Commonwealth Office of Technology

• Security Home
  • Security Main Page
• Alerts
  • Security Alerts
• Policies
  • Security Policies
• Anti-Virus Info
  • Anti-Virus Info
• Newsletters & Info
  • Cyber Security
  • Cyber Security Awareness
  • Security FAQ
  • Video: Public Folders
• Additional Resources
  • Security Forms
  • Security Links
  • COT Responsibilities

COT Security Alert - Statewide Network Infection

From: Hanna, Kathy (COT)
Sent: Thursday, February 08, 2007 12:48 PM
To: COT Constitutional CIO Security Contacts; COT Cabinet CIO Security Contacts; COT Commonwealth Technology Council

Cc: COT Exchange Administrators; COT Security Alert Contacts; COT Security Contact COT-Support; COT Security Contact Pass; COT Security Contact Self-Support; COT Technical Contacts; SecurityContacts Group; Commonwealth Service Center Correspondence

Subject: COT Security Alert - Statewide Network Infection

COT Security Alert- Statewide Network Infection

---

The Commonwealth Network is experiencing a significant outbreak of an infection being identified as a variant of Exploit-DcomRPC.gen. This Trojan is capable of stealing information and controlling the affected computer. Infected computers appear to be cleaned with the latest McAfee 8.0i (or 8.5i) software and a DAT file of 4958 (or greater), and the current 5100 engine.

COT identified the Trojan was communicating with a hostile Internet site, which was immediately blocked. Networks that had multiple computers connecting to this hostile internet site were blocked to help prevent the spread of the infection.

Blocked sites should make sure the virus software is updated on each machine, and run a complete scan of each computer, including ZIP files. Updates can be downloaded on another computer on an outside connection, if available. If downloading the virus updates is not an option, a service call may be arranged with external support personnel at the agency’s expense. Or Accent\Prosys, a consultant under statewide contract, can be contacted for assistance at 1-800-726-7657 ext. 402. In addition, COT can make a CD with the software updates available. Once this has been completed, COTSecurityServicesISS@ky.gov or the Commonwealth Service Desk 502-564-7576) may be contacted to request the site unblocked.

Sites that do not have a current antivirus license may purchase McAfee Anti-Virus and Anti-Spyware from COT for $10.82 per device for a license and support through 6/30/2008, or purchase virus software elsewhere. Please contact COTMcAfeeCoordinator@ky.gov or see the COT Anti-Virus webpage at http://technology.ky.gov/security/mcafee_info.htm for further McAfee information.

NOTICE: COT is providing this information so that you are aware of the latest security threats, vulnerabilities, software patches, etc. You should consult with your network administrator or other technical resources to ensure that the appropriate actions for these alerts are followed. If you are a network administrator and need additional information, please call the Help Desk at 502.564.7576.

Security Administration Branch
Division of Technical Services
Commonwealth Office of Technology
1266 Louisville Rd., Perimeter Park
Frankfort, KY 40601
Phone: 502.564.5274
COTSecurityServicesISS@ky.gov
http://ky.gov/got/security/