ZeuS Trojan infection prompts University of Oklahoma to act
|
Date Reported:
6/24/10
Organization:
University of Oklahoma
Contractor/Consultant/Branch:
None
Location:
Victims:
Students
Number Affected:
Undisclosed
Types of Data:
"names and Social Security numbers"
Breach Description:
"NORMAN, Okla. -- The University of Oklahoma is warning students about a security breach that may put their personal information at risk." A laptop was found to be infected with a Trojan that could have led to the disclosure of sensitive information.
Reference URL:
KOCO.com
Report Credit:
KOCO.com
Response:
From the online source cited above:
NORMAN, Okla. -- The University of Oklahoma is warning students about a security breach that may put their personal information at risk.
The university said its Information Technology department noticed unusual Internet activity on a laptop computer associated with its network.
[Evan] The university's Information Technology department deserves some credit for detecting and investigating this unusual Internet activity. Do you actively track outbound Internet connections from your networks? You might be surprised at what you find!
It said it determined the computer belonged to an employee and was infected with a virus known as Zeus or Z-Bod.
[Evan} ZeuS (and all of its variants) has been a pain in the rear since it first cropped up in mid-2007. Brian Krebs has written some excellent articles related to the pest, and the ZeuS Tracker web site (you'll have to add a certificate exception) has some interesting statistics. According to ZeuS Tracker, there are currently 683 command and control servers online, and anti-virus detection rate of less than 50%. A formidable foe indeed.
The university said the virus can export information to other servers for improper use.
The employee's laptop had access to computer files that contain student names and Social Security numbers.
The school said the employee was told to stop using the computer.
OU officials said they are not aware of any instances of identity theft or similar problems as a result of the breach, but they said they can't be certain that student information was not compromised.
It advised students to check bills and credit card transactions to make sure no fraud has occurred.
The university said it has notified law enforcement and will install new virus-fighting software on all employee computers to help combat the problem.
Commentary:
It's hard to blame the University of Oklahoma for this breach given the small number of details that we have available. The ZeuS Trojan is hard to prevent against and detect. The protection strategies can be complex. We would be very interested in hearing what you do to protect against the ZeuS Trojan (and similar). Kudos to the University of Oklahoma for detecting this infection and alerting those who may be potentially affected. School officials probably could have brushed this under the rug without anyone knowing.
Past Breaches:
Unknown
Posts Atom 1.0
Comments