A quick update on the Des Moines Register malware issue reported yesterday. The Register indicates that the problem was an online advertisement that contained malware. That ad has been removed. And the site is considered safe.
More information here.
According to ISU's IT Services:
The State of Iowa DAS security group sent a security alert out to State of Iowa employees regarding compromised web pages on the Des Moines Register website.
They recommended that all state employees avoid the Des Moines Register website and were blocking access to the Des Moines Register website where possible.
It is extremely likely that this malware will either install Torpig, a nasty banking Trojan, or the familiar Rogue AV software. Both malware products are intended to drain money from the accounts of victims.
Complete information is available here: http://www.it.iastate.edu/news/showitem.php?id=370
We will post an update when we have new information.
As many of you are now aware, there was a big problem that surfaced yesterday when McAfee sent out an update which caused a false positive virus detection (essentially, the McAfee anti-virus program identified a legitimate file as an infected file). This caused some XP machines to reboot continuously.
Most machines have now been fixed. Here's some additional information about what happened and why some machines were more difficult to repair than others.
What's the current fix for this problem?
You may have noticed that the instructions on this page, changed several times. This happens as we get new and better information about what the problem is and what the best solution is. Last night, McAfee released an executable file that can fix the problem automatically. So now when you go to the instruction page, you'll see just one file to download. This file can execute the previous instructions automatically.
I've followed the instructions but I can't copy the file from my USB drive to the affected computer. How can I fix this?
If you can't copy the files you need to the affected computer using a USB drive, try burning the files you need to a CD. Specific instructions can be found here.
If my machine was not affected yesterday, could I still have problems?
No. If your XP machine was working yesterday it should continue to work (the exception would be if your machine was on and you were out of the office, you may return to find that it was affected while you were gone).
The problem began when McAfee sent out an update, which caused a false positive virus detection on XP machines. However, updates do not roll out to all machines at once. As soon as ISU's IT Services was aware of the problem, they pulled the update. This meant that only some machines recieved the update. McAfee has now released a new update, which does not have the original problem.
Why did this happen and will it happen again?
One of the difficulties in anti-virus detection is that viruses are often designed to a) affect critical files on your computer and b) to fool anti-virus software into thinking that they're legitimate files. This means that anti-virus detection generally walks a very thin line between protecting you from harmful programs and not affecting any legitimate files on your computer. While it's unlikely that anything like this will happen in the future, it's possible. Currently, with the many many viruses and other malware in existence and in development, it's still worth keeping and updating your anti-virus program.
Extension IT and ISU Information Technology Services have identified a problem with McAfee VirusScan definition update 5957, released 4/21/2010. This appears to affect only Windows XP computers. The McAfee update causes a false positive virus detection, the removal of which causes the computers to reboot continuously. An update is available to resolve this problem but it requires manual, physical intervention at each computer. We are attempting to call back all affected users in the order they notified the EIT Support Hotline. Please be patient.
Repair instructions are available at www.extension.iastate.edu/forstaff/software/mcafeevirusxp.htm