Information Technology – Support & Services

Stamford International University


IT Advisory: Malware targetting Salesforce users

malware_0-100257425-primary.idge (1) users are being targeted by a new version of a computer Trojan that has typically attacked online banking customers until now.

The malware threat is called Dyre or Dyreza and came to light in June. Like most online banking Trojans, it hooks the browser process to capture log-in credentials entered by users on websites belonging to financial institutions.

The original Dyre version found in June by researchers from PhishMe and CSIS Security Group targeted the sites of Bank of America, NatWest, Citibank, RBS and Ulsterbank. However, it appears the program’s creators have recently added to the list.

“On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users,” Salesforce said in a security advisory published on its website.

“We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation,” the company said. “If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance.”

Salesforce advised customers to use the platform’s IP range restriction feature to allow access to accounts only from trusted corporate networks and VPNs. Enabling two-factor authentication via the Salesforce# mobile app and turning on SMS-based identity confirmation for log-in attempts from unknown sources is also recommended.

Dyreza is not the first malware program to target Salesforce. In February, researchers from a security firm called Adallom found a variant of the well-known Zeus Trojan that had been modified to scrape business data from compromised Salesforce accounts.


How does this affect Salesforce users at Stamford?

All business workstations (allocated by STIU) are protected by an enterprise grade Anti-virus + Firewall suite. If you have a valid copy installed on your desktop / laptop, you won’t be affected by this.

However, for those using Salesforce from personal devices are advised to do so with proper protection (legal Anti-virus installed) only. If you’re unsure whether you have a legal AV, please get in touch with the IT Support personnel.

In general, you’re advised NOT TO access the Stamford Salesforce accounts from your personal devices.

Thai version

ผู้ใช้ กำลังตกเป็นเป้าหมายโจมตีของโทรจันเวอร์ชันใหม่ ที่ปกติโจมตีแต่เพียงผู้ใช้ Online Banking คือ Dyre หรือ Dyreza ซึ่งถูกค้นพบเมื่อเดือนมิถุนายนที่ผ่านมา โดยมีเป้าหมาย คือ ขโมยชื่อผู้ใช้และรหัสผ่านของผู้ใช้งาน

เช่นเดียวกับโทรจันบน Online Banking โทรจัน Dyre จะแฝงตัวไปกับโปรเซสของเบราเซอร์เพื่อดักจับข้อมูลชื่อผู้ใช้และรหัสผ่านเมื่อผู้ใช้งานล็อกอินเข้าสู่ระบบของสถาบันการเงิน

Dyre เวอร์ชันแรกถูกค้นพบเมื่อเดือนมิถุนายนโดย PhishMe และ CSIS Security Group ซึ่งมีเป้าหมายเป็น Bank of America, NatWest, Citibank, RBS และ Ulsterbank แต่จากการตรวจสอบล่าสุดนั้น ตาดว่าแฮ็คเกอร์ได้เพิ่ม เข้าไปเป็นเป้าหมายด้วยเรียบร้อย — Salesforce ประกาศเตือนบนเว็บไซต์

“พวกเรายังไม่มีหลักฐานว่าลูกค้าที่ใช้งานอยู่ได้รับผลกระทบไปแล้วหรือไม่ ขณะนี้อยู่ในขั้นตอนรวบรวม และวิเคราะห์ข้อมูล” — Salesforce ให้ข้อมูล

Salesforce แนะนำลูกค้าให้ใช้วิธีจำกัดหมาย IP ที่สามารถเข้าถึงระบบ Salesforce ได้ เช่น เฉพาะวงเครือข่ายในองค์กร หรือ VPN เป็นต้น หรือใช้การพิสูจน์ตัวตนแบบ 2-Factor ผ่านทางแอพพลิเคชัน Salesforce# บนสมาร์ทโฟน เพื่อให้การล็อกอินเข้าใช้งานมีความปลอดภัยมากยิ่งขึ้น


Wi-Fi Users: On the “Your connection is not private” error in Google Chrome

We rolled-out an upgrade to Google Chrome recently across all campuses and ever since we’ve been receiving support requests on this strange new error message titled “Your connection is not private”.



The issue appears when you join any of our Wi-Fi networks and attempt to reach our authentication portal, where you key in your username & password.

Please do not be alarmed if you see this error. This is simply the new look of the untrusted connection error page from earlier versions of Google Chrome (see illustration below).


In earlier versions of Chrome, you’d press the Proceed anyway button to get to the authentication page. In the new version, you need to click on Advanced and then click on Proceed to x.x.x.x (unsafe) to get to the authentication page (see illustration below).


Change in Wi-Fi Network Keys

wifi63We’re pleased to announce that the ongoing work to upgrade the network infrastructure in Building 1 (Bangkok Campus) is now complete. With this upgrade & reconfiguration, you’ll be able to roam between the buildings in each campus as well as between campuses and be connected to the same Wi-Fi network seamlessly.

