February 27, 2009

CIT Efforts Protect C.U. From Computer Viruses

Print More

Computers around the world are threatened by a new, rapidly spreading worm that has already infected millions of personal computers. While information technology specialists are working to control the worm’s spread, Cornell has not been impacted by the most recent outbreak.
Cornell Information Technologies and other information technology staff successfully contained an outbreak of a similar worm in October. Since then, largely due to CIT’s security efforts, no serious computer infections have spread through the campus.
Last October, Cornell faced an outbreak of USB malware, according to Wyman Miles, CIT’s manager of security engineering. The malware was a worm that spread through devices that used USB ports, such as removable hard drives, cameras and phones. The devices, which were plugged into one computer, became infected and then spread the infection to other computers.
To control the outbreak, CIT and IT staff created triage centers for people to bring their USB devices, said Steve Schuster, director of information technology security at CIT. The devices were scanned and any malware on the devices was removed. Over 1,000 infections were found, Schuster said, but “we knocked [the outbreak] down very quickly.”
In addition to the clinics, IT personnel fought the outbreak by learning about how the malware operated and spread.
“We put together quite a bit of documentation about the threat and defensive strategies in a short amount of time,” Miles stated in an e-mail.
“We consulted other IT staff around campus, our security counterparts at other institutions and technical resources,” he stated, “then put what we learned into practice.”
Miles added that the response to the outbreak was successful.
“USB bot infections rapidly tapered off after the initial clinics and have fallen to a very low level today,” he said.
The triage clinics were a unique response to computer worm outbreaks. “We were the only institution that stood up those triage centers,” Schuster said. In previous outbreaks, infected computers were treated individually. Each one had to be removed from its network to prevent further spread of the malware, and its owner had to take the computer to tech support, Schuster said. He said that the triage model, established during the October outbreak, will be used for future malware outbreaks at Cornell.
To help prevent computer infections, CIT uses an antivirus program called Symantec. The software can be downloaded for free from CIT’s website, said Jason Lai ’11, a consultant at the Academic Computing Center in the Engineering Library. CIT used Symantec to detect the malware during October’s outbreak, he said. Once Symantec is downloaded, it protects the computer from viruses and can scan files and USB devices for infection.
Miles recommended that students run antivirus software, such as Symantec, to protect their computers from worms and viruses. Students should be “exceedingly wary of e-mail scams, e-mail attachments and web advertisements,” he said. Cornell’s I.T. Security website has more information about how to protect computers from malware.
While Cornell has not seen a major malware outbreak since the USB worm in October, new viruses are always a threat. Viruses appear in cycles, Schuster said. “Viruses are less common now than they were two and a half to three years ago,” he said, but “we’re starting to see more viruses again.”
New viruses and worms are often difficult to guard against. According to Symantec, nearly 2,000 new viruses were created every day in 2008. Anti-virus programs are only as good as the viruses they have analyzed, so they are constantly playing catch-up with the newest virus versions, Schuster said.
“Even the best antivirus software is invariably behind malware authors,” Miles stated. Cornell’s contract with the Symantec’s antivirus software allows IT staff to submit virus samples for rapid analysis and quicker update of the software, he said.
Cornell has faced computer viruses since the earlier 1990s. In 1990, a Cornell graduate student wrote one of the first major viruses, termed the Morris Worm, which infected a nationwide computer network, according to The New York Times. The student, Robert Tappan Morris, who was eventually arrested, was one of the first to bring attention to the need for computer security.
According Tracy Mitrano, director of IT policy, Cornell and other universities have an especially difficult time guarding against computer infections. “Network security remains, in general, a significant challenge, and for higher education in particular because of the relatively open networks in keeping with its research missions,” she stated in an e-mail.
However, “Cornell has one of the best security teams in the country,” she added.