Durham, NC - Duke's IT Security Office and Office of Information Technology have received reports from a group of other universities to watch out for physical phishing attempts - USB sticks or CD/DVDs that can infect a computer with damaging viruses.

Richard Biever, Duke's chief information security officer, said another university has received through interoffice mail suspicious packages containing a disc with a Trojan horse virus. The package contained a note on what appeared to be official letterhead detailing steps to install a program on the disc, which was really a virus, he said. Once installed, the virus takes screenshots of the infected computer every few seconds and uploads it to a remote command/control site. The malware masks itself as the computer's registered user and isn't picked up by antivirus software.

The phishing attack hasn't been reported at Duke, but Biever said employees should be aware in case suspicious packages are delivered. If faculty or staff members are concerned about something received through campus mail, they shouldn't insert a USB drive or disc into their computer.

"The best defense against something like this is to make sure you have updated antivirus software on your machine and be cautious if you receive a thumb drive or DVD before putting it into your computer," Biever said. "It's a common sense rule - you always want to ask the question `is this something I want to open on my computer?'"

Faculty and staff can report suspicious materials or computer behavior to the IT Security Office by calling (919) 684-2200 or emailing help@duke.edu.