Early Friday morning, 8/4/11, ITS noticed unusual traffic on our computing network. We were able to quickly determine that a trojan (type of computer virus) was affecting some computers on the network. ITS immediately asked Windows computer users not to log onto their computers to try and stop the spread of this infection. Those of you on campus, are aware of what followed. Here's the rest of the story.
A trojan is a computer program that appears legitimate, but performs some illicit activity when it is run. On Friday, computers that were infected acted as servers that then provided bad information to other computers. Other computer users were then prompted via a web page to do an upgrade that would then infect the computer. (See recent Intercom notice)
All college-owned computers are protected with McAfee Total Endpoint Protection security package. But, since we seem to have experienced a "zero day" outbreak for a new variant of a virus, the protection had not been updated for this variant. A similar thing happens in the real world with the flu - we get inoculated against what we think will happen but if the flu variety changes, the inoculation may not be effective. On Friday, ITS computer forensics staff immediately started to analyze and get vendor assistance with identifying how the trojan worked, how it spread and what we needed to do to get machines cleaned. Once we knew what to look for, we called individual departments and brought computers online slowly so we could respond quickly if the infection spread. In the end, the infection was contained to a handful of computers.
So, despite the "bad browser page - upgrade now notice" the best way to protect your computer is to keep your computer up to date with operating system and application patches. But, be suspicious, if the grammar doesn't seem correct or if the methodology is "different" call the Helpdesk. Additional computer security information is available on our security web pages.
As a reminder, these resources provide computer system information:
Information about these resources is available at https://www.ithaca.edu/its/help/helpdesk/sysalerts/
Many thanks to you for working with us to combat this problem; on-campus Windows users lost a few hours of time but the outcome could have been much more severe!
Beth Rugg
Assistant Director, User Support Services
ITS
https://www.ithaca.edu/intercom/article.php/20110810084232998