On Sunday, December 27th, the University of Connecticut was the victim of an IT service compromise. University Information Technology Services (ITS) responded to the incident and corrected the changes by approximately 4:00 pm that day, although the exact time of resolution was dependent upon when Internet Service Providers updated their records.
During the compromise, users intending to visit a *.uconn.edu site were redirected to a non-university site. This external site contained dangerous software and attempted to trick users into downloading and installing malware. Masquerading as an Adobe Flash Player update, the install was actually a banking trojan, which can steal usernames and passwords. Only the Windows operating system were potentially impacted. If you downloaded the file, please follow our remediation instructions.
Also as a result of the incident, a number of University of Connecticut websites were blacklisted by the Phishing and Malware Protection features in some popular browsers. For these blacklisted sites, the browsers display a warning message instead of going directly to the site. Even though the redirection is corrected and the University never hosted the malware on its servers or websites, some sites continue to be blacklisted. ITS has requested the removal of all blocked UConn sites and will continue to pursue this process and any alternatives until all of the sites have been removed, and remain removed, from the blacklists.
The following instructions are provided to help you get remediation assistance in the event you downloaded or installed the malware that masquerades as Adobe Flash Player.
Detection and Remediation Instructions for individually owned computers (ie. UConn Students, personal home computers)
File Downloaded but not installed:
- Delete the file from your /Downloads directory
- Empty the Recycle Bin
File Downloaded and installed:
- Delete the file from your /Downloads directory
- Empty the Recycle Bin
Windows 7
- Download Microsoft Security Essentials.
- Ensure your virus/malware definitions are current.
- The tool will detect the virus as Trojan:Win32/Dynamer!ac
- Microsoft Security Essentials indicates that it will remove the malware. However, given the potential impact of the malware, and the inability to guarantee that all malware components will be successfully removed, we strongly recommend formatting your computer and reinstalling your operating system.
- The University of Connecticut cannot provide format or installation instructions.
Windows 8 and 10
- Windows Defender is installed on Windows 8 and 10.
- Ensure your virus/malware definitions are current.
- The tool will detect the virus as Trojan:Win32/Dynamer!ac
- Windows Defender indicates that it will remove the malware. However, given the potential impact of the malware, and the inability to guarantee that all malware components will be successfully removed, we strongly recommend formatting your computer and reinstalling your operating system.
Computer Formatting Instructions
Many anti-malware software programs, including those listed above, are now detecting and removing the malware. An alternative to relying on one of these programs is to re-format your computer and re-install Microsoft Windows from media, which will guarantee removal. The following bullets are intended to provide some context surrounding the re-installation, but are not comprehensive.
- Restart your computer and have it boot from the location where your install media is located
- Windows will install setup files and launch the windows installer which will guide you through some basic questions
- When prompted for the install location please remove and recreate your partitions and select the re-format option
If you have any questions, contact the ITS Help Desk at helpcenter@uconn.edu or call 860.486.4357.
Detection and Remediation Instructions for Windows Workstations Enrolled in Managed Workstation
File Downloaded but not installed:
- ITS is scanning all desktops and will remove the downloaded malware from your computer automatically.
File Downloaded and Installed:
- ITS has installed Microsoft System Center Endpoint Protection software on all Windows computers it manages. The software will scan your machine and report to our desktop support technicians if your computer is infected.
- If the computer is infected you will be contacted by ITS to:
- Change your University NetID password
- Schedule a time to have your computer reformatted.
If you have any questions, contact the ITS Help Desk at helpcenter@uconn.edu or call 860.486.4357.
Detection and Remediation Instructions for Windows Workstations supported by Departmental IT
File Downloaded but not installed:
- Delete the file from your /Downloads directory
- Empty the Recycle Bin
File Downloaded and Installed:
- Delete the file from your /Downloads directory
- Empty the Recycle Bin
- Change your University NetID password
- Install the Microsoft System Center Endpoint Protection software.
- Ensure your virus/malware definitions are current.
- The tool will detect the virus as Trojan:Win32/Dynamer!ac
- Contact your departmental IT support to have your computer backed up and reformatted.
If you have any questions, contact the ITS Help Desk at helpcenter@uconn.edu or call 860.486.4357.