Commonwealth Office of Technology

• Security Home
  • Security Main Page
• Alerts
  • Security Alerts
• Policies
  • Security Policies
• Anti-Virus Info
  • Anti-Virus Info
• Newsletters & Info
  • Cyber Security
  • Cyber Security Awareness
  • Security FAQ
  • Video: Public Folders
• Additional Resources
  • Security Forms
  • Security Links
  • COT Responsibilities

COT Security Alert - November 20, 2006

From: Hanna, Kathy (COT)
Sent: Monday, November 20, 2006 11:04 AM
To: COT Constitutional CIO Security Contacts; COT Cabinet CIO Security Contacts; CTC Members

Cc: COT Exchange Administrators; COT Security Alert Contacts; COT Security Contact COT-Support; COT Security Contact Pass; COT Security Contact Self-Support; COT Technical Contacts; SecurityContacts Group

Subject: COT Security Alert - Emergency DAT file released

COT Security Alert

---

An emergency DAT file was released by McAfee Friday afternoon to detect a new variant of the Philis Virus, W32/HLLP.Philis.bq. Another variant of Philis has previously been found in the Commonwealth’s network.

W32/HLLP.Philis.bq is currently a Low Risk threat but McAfee Avert Labs is concerned that this threat will spread globally.

W32/HLLP.Philis.bq is a file infecting virus. Infection starts with manual execution of the binary. For spreading, the virus also relies on improperly configured/protected (open) shared drives. It is also responsible for dropping a .DLL file, which downloads a password stealing trojan from a website. This variant was first discovered on 11/17/2006. The Symantec alias for this virus is W32.Looked.O. Further information about W32/HLLP.Philis.bq is located at: http://vil.nai.com/vil/content/v_140922.htm

If you feel you have been infected with the virus or your computer has been compromised, please contact your network administrator promptly. COT advises network administrators to update anti-virus protection software often. New dat files are available daily for download, they can be found at McAfee's website. They are also available on the COT Security website for download.

NOTICE: COT is providing this information so that you are aware of the latest security threats, vulnerabilities, software patches, etc. You should consult with your network administrator or other technical resources to ensure that the appropriate actions for these alerts are followed. If you are a network administrator and need additional information, please call the Help Desk at 502.564.7576.

Security Administration Branch
Division of Technical Services
Commonwealth Office of Technology
1266 Louisville Rd., Perimeter Park
Frankfort, KY 40601
COTSecurityServicesISS@ky.gov
http://technology.ky.gov/security/