Some clarification for you on the scheme that asked a user to download malware, when they thought they were accessing the Johns Hopkins coronavirus dashboard - a collaboration with ESRI, which is safe. Note the web URL is an https secure site
and is fine and useful to use.
See below for ESRI ‘s response about 5is, which I think Carol Baker alerted NEARC-L to (thank you, Carol!).
Reed Sims
Vermont
---------- Forwarded message ---------
From: PSIRT
<[log in to unmask]>
Date: Fri, Mar 20, 2020 at 10:12 AM
Subject: PSIRT-1206 RE: Vulnerability Issue - I got an email through the NEARC-L arc Listserve that said a link to the Johns Hopkins was malware, in a previous NEARC submission.
To: [log in to unmask] <[log in to unmask]>
Hi Reed,
Thanks for reaching out with these important questions.
The resource you've mentioned below is safe.
Users are in danger of malware infection only if they download program to their computer from an untrusted source and double-click it to launch the map.
Directly visiting the resources below with a browser is safe, as neither Johns Hopkins nor Esri/ArcGIS.com are themselves propagating this malware.
We'd recommend referring to this blog for authoritative information regarding this issue, as there are a lot of misleading media reports regarding the Johns Hopkins Corona Virus Dashboard.
