Re: Virus/Trojan/Worm in the Dorms

["Jacobson, Dick" <dick.jacobson () NDUS EDU>]

Am I the only one that thinks it time to stop the sales pitch ???

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis 
Meharchand
Sent: Saturday, September 03, 2011 12:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Virus/Trojan/Worm in the Dorms

Valtx Absolute Security for Windows has been retailing in test markets at $125 lifetime per computer. National 
Retailers have indicated that they expect to price higher ($149.99) given what the product does and the fact that its 
lifetime per computer.

I’ve not fixed on an Education sector pricing yet but we will do our best to price as low as possible. We are a startup 
and the first big tender is on its way.
Best to handle any pricing questions off list.

Dennis Meharchand
CEO, Valt.X Technologies Inc.
Cell: 416-618-4622
Email: dennis () valtx com<mailto:dennis () valtx com>
Web: www.valtx.com<http://www.valtx.com>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hendra 
Hendrawan
Sent: September 2, 2011 10:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [Possible Spam] Re: [SECURITY] Virus/Trojan/Worm in the Dorms


$z

Sent from mobile device

________________________________

  From: Dennis Meharchand [dennis () VALTX COM]
  Sent: 09/02/2011 08:35 PM AST
  To: SECURITY () LISTSERV EDUCAUSE EDU
  Subject: Re: [SECURITY] Virus/Trojan/Worm in the Dorms

Valt.X Technologies is a Vendor – this is a Vendor Response.
They are going to need to take all of the computers off the network and clean them.
Where we can help is this : We have developed a lock down technology called Valtx Absolute Security for Windows.
It locks down the C: Drive so any attempted malware infection gets deflected and eliminated with a simple reboot.
Unlike Anti-Virus which may miss 50-100% of new malware Valtx Absolute Security for Windows covers 100% of all malware 
– known or new zero day.
With a lock down technology implemented they don’t have to worry about re-infection as every reboot eliminates anything 
that may have attacked the computer.



Perhaps the best way to clean the systems is to take the hard drives out and connect them to a clean system with 
updated Anti-Virus or download a free online tool such as Trend Micro’s Housecall available at 
http://housecall.trendmicro.com/housecall/ .



I said we could help – here’s my offer:

Valt.X is a startup about to launch Valtx Absolute Security for Windows.

If they contact me I’ll arrange for them to get free copies for all of the student’s computers.



Cheers,

Dennis Meharchand
CEO, Valt.X Technologies Inc.
Cell: 416-618-4622
Email: dennis () valtx com<mailto:dennis () valtx com>
Web: www.valtx.com<http://www.valtx.com>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Allen 
Wood
Sent: September 2, 2011 7:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Virus/Trojan/Worm in the Dorms

I'm sending this on behalf of a neighboring college.  It looks like they need help in a pretty bad way... here's their 
message-

****************

We've got a bit of a mess here - not quite sure how we're going to deal with it.  We contract with AT&T to provide 
internet service in our dorms.  We don't provide tech support to our students for  their personal computers.  Even if 
that weren't our policy, two techs can't provide technical support to 900 kids (not to mention the other 1900 computers 
we have that are spread over 4 different campuses).

This trojan turns computers into rogue DHCP servers - once the bad IP address has been handed out to a computer on the 
network, it's then pointed to a bad DNS server - that in turn sends the computer to a website in Romania that displays 
a web page stating that the browser is out of date and provided a link to an executable file that is supposed to update 
the brower - and that executable then infects another computer.  It appears we're dealing with a variant of Rorpian.A.

At this point, the network in our dorms isn't operational - it's impossible to connect to the valid DHCP server because 
there are so many infected computers now.  We don't have any system in place to log or track computers - so even though 
we can run Wireshark and see the traffic, we have no way of tracking that back to an individual to try to eliminate the 
rogue servers.  In addition, we've had an ongoing problem with residents of the apartment complex across the street 
(not associated with us) using our wireless network - and odds are, they're now infected as well.

We've tried 4 different anti-virus/malware products and none have seemed to work as far as cleaning the computers that 
we deliberately infected in an attempt to find a solution.  So far now, we have our dorm network shut down entirely to 
prevent further infection - and we have 900 furious students.

We don't have  the manpower to offer to format these student computers - and even if we did have enough people, and 
were willing to accept the liability, we wouldn't be able to put their software back on.  We're also not comfortable 
with "suggesting" that the students take their computers to a PC repair shop (even though that's probably the only 
answer) for the same reason.   Even at that, if one rogue server is still out there, we're going to have the issue 
again once we turn the network back on.  And what if that rogue server is in the apartment complex that we have no 
control over?

Anyone have any ideas on how to combat this?  We've been banging our heads against the wall for two days now and admit 
we may not even be thinking clearing any more.  At the moment we can't think of a way out of this.  Any suggestions 
would be welcome.

Probably the good news out of all of it is that this will probably either cause the maintaining of the dorm internet to 
be outsourced, or we'll get the equipment we need to manage it properly.  In the meantime, though, that's not going to 
help us.
*******************

I'll be happy to forward on any suggestions or ideas that you may have.

Thanks in advance,

Allen