Is this possible?

SKIPPY

Yesterday my DD linked into her Uni library Wi-fi, she then received an e-mail from them saying she had a virus on her mac and she has been blocked until she downloads the software they suggested to remove it. I'm not that computer savvy but how can they tell just by her linking onto the wi-fi?

She has not clicked on any link as feels it sounds very suspicious, I was just wondering if it is possible for them to tell?

She's off to the Apple store today so they can have a look!

Many Thanks

rmg1

Short answer, they can't (unless she's allowed them to run a remote scan).
What software were they recommending and did they say what the virus was?

SKIPPY

Something called a Flashback Trojan I think and they suggested a Norton programme. Not sure about the remote scan I will have to check with her later ...... too early at the moment!!

Enterprise_1701C

And does this Norton programme cost money? If this happened at home I would automatically think it was a blackmail virus.

Tis

I'd definitely suggest a scam that will result in her downloading a virus (IF she went to the link)

johnnyboyrebel

Tis wrote: »

I'd definitely suggest a scam that will result in her downloading a virus (IF she went to the link)

Not really, moat of these links will be genuine. The whole point of the scam is to sell the software, not on behalf of Norton of course.

rmg1

I'd go with Tis on this one.
Get it checked by all means, just don't click on the link.

johnnyboyrebel

rmg1 wrote: »

I'd go with Tis on this one.
Get it checked by all means, just don't click on the link.

So would I, just trying to avoid the scaremongering.

closed

google ..........

http://www.f-secure.com/weblog/archives/00002346.html

http://support.apple.com/kb/HT5242

andrewbarke

go check with the uni's IT helpdesk, to see if they even do this sort of thing, i know my uni had somewhere in the T@C's that they could randomly check your own laptop for antivirus, although this was in person, purly a case of walk over, "have you got anti-virus running?", show them the little taskbar icon, walk away! i know a bit of intrusion, but still if youve got nothing to hide!

eddddy

SKIPPY wrote: »

Yesterday my DD linked into her Uni library Wi-fi, she then received an e-mail from them saying she had a virus on her mac and she has been blocked until she downloads the software they suggested to remove it. I'm not that computer savvy but how can they tell just by her linking onto the wi-fi?

She has not clicked on any link as feels it sounds very suspicious, I was just wondering if it is possible for them to tell?

She's off to the Apple store today so they can have a look!

Many Thanks

Hi Skippy

I think it's quite likely that the Uni has a 'Network Analyzer' running on their network. Large companies I've worked for have these, and they are indeed able to identify if computers attached to the network behave as though they have viruses.

As an example, a company called Network Instruments provide Network Analysers. Here's what they say:

Network Analyzers are designed to watch the network, identify issues
and alert administrators of problem scenarios. These features make the
analyzer an excellent tool to locate network security breaches, and to
help identify and isolate virus-infected systems.

(You can read the whole article here: http://www.networkinstruments.com/assets/pdf/white-papers/Security_WP.pdf )

In simple terms, the Network Analyzer has been looking at the info that your DD's Mac has been sending over the network (the network packets) and thought "those network packets look like the type of packets that a virus would send".

Of course, the email could still be a hoax - but it's a credible hoax.

Rather than going to the Apple shop, I think your DD should go to the Uni's IT support people. They can confirm whether the email is genuine. Also they can advise what virus protection they recommend/require for students connecting Macs to the network.

(When my son first went to Uni, he was given an IT policy doc which explained what security protection he should have on his pc before he was allowed to connect it to the Uni network. Did your DD get something similar?)