On-campus computer networks are prime targets for infection from
worms and viruses because of constant connectivity to the
Internet.
Approximately 2,300 computers on the campus network were found
to harbor a variety of worms, ranging from the annoying to the
potentially hazardous, within the past two weeks.
A worm is a type of computer virus that exploits security flaws
and makes copies of itself on other computers.
The majority of these computers were found in the residence
halls and approximately 1,800 computers needed to undergo
treatment.
Though a worm named Sasser, which exploits a security flaw in
versions of Windows XP and 2000 is thought to be the cause of
widespread problems, the main culprits are actually three different
worms — Phatbot, Agobot and Gaobot.
The three worms are all polymorphic, meaning they can change on
their own and can be easily changed by others, said Mark Bower,
manager of managed network services with Communications Technology
Services.
“(Phatbot) is hard to detect because it changes
frequently, and it also disables anti-virus software,” Bower
said.
If one of the three worms infects a computer, the machine will
report to and wait for orders from another computer.
“A machine can be used for any purpose under the
sun,” Bower said.
Vital information on machines, like credit card numbers and
passwords, can be recorded by and transmitted to a foreign
computer, he said.
Security flaws are often made public before a worm is released
and a patch to correct flaws is made available, said Peter Reiher,
an adjunct associate professor of computer science.
“If people are up to date on these patches … they
aren’t going to be vulnerable to most worms,” Reiher
said.
According to the Student Technology Center’s Web site,
residents affected by worms should download the necessary security
patches and a program that removes most viruses from infected
computers.
Worms send messages from one machine to another, and by noticing
patterns in these messages, system administrators can prevent worms
from entering networks, Reiher said, adding that the worm may not
always be caught in time.
“It may be that the worm has spread before anyone knows
what the pattern is,” he said.
The recent worms have proven to be more difficult to remove than
viruses in the past.
“Other times, I would get a Windows update, and the
problem would go away,” said second-year business economics
student Linh Le, who was using the De Neve computer lab. “I
can’t get (the virus) off my computer, and I don’t know
why.”
Though many computer networks are protected by firewalls,
security measures designed to screen data coming into the network
from the outside, worms can enter a network by other means.
If a computer picks up a virus or worm outside of the firewall
and is put back into the network, then other vulnerable computers
in the network can be affected, Reiher said.
“It’s like being in a locked room,” he
said.
Other network ills that could potentially affect UCLA computers
include data theft and distributed denial of service attacks, which
overload networks so the Internet runs slowly.
“I’m so dependent on my computer,” Le said,
noting that much of her personal information is on her
computer.