Intercom

intercom home  |  advanced search  |  about intercom  |  alerts  |  faq  |  help     Search Intercom

sections

News and Notices
Lectures and Presentations
Arts and Performances
Learning Opportunities
Kudos
News for Faculty
News for Staff
News for Students
Student Organizations
HR News
Comings and Goings
Technology
Archive

Windows Computing Virus Update - What Happened and What We Did

Contributed by Beth Rugg on 08/11/11 

Print

Early Friday morning, 8/4/11, ITS noticed unusual traffic on our computing network. We were able to quickly determine that a trojan (type of computer virus) was affecting some computers on the network. ITS immediately asked Windows computer users not to log onto their computers to try and stop the spread of this infection. Those of you on campus, are aware of what followed. Here's the rest of the story.

A trojan is a computer program that appears legitimate, but performs some illicit activity when it is run. On Friday, computers that were infected acted as servers that then provided bad information to other computers. Other computer users were then prompted via a web page to do an upgrade that would then infect the computer. (See recent Intercom notice)

All college-owned computers are protected with McAfee Total Endpoint Protection security package. But, since we seem to have experienced a "zero day" outbreak for a new variant of a virus, the protection had not been updated for this variant. A similar thing happens in the real world with the flu - we get inoculated against what we think will happen but if the flu variety changes, the inoculation may not be effective. On Friday, ITS computer forensics staff immediately started to analyze and get vendor assistance with identifying how the trojan worked, how it spread and what we needed to do to get machines cleaned. Once we knew what to look for, we called individual departments and brought computers online slowly so we could respond quickly if the infection spread. In the end, the infection was contained to a handful of computers.

So, despite the "bad browser page - upgrade now notice" the best way to protect your computer is to keep your computer up to date with operating system and application patches. But, be suspicious, if the grammar doesn't seem correct or if the methodology is "different" call the Helpdesk. Additional computer security information is available on our security web pages.

As a reminder, these resources provide computer system information:

  • ITS Helpdesk Alert mailing list
  • ITS System Status Line, 607-274-1000, press 1
  • ITS System notice web page, www.ithaca.edu/its
  • If there is an unplanned outage for an extended amount of time, we may send an all campus voice mail

Information about these resources is available at https://www.ithaca.edu/its/help/helpdesk/sysalerts/

Many thanks to you for working with us to combat this problem; on-campus Windows users lost a few hours of time but the outcome could have been much more severe!

Beth Rugg
Assistant Director, User Support Services
ITS

Topic: Archive
Windows Computing Virus Update - What Happened and What We Did | 1 Comments |
The following comments are the opinions of the individuals who posted them. They do not necessarily represent the position of Intercom or Ithaca College, and the editors reserve the right to monitor and delete comments that violate College policies.
Windows Computing Virus Update - What Happened and What We Did Comment from mbrown on 08/15/11
I greatly appreciate ITS staff taking the time to let system users know "the rest of the story" about the two most recent network system problems. The notifications and status updates via the emergency alert system were also very much appreciated, especially when network system access was difficult. Thanks, folks!