Decade-Long Virus Infection Discovered

College Vows Updated Security in Wake of Breach

By , January 19, 2012.
Decade-Long Virus Infection Discovered

Recently discovered viruses, consisting of Trojans and other malware, at City College of San Francisco have stolen personal banking information and other data from perhaps tens of thousands of students, faculty and administrators, says John Rizzo, president of the board of trustees.

See Also: How Cybercriminals Use Phone Scams To Take Over Accounts and Commit Fraud

The college first noticed the infection in late November, when the IT department saw gaps in the data logs of a server located in the Phelan Avenue campus computer lab. Further investigation revealed that the viruses had existed in the college's systems since 1999, Rizzo confirms.

During the investigation, the college's IT department saw transmissions being sent to Russia and China, as well as other countries, Rizzo says.

The college has 100,000 students and 3,000 employees. So far, there's been one confirmed instance of personal banking information recorded by a virus, he says. "We're looking at the ... central database to see if anything was taken from there," he adds.

Upon learning of the breach, the college closed off the infected computer lab and took the server offline that had been transmitting the data overseas. The college community was notified by e-mail on Friday, Jan. 13, Rizzo says.

Corrective Action

As a result of the breach, the college has taken multiple steps, including eradicating the infections and reviewing all computer equipment. Rizzo says City College has also:

  • Reconfigured the campus firewalls;
  • Changed and strengthened the passwords on all of the servers;
  • Made preparations to install new security hardware;
  • Taken steps to update and establish new procedures for the school to follow when it comes to using the college's computers and network;
  • Begun planning for a reconfiguration of the network, isolating it into three separate areas: an administrative area (to house records, etc.), academic area (class information, etc.), and a wireless area.

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Sony Exec Steps Down After Breach

In the aftermath of the Sony Pictures Entertainment cyber-attack in late November 2014, Amy Pascal,...

Latest Tweets and Mentions

ARTICLE Sony Exec Steps Down After Breach

In the aftermath of the Sony Pictures Entertainment cyber-attack in late November 2014, Amy Pascal,...

The ISMG Network