Home » Sections » News » 118 PCs, so far, booted off network for AIM virus

118 PCs, so far, booted off network for AIM virus

By Daniel Wolfe

Section: News

October 14, 2005

118 computers have been shut off the network due to infections known as botnets over Instant Messenger as of Oct. 12. According to UNET systems administrator Elliot Kendall, after a computer becomes infected it calls home to a central controller and waits for instructions. Depending on the whims of the botnets owner, that can be anything from launching a distributed denial of service attack against an internet site to sending spam or phishing email, to monitoring the keyboard to steal usernames, passwords, credit card numbers, etc

College students are constantly hooked up to the Internet, looking for ways to waste time. Many go on Instant Messenger to talk to old friends whom they havent seen in a long time. It is not uncommon for friends to send each other pictures or links to Internet sites. It is under this guise of Instant Messages from friends several viruses have penetrated the Campus. These viruses are collectively known as a botnets, which is a jargon term for a collection of autonomous software agents.

A persons computer gets infected when they click on a link from an already infected friend and run the file that downloads as a result. If an infected user is online, he or she then sends an instant message with the link to the virus to everyone on his buddy list that says something similar to Hey! Click this link to see a picture of me! Because the recipients of such instant messages are friends with the individuals who send them, they are not suspicious that the picture is really a botnet virus. As soon as the person gets this virus, it is likely that his or her computer will send an instant message to everyone on his buddy list, and this pattern will continue.

When Kendall observes that a computer from the Brandeis network is communicating with these botnet controllers and virus distribution sites, he blocks it from the network. Kendall said that originally, if a user received a virus, the default response at the helpdesk [was] a reinstall [of Windows], since trying to figure out exactly what some random virus does to a machine is very difficult, time consuming, and prone to error. When this was the case, users with any virus would be required to pay 50 dollars for the helpdesk to reinstall their Windows, not including the 25 dollar fee to back up their hard drive.

However, early in the epidemic, they realized they were seeing a lot of the same thing, and that it was relatively easy to clean. Cleaning instructions were written, and the official policy was changed to give an exception in this specific case, so that with this seemingly easy-to -cure epidemic, it was no longer necessary to pay the helpdesk to reinstall Windows.

As the number of different kinds of infections increased, the instructions became less effective and often failed to resolve the problem. It was at this point that the policy was reverted back to its initial requirement of reinstalling Windows for every type of virus. Kendall stressed that it is crucial for users to pay attention to the warning signs built into web browsers. For example, after clicking the link advertising the picture, a warning pops up saying that the site is not secure and may contain a virus. However, since users think they are getting this picture from their friends, they are not suspicious and click the link anyways, and enter the site.

According to Kendall it is important to respond to your friend prior to clicking any link they send to verify that they actually sent it, and not a virus. If the exact same response comes up word for word you should be aware that its probably not your friend but a virus.

Inasmuch as 118 of us have been suckered into this avoidable trap, it is essential that students are vigilant and heed the warnings that the network and Internet browsers provide. If they do not, it will cost $75.00, and a great deal of time, that could have otherwise been spent studying for midterms, or talking with real people on AIM.

Menu Title