February 18, 2006: New Student Computer Security Threat
UPJ ResNet coordinator Mr. Ralph Miller has reported an increase in the number of ResNet users that have been suspended from network access due to virus infected and compromised computers. These suspensions are a result of complaints issued by the Pittsburgh campus Network Operations Center which monitors the network for suspicious activity. In the past 2 weeks alone, eight users have had their ports deactivated.
This warning relates to a new attack specifically targeting Instant Messenger users. The virus is initiated by following a web link embedded in a message that appears to be from a legitimate e-mail address. Once you click on the link, the virus is installed on your PC and you are infected. Standard virus protection software cannot stop this type of virus attack. For your protection, never follow links that look suspicious or were sent to you anonymously. If there is any doubt, contact the person first to verify the link's legitimacy before clicking on it.
This series of complaints indicates that the infected PCs have been compromised and are being used as part of an illegal, hidden "botnet" on the Internet. This means that the PC's have had a Trojan virus placed on them which allows an outside person to remotely control the PC for their own, usually illegal, purposes. These purposes can range from e-mail spam, attacks on other networks, illegal file sharing, or possibly as serious as illegal black market business.
As a result, the PCs must be removed from the ResNet network until that threat has been removed from the PC. Unfortunately, this type of Trojan or "rootkit" is not prevented by common virus protection software and is nearly impossible to remove from the operating system. More than likely, the fix will require the user to completely reload/rebuild the PC's operating system. The added drawback to this fix is that all application software must be re-installed and any personal data that is not backed up will be lost.
The average user will be faced with taking their PC to an off-campus vendor for repair or using the fee-based service offered by Information Technology that cleans the PC and reloads Windows XP. (There is a $75.00 charge for this service and typically requires 3-4 days, depending on the current workload).
The UPJ ResNet office provides students with support and explicit directions when they face suspension and is happy to talk to students about measures that will protect against such attacks. To help prevent infections or problems like this one on your PC, follow these simple rules:
Use our up-to-date Antivirus program, Symantec 10, and configure your software to get automatic definition updates daily and scan the drive at least once a week.
Update your Windows OS software regularly and configure your software to get automatic Windows updates daily.
Make sure ALL users on your computer have strong passwords.
Never open suspicious e-mail attachments or links in pop-ups advertisements and Instant Messenger.
Avoid downloading files from peer to peer sites such as LimeWire, Bit Torrent, Ares, BearShare, and others. The files usually contain more than just music or movies: most files come with extra surprises such as Trojans.
Avoid installing free and pirated software, screen savers, toolbars, desktop pictures; again, they tend to contain unwanted extras.
Be wary of any unsolicited offer to follow "friendly links" for "free" or "important" information.
Students who have their ports disabled for the above type violations will need to contact the UPJ ResNet office for verification that the PC has been repaired. Second offenses carry a port reactivation fee of $20 per incident.