Data-Stealing Virus Hits Virginia Tech, Potentially Compromising 370 Employees

Virginia Tech officials are concerned that a computer virus responsible for the loss of millions of dollars in other organizations might have compromised the Social Security numbers of around 370 university employees.

The virus, called Zeus, was discovered in mid-February on a computer in the university controller’s office. It operates by gaining access to information stored on a hard drive and entered online, and it can record keystrokes and take screen shots on a computer it has infected, says Randy C. Marchany, Virginia Tech’s university information-technology security officer.

In past attacks mostly on small to midsize businesses, this information was used to make millions of unauthorized wire transfers, according to

Mr. Marchany says network-intrusion software at Virginia Tech detected an attempt by the virus to make contact with a computer in China.

“What we saw was the outbound connection when it tried to phone home,” he says.

The virus is particularly tricky, he says, because it has been modified numerous times to evade detection by standard anti-virus software programs.

The computer on which the virus was housed contained a spreadsheet with Social Security numbers and other personal information for 369 employees. Mr. Marchany knows the virus transferred some information from the computer, but he isn’t sure whether any of it was sensitive. But the university notified all employees who might have been affected and offered them free credit monitoring to ensure their identity had not been compromised. There haven’t been any reported problems yet, he says.

Virginia Tech isn’t the only college that has encountered the virus, says Douglas Pearson, training director of the Research and Education Networking Information Sharing and Analysis Center, which sent an alert to colleges last year about the virus.

Mr. Marchany says it’s important for universities to ensure that all personally identifying information, such as Social Security numbers, is stored in encrypted files so that it can’t be read, even if stolen. Sensitive papers should be kept in a locked cabinet, he says. So “the electronic equivalent of that is to encrypt the data.”

Return to Top