Trojan outbreak on a College Campus
One of our readers just advised us that the college that he is associated with has had a major outbreak of
Trojan.Win32.Scar.bwgf (Kaspersky). Michael reported:
"We are now in major clean up mode. All the file servers have been removed from the network to prevent further spread.
their word document would actually be infecting themselves with the virus."
Michael asked if we had received any other reports of infection from this Trojan. A quick look on Google it appears that some variation of this has been around for a while.
It looks like his campus may be dealing with an updated version.
If anyone else is seeing any activity for this Trojan give us a shout. Thanks Michael for reporting this to us.
Deb Hale Long Lines, LLC
Comments
dsh
Mar 18th 2010
1 decade ago
nyt
Mar 18th 2010
1 decade ago
Lost race?
Bitwiper
Mar 18th 2010
1 decade ago
dsh
Mar 18th 2010
1 decade ago
Removing the file servers early prevented it's spread via shared directories.
Infection vector was likely either web-based, USB-drive, or laptop (mail gateway would have killed it). Current AV vendor (not Kaspersky) didn't detect it on either server or client. Cleanup involved new server AV product, finding&purging infected files, and un-hiding the original directories before restoring file servers. Still waiting on workstation AV vendor to provide update for full protection.
Key lessons would be:
-rethink lowest bidder AV (and this is considered an "enterprise" product)
-different vendors on server & client is a good thing
-viruses that can rename/hide/damage files can be bad even if the server is protected
D
Mar 18th 2010
1 decade ago
There is a constant flood of new variants of probably functionally the same malware, released with the sole intention to bypass AV-detection.
Although the time spent by AV-companies to collect, analyze and create a detection pattern for malware may be impressive, statistically some of their customers will get "hit" by fresh malware before their AV detects it.
As a consequence AV detection pattern files keep growing in size rapidly. As are AV memory usage and CPU load in your PC - used for the pattern matching process when scanning files, slowing down our PC's. When will we reach the point (presumed we haven't yet) that AV is too much of a burden compared to the chance of saving our day?
My apologies for not immediately clarifying my point.
Bitwiper
Mar 18th 2010
1 decade ago