More on the University of Exeter outbreak
We are now able to confirm that the malware infected systems through the vulnerability highlighted in our previous e-mail. Further details and an update for this Windows Vista vulnerability can be found at
http://support.microsoft.com/kb/975517
Microsoft and Symantec performed an analysis of the malware, and updated Symantec definitions now detect it as a generic ‘downloader’.
There is no reason to suspect that this malware poses a specific threat to other JANET connected sites, and we have not seen any infections elsewhere. It is worth mentioning a few best practices that limit your risk to this and similar infections:
- Ensure that operating systems are kept fully patched
- Ensure that anti-virus definitions are kept up to date
- By default, block Windows LAN service ports at your network border