The network keys required for joining our Wi-Fi networks have changed. The new keys are available on request from the reception & the library. They’re also available with all IT personnel.

The following Wi-Fi networks are available for use:

  • IDENT – exclusively for use by Staff & Faculty
  • STIU-Student – all students should use this.
  • STIU-Guest – meant for guests & short-term users on campus.

For all of the Wi-Fi networks, you’ll be faced with an additional login screen where you’re required to key-in your network username & password before you can access the internet.

Schedule Network Outage at Bangkok Campus: 9th – 11th August, 2014

downtime-conesA planned network outage is scheduled at the Bangkok campus of Stamford International University – over the coming long weekend break – starting 9th of August, 2014 at 2.30pm till mid-night of 11th August, 2014.

We’re in the process of upgrading the networking equipment in Building 1 (Bangkok) and to make the equipment function harmoniously with the rest of the network, we’ll have to undergo substantial re-configuration of the entire network. During the outage, both Wi-Fi and LAN connections in all buildings of Bangkok campus will be unavailable.

Note: 9th of August is a Saturday and MBA classes continuing beyond 2.30pm will not have access to any kind of networked resources, including the internet.

Apart from the network, Software & Systems affected by this downtime are:

At the Bangkok campus

  1. All Networked Shares & Printers
  2. Hotel Management Systems: Opera PMS and Micros POS
  3. Miscellaneous IT systems

At both Bangkok & Hua-Hin

  1. Financial Management System
  2. Student Information System
  3. Library Management System

Remote hosted systems like all our websites, learning management platforms (Blackboard & eLearning), etc. will continue to function as normal.

Once we’re back online on the 11th, our entire network will start operating uniformly at Gigabit+ speed.

We apologize for the inconveniences caused and take this opportunity to thank you for your understanding and cooperation.

IT Advisory: Baidu PC Faster

This is an advisory / recommendation against a set of software applications that are collectively known as the Baidu PC Faster suite. These applications are known to cause a lot of issues with both enterprise & home users – both in terms of usability & data leak / phishing.


Baidu PC Faster it’s technically not a malware/virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.

Please make sure that your Stamford allocated laptop/desktop and/or your personal devices which connect to our WIFI Infrastructure do not contain any of these software and in case you find it installed on your system please contact us immediately at for uninstallation.

If you are using a personal devices on our network, you will need to uninstall it by yourself. However, we can provide you with guidance on the same.

Here’s the list of Baidu products which have to be uninstalled to prevent your potential loss of your personal data / phishing via Baidu:

  • BAIDU PC Faster
  • BAIDU Anti-Virus
  • Hao123
  • 555
  • Spark Browser

We will keep you posted with further updates on this.

Logging into the Stamford Network with Windows 8.1

Windows 8.1The Operating System on public workstations (library & labs) has been upgraded to Windows 8.1 over the semester break. The upgraded OS is far more stable and among other features, sports faster boot-up and shutdown times over Windows 7.

Windows 8.1 is a multi-platform OS. It is designed to work on both Workstations and Mobile Devices. The default login process is geared towards mobile devices and isn’t suitable for logging onto the Stamford network. You’re required to perform a few mouse-clicks before you get to the correct login prompt.

Step 1

Immediately after boot-up the login prompt you’re shown is meant for individual accounts on mobile devices. You need a way to switch over to Network (Domain) based login.

Windows 8.1 - Domain Login: Step 1

There’s a link named Sign-in options immediately following the login prompt. Click on the same.

Step 2

This displays the options for alternative login methods in form on “key” icons.

Windows 8.1 - Domain Login: Step 2

Click on the first key icon to continue (as indicated above).

Step 3

You’ll notice that the Stamford Domain name appears below the Password prompt. The line should read Sign in to: This indicates that you’re ready to login into our network.

Windows 8.1 - Domain Login: Step 3

Please go ahead and enter your network username/password to login.

Note: These steps are applicable to the University workstations situated in the labs & the library only. Staff users connecting to the University network via their official laptops (running Windows 7) or students connecting via their personal laptops need not undertake these steps to log in.

Direct number for the Stamford IT Helpdesk

We’re pleased to introduce a direct extension number for reaching out to the Stamford IT Helpdesk.

  1. If you’re calling from an extension within Stamford, please dial 1231.
  2. If you call from outside, please dial +66-2-7694000 Extension 1231.

TelephoneThis will be helpful for reporting IT issues when you do not have immediate access to your email – especially when you’re teaching in. An IT Team member will receive your call and log an incident report for you.

When you call, please mention your full name & email address. If you’re calling us regarding an incident that you’ve reported earlier on, please do not forget to mention your ticket number. This will enable us to avoid duplicate tickets as well as help us in providing you with an update in the status of your request.

Getting Help

Helpdesk Phone: +66-2-7694000 Ext. 2345

Helpdesk Email:

Live Support
LiveZilla Live Chat Software
LiveZilla Live Chat Software