A serious malware outbreak has been detected that converts PDF files to EXE files that can further spread the infections. This malware originates from suspicious emails, links, and PDFs.
As of December 1, 2014, the latest virus definitions from both Sophos and Trend Micro are detecting the trojan and quarantining compromised files. The current strain has been identified as:
- Sophos: Troj/Agent-AKJF
- Trend Micro: TSPY_URSNIF.YNV
Note: there's currently no entry for this in Trend Micro's Threat Encyclopedia - Payload
- Sophos: Mal/Generic-S
What is UBC doing?
To contain the spread of the virus, UBC will be scanning TeamShare and Home Drive file servers, which will degrade performance. As it will take several days to scan these systems, we kindly ask for your patience. In addition, we will be providing security updates to our VDI system.
What can you do?
- Install Anti-Virus and download the latest anti-virus updates. You can download free anti-virus software at www.it.ubc.ca/downloads
- Do not open any suspicious emails, links, and PDFs.
- Technical staff: Communicate this issue to your staff and colleagues. If the product being used in your faculty/unit is other than Sophos or Trend Micro, please check that the vendor has a definition that provides protection against this strain of the malware. Please do not hesitate to contact security@ubc.ca if you require assistance.
Infected?
Contact your Departmental IT support staff for assistance or report the issue to the IT Service Centre at www.it.ubc.ca/helpdesk or 604.822.2008.
For more information and Technical Details
Please visit the IT Bulletins for more up-to-date information and detailed description of the malware and its behaviour.
Questions or concerns?
Please contact the IT Service Centre at www.it.ubc.ca/helpdesk or 604.822.2008.
