 "Photo: N/A")
At the beginning of January, a computer worm known as Conficker breached the system network at Wesleyan’s main campus.
Randy Boone, senior user support specialist, has been worked to eradicate the worm since its first detection in the Wesleyan system.
“A worm is a malicious piece of software that will use exploits on a computer to install itself onto other computer systems and then cause a degradation in computer resources,” Boone said.
Unlike a virus, Boone said the Conficker worm, which is a pun on the word “configure” combined with the German version of a well known curse word, uses the auto-run features on a computer to automatically spread itself throughout a network.
“The first thing Conficker does is infect any portable device connected to the machine and modifies the auto-run files on that device,” Boone said. “So that when a user accesses the device, [the worm] will install the virus onto the computer.”
Boone said Conficker’s other modus operandi is through manipulating the scheduled tasks of the computer itself.
Normally when a computer is turned on, it runs specific programs automatically through a scheduled tasks feature. Users also can schedule their own tasks to run automatically on the machine as well. Boone said Conficker will upload its own auto-run features through scheduled tasks and download files from the Internet onto the computer, thereby infecting the computer with the worm.
Boone said when users restart their computers these scheduled tasks begin, and the computer is infected all over again.
“So we’ve been taking steps to clean out all the scheduled tasks, disable scheduled tasks and clean out the auto-runs,” Boone said.
This means that when students insert flash-drives into computers on campus, they would have to manually access that drive instead of waiting for the menu to pop up on screen.
Boone said the help desk services department first became aware of the worm’s presence on Jan. 14, the day after classes started.
Wesleyan uses VIPRE antivirus, a product of Sunbelt Software, to protect its system network, and it was VIPRE that alerted help desk services to the breach in security.
Barry Simpson, director of help desk services, said the IT department hasn’t pinpointed exactly how the worm originally infiltrated the system, since it could have been transferred in several different ways.
“We have our own theories,” Simpson said. “It could have been through e-mail. It could have been through a laptop, Web browsers, infected jump drive; it could have been any number of things.”
But despite how far the speculation concerning the worm’s origin may go, Simpson said how the worm broke through the existing security system was because some computers may not have been properly updated over the Christmas break.
Boone said every VIPRE client signs in with Sunbelt Software to check for new updates automatically every two hours. What may have happened is that some of the updates required the system to be shut down, but some computers may not have been turned off at all.
“What happens is when people get back from break and they had their machines turned on, it didn’t have the updates,” Simpson said. “It powers up the old one, and it lets [Conficker] in.”
From that point on, it was a process of identifying the extent of the worm’s spread and eliminating it.
Boone said as of Jan. 1, 98 percent of the machines on campus were infected with Conficker.
“But as of today, we’re 98.7 percent clean,” Boone said.
Boone said there are approximately 1,000 computers between the law school, the Burleson campus and the main Wesleyan campus, and that it’s only a matter of time before help desk services can make sure each machine is clean.
“But this process can actually be started completely over if one person turns their machine off and it’s infected,” he said.
But Simpson said he and the help desk team are continually researching and developing better methods to deal with Conficker and other harmful software that could cause damage to the Wesleyan network that students depend on.
And to Simpson, students are the No. 1 priority in killing this worm, because “without the students we wouldn’t be here,” he said.
3 comments
As our only opinion contributing reader thus far, I appreciate your comment, and your devoted interest in reading the rambler's articles even into the wee hours of the morning. You are a true superfan. I think I love you.