Go back

APSU cracks down on contagious computer viruses

September 16, 2003

Students at Austin Peay were faced with crippling viruses at the start of the fall semester, none of which could be cured by a trip to the health center.

As students plugged their personal computers into the Universitys network, those who had neglected to download or update virus-protection software onto their computer ended up either infecting the Universitys swift broadband network or being infected themselves.
September 16, 2003

Students at Austin Peay were faced with crippling viruses at the start of the fall semester, none of which could be cured by a trip to the health center.

As students plugged their personal computers into the University's network, those who had neglected to download or update virus-protection software onto their computer ended up either infecting the University's swift broadband network or being infected themselves.

“This is probably the worse I've seen in a long while,” said Charles Wall, director of the Office of Information Technology. “We had it under control until the students started coming back and connecting their personal computers into the network. The past three weeks has really been the worst of it.”

While the University provides Norton anti-virus software for University-owned computers, the license does not extend to provide the software for student-owned machines.

After the summer's nationwide battle with viruses such as the W32.Blaster worm, the W32.Sobig.F worm and the W32.Welchia worm, many students' computers had been infected.

“Some people have received as many as a thousand e-mails a day as part of the Sobig.F virus,” said Wall. “We have been trying to replace the destructive attachments that come with this email with a short attachment saying it was infected. This is one way we've been able to curb the infection.”

In the first week when it appeared the three viruses were becoming a problem, the IT staff decided to turn off network access to computers detected through the system as sending off one or more of the viruses.

“We don't require students to register a machine when it is plugged into a network jack in a residence hall. This makes it easy to connect to the system but difficult for us to locate the machine causing the problem,” said Wall.

When Stephanie Taylor, the IT network manager, detected a computer sending out a virus, she would disconnect the machine without knowing to whom it belonged.

“We'd wait to get a trouble call at our help desk and try to match the call to the list of machines we had disconnected,” said Wall.

If that process sounds time consuming, nothing compared to the process of disinfecting the computers.

The IT staffs original intention to help students by sending out a technician soon turned into chaos as the number of infected computers doubled and tripled.

“We simply did not have the staff to handle the problem,” said Wall.

Instead, students calling to report problems were instructed on what Web sites to visit to obtain both virus detection and protection software and a memo went out to each student with a clear messageclean your computer or you will be disconnected.

“Currently, a large part of the housing network bandwidth is being used by W32.Blaster infected machines trying to infect other machines in the residence halls. Add this to the thousands of e-mail messages being sent by machines infected with the W32.Sobig.F, and the housing network is significantly impacted,” said Wall.

Most viruses are created to be intentionally destructive, though any number of excuses can be given. The W32.Welchia worm, for instance, was created originally to help clean up the Blaster worm.

The prevalence of this virus is so strong that Wall's technicians have reported hooking-up brand new computers into the network to download anti-virus software, only to find that Welchia already had started to attack the computer within those few minutes of connection.

“There are about 1,600 University machines and 600-plus machines in dorms. There's just no way of knowing how many of them have been infected at this point, but it's been a good many. The biggest problem now is the traffic it's causing,” said Wall.

“There are always going to be viruses out there. These three are just the most prevalent right now. The best thing you can do is to install the anti-virus software and configure it to download new virus-definition files regularly.”

To check your machine for viruses, Wall recommends two Web sites
http://housecall.trendmicro.com and http://www.sarc.com. These Web sites list every virus circulating the Internet and offer instructions and tools on detection and disinfection.

He also recommends installing critical operating system patches on your computer. For those running Microsoft software, information on how to check and install critical patches can be found at http://www.microsoft.com/security/incident/blast.asp.

Finally, make sure your anti-virus software is setup to receive new definitions frequently and install a commercial anti-virus package if you do not have one already.

For further information, telephone Wall at 7129.
Meredith Dunn