Trojans attack network

February brought unwelcome guests to UTD computers: malware that threatens to steal personal information from infected machines.

UTD Information Security (IS) is stepping up efforts to curb the surge in attacks on campus networks this year. The offending malicious programs, trojans, disguise themselves as real programs and collect personal information from student, faculty and staff members to sell to identity thieves.

“Everything you own and are has been exposed,” said Senior IS Analyst Paul Schmehl about the infected computers.

From Feb. 1-15, IS detected 34 computers that were infected by trojans on UTD networks. Four of those computers had been infected by two trojans at the same time.

“We’re used to seeing two or three a month, so this is a dramatic change for us,” Schmehl said.

Most of the detected infections have come from laptops and mobile devices connected to UTD’s wireless networks.

“We assume that’s because (students’) machines aren’t kept up to date with current antivirus software, and they probably aren’t patched to the same levels as the machines that are on the UTD (wired) network,” said IS Director Leah Teutsch.

Trojan infections usually cause severe damage. According to Schmehl, even discounting the threat of information theft, removing a trojan entirely is extremely difficult. If infected, IS reformats campus-owned computers, destroying all the data on them, and recommends students do the same if their computers are infected.

“Once you get a trojan on your machine, there’s no way you can possibly know if it put other stuff on your machine, other stuff that could be undetectable,” Schmel said. “You can never be confident that you’ve gotten everything.”

IS was able to trace the sources of some of the Trojan infections to infected banner ads that run malicious scripts when the pages hosting them are viewed.

To prevent these infections from taking root, IS is researching new technology and software that automatically blocks and unblocks infected Web sites to protect computers connected through UTD from harm.

“There are places that maintain lists of bad IP’s, and those are updated pretty continuously,” Schmel said. “The problem is you’ve got to stay up to date, because an IP that’s malicious today could be clean tomorrow. You don’t want to block CNN for six weeks. You want to block it for the six minutes that it’s vulnerable.”

The best way for users to stay safe is to make sure all their software, not just the operating system, is current. Applying software updates seals security holes that malware creators often use to infect computers.

“(Microsoft has) closed a lot of holes that the hackers love to use, so now what (malware creators) are doing is focusing more and more on third-party apps,” Schmel said.

Trojan attacks have also been detected on a few computers running Mac OS and Linux machines this month, demonstrating that even non-Microsoft products can be infected if not updated.

“There are vulnerabilities, and it is in the user’s best interest that they keep their Macs and Linux boxes patched and up-to-date with antivirus on them,” Teutsch said.

To report possible malware activity or find more information, visit www.utdallas.edu/ir/security/. If you have questions, you can e-mail infosecurity@utdallas.edu.