University of Connecticut

Author Archives: jep02011

Incident Update and Remediation Instructions

On Sunday, December 27th, the University of Connecticut was the victim of an IT service compromise. University Information Technology Services (UITS) responded to the incident and corrected the changes by approximately 4:00 pm that day, although the exact time of resolution was dependent upon when Internet Service Providers updated their records.

During the compromise, users intending to visit a *.uconn.edu site were redirected to a non-university site.  This external site contained dangerous software and attempted to trick users into downloading and installing malware. Masquerading as an Adobe Flash Player update, the install was actually a banking trojan, which can steal usernames and passwords.  Only the Windows operating system were potentially impacted.  If you downloaded the file, please follow our remediation instructions.

Also as a result of the incident, a number of University of Connecticut websites were blacklisted by the Phishing and Malware Protection features in some popular browsers. For these blacklisted sites, the browsers display a warning message instead of going directly to the site. Even though the redirection is corrected and the University never hosted the malware on its servers or websites, some sites continue to be blacklisted. UITS has requested the removal of all blocked UConn sites and will continue to pursue this process and any alternatives until all of the sites have been removed, and remain removed, from the blacklists.

 

The following instructions are provided to help you get remediation assistance in the event you downloaded or installed the malware.

Detection and Remediation Instructions for individually owned computers (ie. UConn Students, personal home computers)

File Downloaded but not installed:

  • Delete the file from your /Downloads directory
  • Empty the Recycle Bin

File Downloaded and installed:

  • Delete the file from your /Downloads directory
  • Empty the Recycle Bin

Windows 7

  • Download Microsoft Security Essentials.
  • Microsoft Security Essentials indicates that it will remove the malware. However, given the potential impact of the malware, and the inability to guarantee that all malware components will be successfully removed, we strongly recommend formatting your computer and reinstalling your operating system.
  • The University of Connecticut cannot provide format or installation instructions.
  • Windows 8 and 10
    • Windows Defender is installed on Windows 8 and 10.
    • Windows Defender indicates that it will remove the malware.  However, given the potential impact of the malware, and the inability to guarantee that all malware components will be successfully removed, we strongly recommend formatting your computer and reinstalling your operating system.

Computer Formatting Instructions

Many anti-malware software programs, including those listed above, are now detecting and removing the malware.  An alternative to relying on one of these programs is to re-format your computer and re-install Microsoft Windows from media, which will guarantee removal.  The following bullets are intended to provide some context surrounding the re-installation, but are not comprehensive.

  • Restart your computer and have it boot from the location where your install media is located
  • Windows will install setup files and launch the windows installer which will guide you through some basic questions
  • When prompted for the install location please remove and recreate your partitions and select the re-format option

If you have any questions, contact the UITS Help Desk at helpcenter@uconn.edu or call 860.486.4357

Detection and Remediation Instructions for Windows Workstations Enrolled in Managed Workstation

File Downloaded but not installed:

  • UITS is scanning all desktops and will remove the downloaded malware from your computer automatically.

File Downloaded and Installed

If you have any questions, contact the UITS Help Desk at helpcenter@uconn.edu or call 860.486.4357.

Detection and Remediation Instructions for Windows Workstations supported by Departmental IT

File Downloaded but not installed:

  • Delete the file from your /Downloads directory
  • Empty the Recycle Bin

File Downloaded and Installed

If you have any questions, contact the UITS Help Desk at helpcenter@uconn.edu or call 860.486.4357.

Information Security Incident (Initial)

12/28 @ 10:11:05

Incident Details:

The University of Connecticut was the victim of an attack yesterday morning.  (more…)