Important Security Alert for Users of HBCU Connect!

Irma, I monitor all attempts made to break into my system. The attack came from ConnectPlatform, which is why I say BIA may also be compromised. The report I linked to references HBCU Connect, but it is just that, a report. I believe any site run by ConnectPlatform could be at risk as well, even if not listed on the Google report. I need to step away for a little while. I think you should send a message to all on your friends list. My friends list is rather short.

Considering the risk to one's computer, It is worth checking out !

Still waiting for Reggie's reply. I obviously don't want to go to the HBCU site to report the problem, even though I'm pretty confident of my system security, since I run Linux. But here's what I'm worried about. I have two firewalls, one on my router, and one on my PC. It's the one on my PC that detected the intrusion. But the fact that it got behind my router firewall, and was trying to set up a connection on a non-standard port (47972) tells me that it first installs some program through the trusted web interface, and then communicates with that program over port 47972 (or whatever port it chooses). This is likely to be a program designed to run under Windows, though it is possible the attackers would have designed a version for Linux as well. The best advice I can give is to run your anti-virus and anti-spyware tools to see if anything has been put on your system already, because that happens first before the external program contacts it for whatever information it's trying to get. What I'm saying is that many members may already have the malicious software on their system, even if they don't visit HBCU again until the problem is fixed.

Adam, I run my anti-virus software frequently and no malicious activity or references has been reported from ConnectPlatform or any of its affiliated sites...are you sure any site ran by Connect Platform could be at risk?

Siebra,

I only know that what alerted me was an attempted TCP connection from connectplatform.com on a non-standard port #. I have tools on my Linux system to detect and track the origin of these suspicious activities. When I went to report it (the support contact is only on hbcuconnect.com, as you know) I then found the Google advisory I linked to in the initial post above.

Only administration can tell us if BIA might also be at risk. I suppose I could also try contacting Mr. Moss, and Dante doesn't seem to read his PMs. So if you know anyone in the support group you could go to directly (wouldn't recommend going through hbcuconnect until this is sorted out), please do point them here.

I would also run your anti-spyware as well as anti-virus. My PC was not infected, but I don't use Windows, and that's what nearly 100% of attacks target.

Jake, I'm quite sure the attempted connection came from connectplatform.com. My system is very secure, I'm not worried about that. I am concerned for other members who might not have a secure system. If you go to the Google advisory you'll see this, among other information:

"Over the past 90 days, hbcuconnect.com appeared to function as an intermediary for the infection of 26 site(s) including lasdominicanas.com/, blackinfluence.com/, blackfaculty.com/."

Here is another access attempt blocked by my firewall.

Time: Oct 25 13:20:35 Source: 216.75.224.98 Destination: 192.168.1.3 In IF: eth1 Out IF: Port: 80 Length: 72 ToS: 0x00 Protocol: ICMP Service: HTTP

In this case it uses port 80 to send a ICMP request. This in itself is valid, but what information is it after? I am not saying this has anything to do with connectplatform. It may or may not. But it is to show there are things going on that most users don't know about.

So with the following command I can trace back to where the request came from:

host 216.75.224.98
98.224.75.216.in-addr.arpa domain name pointer wiline-fe1.core1.sfo1.3crowd.com.

And if you want to know the entity responsible, look here:

http://3crowd.com/

What does it mean? Don't know exactly, but it's a attempt to get some kind of information from my PC.

Update: Administration is aware of the problem and working on a fix.

Most certainly will Irma.

well.... there is a virus that is called.... Security Tool Hoa....
It invades the windows system...

Inherits control of your PC... Sets up a folder in C:Windows/Sun

I didn't detect any virus on my system, but I don't use Windows. I imagine administration has their hands full right now, but I hope they will give us a report when they're done. But this may be something that targets servers/web sites more than end users. We shall find out.

There is always some kind of spy material being placed on computers, it's horrible that you can't go on-line without predators invading in your personal computer files. I really think about leaving the silent world of cyper-space. Things like this really harms your trust in transit communation like social sites and even business correspondence. This is awful.

oh Miisrael everything can get caught up in the virtural worl... make sure you keep your virus protect updated and you have fire walls... never fill out those pop windows with schemes of offering you a fre trip or free cell phone or cell shone.. don't click on links from senders you do not know... just play it safe....

Thanks Cent....I try to do that, I don't allow pop-ups and I think I'm okay. Don't visit strange sites either. Good advice.

My Norton Anti-virus system detected the same thing.

Uh Oh!!!

What's killing you guys is that Goliath Microsoft. Wish I could help y'all with Ubuntu

@Adam, will you keep us updated on this matter. (smile)

Thanks (smile)

WTH??????????!!!!!!!!!!!!!!!?????????...????????...