Security Alert - Sept. 20, 2006

From: Hanna, Kathy (COT)
Sent: Wednesday, September 20, 2006 11:09 AM
To: COT Constitutional CIO Security Contacts; COT Cabinet CIO Security Contacts; COT Commonwealth Technology Council

Cc: COT Exchange Administrators; COT Security Alert Contacts; COT Security Contact COT-Support; COT Security Contact Pass; COT Security Contact Self-Support; COT Technical Contacts; COT Virus Contacts

Subject: COT Security Alert-Network Infection Detected
 
COT Security Alert
 

 
An outbreak of a new variant of the PWS-Lineage Trojan is affecting the state’s network. COT has obtained a new DAT file from McAfee that can be used to detect this variant. The virus is cleaned after running the DAT file, however, reinfections have been detected once the machine has been rebooted. The source of the reinfection requires manual removal at this time. COT Staff is currently working to release a new DAT that will automatically remove the source of infection. This DAT will be released as soon as it is available. Users are instructed to immediately contact their administrators to report an infection.

In addition to the PWS-Lineage Trojan, other infections could be downloaded as well. New variants of the Philis virus have been discovered co-existing with the PWS-Lineage Trojan. McAfee has included protection for the new Philis variant in the 4855.dat. Further information on the PWS-Lineage Trojan can be found at: http://vil.nai.com/vil/content/v_130590.htm .

The DAT file is available for download on the COT Security Web site (http://cot.ky.gov/guide/anti-virus.htm) under DAT Updates. COT advises network administrators to update their anti-virus protection software as soon as possible. Network administrators need to continue to report virus outbreaks to the COT Service Desk at 502-564-7576, or email COT.ServiceDesk@ky.gov. For more information, contact COT Security Services ISS. Further updates will be released as available.

The 4855.dat file can be pushed out to computers using McAfee's ePO, if the agency is using ePO. If agency technical administrators wish to perform a manual installation of the 4855.dat, they may find it at http://www.mcafee.com/apps/downloads/security_updates/dat.asp?region=us&segment=enterprise . More information will be released as it becomes available.

NOTICE: COT is providing this information so that you are aware of the latest security threats, vulnerabilities, software patches, etc. You should consult with your network administrator or other technical resources to ensure that the appropriate actions for these alerts are followed. If you are a network administrator and need additional information, please call the Help Desk at 502.564.7576.

Commonwealth Office of Technology
Office of Infrastructure Services
Division of Security Services
101 Cold Harbor Drive
Frankfort, KY 40601
COTSecurityServices@ky.gov
http://technology.ky.gov/security/