Virus infects students’ computers via flash drives

Troy Chamberlain and Troy Chamberlain

Students who have gotten used to sticking their flash drives into just any USB port on campus may want to check their protection.

According to statements by the Resident Computing Connection and the Information Technology Services security department, a malware virus has made its way into the University network and is spreading to students via their USB devices.

Director of IT Security and Networking Matt Haschek said forensic analysis done by the Information Security Office has concluded that this appears to be what is known as a ‘bot-virus,’ a type of virus that runs processes on an infected computer, then sends messages to the ‘bot-master’, or originator, informing it that it has been successfully installed. The virus then lays dormant, awaiting further directions from the originator.

‘Right now, it hasn’t really done anything to harm our network at all,’ said RCC head Robert Pflum, ‘it’s basically waiting to be updated.’

Students are bringing this virus to their personal computers, Haschak said, when they plug their flash drives into infected University computers. The virus installs files onto the flash, and then installs itself onto any other system the flash drive is plugged into [that] does not have adequate anti-virus software.

As of Dec. 11, 150 systems on campus were estimated to have been infected, as well as 200 students’ personal computers. Many of the students with infected systems have since been contacted and their systems healed, as well as having their University-provided anti-virus software updated to prevent future infections.

Due to the passive nature of the virus, many students whose systems are infected may be unaware.

‘I had no idea and then I got an e-mail telling me I had [the virus],’ said freshman Amanda Hausmann. ‘I had to bring [my computer] in and leave it for like a day, then they fixed it.’

If enabled, this virus will likely result in a distributed denial of service attack, Haschak said. Pflum described this type of attack as one in which the ‘bot-master’ sends a command to all the infected systems to issue an overwhelming load of commands to the network, effectively jamming it, preventing connection.

Haschak said the orchestrator of this attack could be a hacker building a ‘bot-army’ for the purposes of extortion, cyberwarfare or to just generally disrupt connectivity for random victims.

‘Malware that is very widespread like this ‘hellip; could be a very large issue,’ Pflum said.

Simply having anti-virus software does not guarantee immunity to this virus. According to Pflum and Haschak, most software will not recognize this virus because it is so new.

Since becoming aware of the seriousness of the issue, RCC and ITS have worked to contact all students whose systems are believed to have been infected, asking them to come in and have their systems healed. Modifications have also been made to the University network to inhibit the virus’ ability to communicate with the ‘bot-master.’ An update of the University provided McAfee software, or anti-malware bytes, must be installed to recognize and remediate the problem. Students living on campus who believe their systems have been infected should take them to RCC in 203 Conklin North for treatment. Off-campus students should take their systems to ITS in 110 Hayes Hall. All services provided and updates installed are free to students.’