Another Virus Attack, WORM_OTURUN.ASH

We had to shut down all the public PC's again this morning, for about an hour and a half.  This was a new one.  Rather than disguising itself as an anti-virus scanner, it prompts users to install a "browser update", (in poor English).  A user asked for help with it, and as I was showing it to MK, another user got it.  MK called downstairs, and it was popping up there too.

I wished I had taken a picture of it, but I found the above image online, from a June 2nd warning to users at the Chicago-Kent College of Law.  There is a good account of this virus at the TrendLabs Malware Blog from June 8th, The Worm, the Rogue DHCP, and TDL4, with a handy Infection Diagram.

Apparently, it often propagates via removable Flash drives.  Staff received e-mail afterward cautioning us not to put users' Flash drives into staff PC's.  (Sometimes people will ask if we can print something out for them when they are in a hurry and there is a wait for a public PC.)

No comments: