W32.Qakbot Virus Advisory
No One at Texas Tech University or from Anywhere Else Should Ask For Your Password
A variant of a rapidly-spreading Trojan virus is currently infecting systems across the country. This virus, known as W32.Qakbot, infects computers through certain malicious or compromised websites. Typically, email (spam) invitations to visit these websites include clickable Internet ads and links. The worm can also spread through network shares, such as TechShare, by copying itself to shared folders when instructed to by a remote attacker or compromised system. This vulnerability could allow an outside attacker to compromise your system and remotely access and obtain data.
Faculty, staff, and students at TTU and the Texas Tech System can ensure their systems are protected against this threat by taking the following steps:
- Be sure your system has the latest version of the Symantec Endpoint Protection product installed. The installation software can be obtained via a free download at http://eraider.ttu.edu.
- Run Live Update for your Symantec client to ensure that it has the latest virus definitions from the Symantec Security Response Center.
- As always, be wary of unsolicited messages and the links that they may contain. If you have any questions as to the authenticity of a message, please contact IT Help Central at 742-HELP (4357) or .
Additional information about the W32.Qakbot virus can be found on Symantec’s website at http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99.