Mac virus hits campus

A computer virus that affects Mac operating systems has spread to Yale’s campus after infecting over 600,000 computers across the world.

Roughly 50 students have reported to Information Technology Services that their computers have the Flashback virus, which can go undetected while stealing personal information such as passwords and credit card information saved in files, said Adam Bray, assistant manager for the Student Technology Collaborative. Bray said students can help protect themselves against the virus by installing anti-virus software available on the ITS website, and students can enlist the support of student techs to remove the virus if their computers are already infected.

“Once a computer has been infected, the virus hijacks certain web browsers, and silently runs a program in the background,” Bray said. “This allows the application to monitor web browsing, capture passwords and other sensitive information, and send this information back to remote servers.”

The virus enters computer systems though a variety pathways, such as corrupted websites that have Java applets or by posing as an update installer for Adobe Flash Player, Bray said, adding that in some cases the virus does not need owners to enter their administrative passwords in order to infiltrate the systems.

Macs running on the latest updates for Mac operating systems — Mac OS X Snow Leopard 10.6 or 10.7 Lion — are immune to the virus, Bray said, but users who contracted the virus before installing the update can remove the virus through the Apple Flashback Malware removal tool on Apple’s support site. Students can check whether their computers have the virus by visiting Flashbackcheck.com, according to a campus-wide email about the virus sent on April 11 by ITS.

But computers that are running on Mac versions 10.5 or earlier need to install an anti-virus utility such as Symantec Endpoint Protection, which is available for free at the Yale Software Library on ITS’s website.

Lesya Chopivsky ’15, whose laptop was affected by the virus, said she took her computer to student techs to be checked and found out her computer had been infected. She had initially decided not to install anti-virus software because of Mac’s strong reputation of protection against viruses, she said, and she has already changed her passwords and may call her credit card companies to make sure there has not been any irregular activity. She added that she was asked by ITS not to use the YaleSecure network as a precautionary measure until the virus was removed, a process that took her about one day.

Bray said the number of students requesting computer support has spiked in recent weeks, but that the end of academic terms are normally busy for student techs since students want to avoid computer trouble during finals period.

“Students choose these times to bring problems to us that may have been occurring for a while, but not serious enough to warrant concern until the computer is more important to the student academically,” he said.

The Flashback virus was first discovered last September.

Comments

  • morse_14

    Adam Bray is Branford ’07. (Y’all seem to forget this every time you quote him in an article. Seriously.)

  • Dynasty

    Flashback is not a virus, but a Trojan or malware. It requires an act on the part of the user to acquire it, like visiting a malicious website. It doesn’t infect a file like a virus but instead installs files of its own on the affected computers.
    As such, it is much easier to remove than a virus would be and it doesn’t corrupt other files.
    This is an important distinction so it would be nice to report it correctly. It is disturbing that even ITS apparently doesn’t understand the difference.
    Also, merely running Software Update on most Macs will remove the malware. Antivirus software is unnecessary for this purpose, and is al,ost certainly overkill for most Macs.

    • adam_bray

      **Dynasty**, you are technically correct; Flashback is more correctly termed ‘malware’ or a ‘trojan’. That said, I feel the distinction is not as important in a case like this, and the term virus is more easily understandable and recognizable to most people.

      If you read the article carefully, you’ll see we do explain that students on the latest versions only need to update or run Apple’s removal tool to remove the virus (though our original quote on this matter was much more clear).

      But for students running older versions, the only options are to use a 3rd-party utility (which we’ve found to be unreliable) or install anti-virus software (much more reliable).

    • River_Tam

      > It doesn’t infect a file like a virus but instead installs files of its own on the affected computers.

      Viruses can install files of their own. While Flashback is not technically a virus, this is due to the fact that it is not self-replicating. It has nothing to do with the nature of the infection.