 |
 |
 | |
 |
|
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
AIM virus spreads through campus
Posted Saturday, October 1 2005 08:44:32 am
Symptoms of a viral infection
A new computer virus has been spreading around campus since Tuesday under the guise of a funny picture sent from an AOL Instant Messaging buddy. The university sent a blast e-mail yesterday afternoon warning of the virus that infects a user’s computer and exposes the computer and the network to hackers.
According to Alexa Kim, executive director of ISS Technology Services, the virus is sent via AIM through a link that says, “Checkout this JPEG.” When a user clicks on the link, the virus is automatically copied and sent to every person on the buddy list and then opens a vulnerability inside the computer.
“It doesn't damage files but it does open a 'back door' which could give a hacker access to the computer,” said Kim. “Then, that computer could be used to conduct other attacks on machines.”
The virus was first detected by the university's Intrusion Detection System (IDS), which monitors unusually high traffic on the network, on Tuesday after infecting 30 to 40 students, said Kim. Those students were immediately cut off the GW network and were told their computers would need to be cleaned by Student Technology Services.
IDS traced the virus back to AOL Instant Messenger, a popular program found on almost every computer. In a meeting yesterday, it was decided to inform the entire network of a virus, said Kim.
The virus has been spreading across college campuses this week. The University of Maryland's Office of Information Technology has received over 120 reports of infection, according to their student newspaper, The Diamondback.
The virus is known as SDbot, a Trojan horse virus that plants itself into a user's computer and creates a pathway for hackers, said Krista Thomas, a spokesperson for AIM.
“It's definitely a familiar pattern that now seems to be emerging,” she said.
Thomas reminded users to treat AIM links just like e-mail attachments and to be cautious of extraneous links in messages.
“If someone says, 'Let me send you a link of something on CNN,' and sends you a link, that's one thing,” said Thomas. “But if someone just randomly sends you a link [and] you're not expecting it and you have no idea what it is… do not click on links in AIM, even if it's coming from someone you know and trust.”
Thomas said that in such a situation, it would be best to take some time to respond to the buddy and ask what the link is.
“If it is a virus, your friend will say 'What link? I didn't send you anything,” said Thomas. “And that's the tip-off.”
AIM has set up mechanisms to slow down such viruses, said Thomas. One such tool is known as “rate limiting,” and prevents a Trojan horse from sending a single message simultaneously to up to 500 of a single user's buddies.
Also, “link stripping” allows AIM to recognize a specific hazardous link and “deny conveyance of that link the system,” spreading a blanket “Do not transmit this link” message across AIM, said Thomas.
Beyond vigilance, Kim said that university is currently working with Symantec, the network's virus protector, to “provide a solution to this vulnerability,” she said.
The university is recommending that students who appear to have viral symptoms on their computer download AIM Virus Fix, a program offered on the personal website of engineer Jay Loden. The program is meant to scan AIM for problems and fix them.
 |
 |
||