20 February 2007

Malware infection

On a recent visit to China the PC laptop of a member of the Division’s staff became infected with a virulent form of malware: believed to be a trojan called FUJACKS.W32.

In an effort to repair the staff member’s PC, TSU staff involved attached an external hard drive to the infected computer. The hard drive became infected with the trojan, which was then unknowingly transmitted to the computer controlling the GlobeCaster vision switcher in the Television Control Room during an upgrade process. An external contractor’s PC may then have been infected with the trojan when it was connected to the GlobeCaster as a part of the upgrade process. The GlobeCaster is not connecter to the University network, particularly because the nature of the computer is such that the normal security patches shouldn’t be applied and therefore the computer is vulnerable to malware attack if it is connected to the Internet.

The staff member’s portable computer is now unusable and has had to be replaced. The GlobeCaster is currently not working, but a replacement for the controlling computer had been ordered anyway and will be installed, hopefully malware-free. We are awaiting confirmation that the trojan has not spread to other computers on the University network.

Staff should be reminded of the dangers of exposing their computers to malware attack. While measures are in place on the University network to reduce the risk (but not eliminate it entirely), attaching University computers to networks (wired or wireless) outside the campus, at home, during Conferences or at other institutions, comes with the possibility of greatly increased danger of the machine being compromised in some way. This incident is not unique: within the last month ICT Services has contacted the Division to report that a staff member’s computer that was attempting to connect securely (via VPN) to the University network from home was infected with malware. Access was denied until the computer concerned was cleaned up.

One suggestion is that people needing computers off-campus should use a Macintosh. While the Macintosh operating system is not immune to malware attack, it is more secure than Windows and there are no known malware exploits currently in circulation that would compromise a computer running Mac OS X. The Division should consider increasing the number of Macintosh portable computers available for short-term loan to accommodate this requirement.