Computers are being infected with an email exploit that falsely appears to come from a Yale University professor. Readers are asked to help catch a graffiti vandal by asking them if they recognize the vandal's work. A link in the email supposedly takes the reader to a picture of the graffiti, but in fact downloads malicious code into their computers.
The email appears to have been sent by university professor Robert Gordens, who surprisingly doesn't exist. In addition to the sender's name, the email headers have been spoofed to look like it came from yale.edu. In the email readers are told that to help catch the perpetrators of a New Year's graffiti spree on the campus and are provided with a link showing the graffiti. "Gordens" asks the readers to click the link and report back if they recognize the work.
The forged emails have infected many computers, including some in the Yale University network. The attack takes advantage of the way Windows handles WMF - Windows Media Files. Discovered in late December, several computer security firms and even Microsoft themselves call it a critical vulnerability. Microsoft recently released a protection patch for Windows users.
Yale University has started to block entire IP subnets in order to slow the internal spread of the emails.
