January 21, 2012, 7:00 AM — Some subtle genius working with an organized crime gang in Russia or China must be up for the Virus Writer's Hall of Fame for "an infestation" of virii that was not only able to scour all the networks of City College of San Francisco for personal banking and financial data, but do it secretly for a dozen years.
The first virus was discovered shortly after Thanksgiving, when an external security monitoring service flagged a single workstation in one computer lab as being infected with a keylogger, which College CTO David Hotchkiss immediately shut down, according to the San Francisco Chronicle.
[ Free download: 68 great ideas for running a security department ]
At least seven viruses or variants of the same virus have infected the college district's administrative, instructional and wireless networks and, probably, any personal computers or flash drives that connected to the network since the infestation began – in 1999.
The viruses are dormant during the day, but activate themselves at night to scour the network looking for personal identity or financial data, which they send to a total of 723 IP addresses in Russia, China, Iran, the U.S. and at least six other countries according to the Associated Press.
Some of the addresses are connected with the Russian Business Network, a criminal organization specializing in theft and resale of personal and financial data, Hotchkiss said.
The Russian Business Network also operated what Symantec calls "the grandaddy of online hosting networks for criminals" until the organization itself broke up in 2008. Individual former members are still collecting stolen data from sites infected with RBM malware years ago, a Symantec spokesperson said.
"We looked in the system and discovered these things were all over the place," John Rizzo, president of the college's Board of Trustees, told the AP.
City College of San Francisco