extn 4008 immediately. The Symantec Endpoint Protection client status icons is as follow.


If you use a University-supplied mobile device or laptop, please ensure this is connected to the internet regularly to enable the latest protection updates to be downloaded.

To protect your home computer - make sure you have anti-virus software installed and the virus definitions are kept up to date.

<< Information Security Awareness  |  Passwords >>


How To Guides

Your step by step guide to various ICT services.

Help & FAQ's

View FAQs on our available topics.

Policy & Standards

View documented policies & procedures.

ICT Glossary

Site Map