Viruses plague students from trusted sites

H1N1 hasn’t been the only virus infecting campus this winter. Though one wasn’t the feverish, sore throat, coughing type, it could cause just as many headaches.

Computer viruses used to be avoided by monitoring which Web sites were visited on a computer, but it’s no longer that simple, says Student Support Coordinator Steven Meads.

On Feb. 22, there were over 25 infected computer reports filed in the Division of Technology Services (DoTS) on campus, and there have been 61 virus cases documented since March 1.

The most commonly seen virus lately, said Meads, is WinAntivirus 2010. The virus looks very much like the Windows anti-virus program and is usually clicked because people assume it is from their operating system. The current viruses are being called “drive-by” viruses.

According to Meads, a user will be sitting at a machine and a pop-up will appear telling the user the computer is infected with any number of problems.

The pop-up typically imitates a legitimate anti-virus program and gives the user the option—like many pop-ups—to close out, continue or decline the program.

These pop-ups, according to Meads,  are essentially one clickable link that activates the virus no matter what is clicked on the page. If the user has administrative privileges on the machine, it will install.

In the past, many viruses primarily came from distrusted sites where users would download hacked or illegal software.

This string of viruses has been coming from legitimate, typically trusted sites. Meads said that in this case, the Star Tribune site was the main source of the infections.

Web sites sometimes rent out advertising space but do not necessarily monitor where the ads are coming from. The advertisements sometimes become infected, bring up the pop-up and pass it on to users.

“Obviously, a lot of people on campus read the Star Tribune online,” Meads said. “And based on the number of incoming calls, we knew we were dealing with something big.”

If a pop-up appears, and a user is not entirely sure it is legitimate, Meads recommends taking your hands off the keyboard and calling DoTS if you’re on campus.

A technician can remote in and remove the program if it is caught early enough. People off-campus that are associated with the University can also call DoTS, and a technician can walk them through the steps of removing the program.

The effects of the virus are not always immediately noticeable.

Users with personal computers that see the pop-up also have the option of cutting their machine’s power by holding down the power button for a few seconds, according to Mary-Alice Muraski, manager of Teaching and Learning Technologies.

Removal isn’t as easy as it used to be because it is a game of staying one step ahead, which, according to Meads, is a losing battle.

A user may sometimes Google instructions on removing the virus, but the virus is constantly being altered.

“When someone calls in and says there’s something on their computer,” Meads said, “we want to get it removed immediately because it’s possible the virus can spread onto the network.”

Actual removal can potentially take hours if a lot of calls come in and the technicians get backed up. Meads said they try to allow two hours per machine.

For someone on campus who is unable to perform their job because of the virus, DoTS has the “Quick Response” team. They also have a handful of technicians working at any given time to respond to calls. Since DoTS is funded through student technology fees, they are not able to take in off-campus students’ computers.

Fortunately, the University’s servers are protected behind multiple firewalls and are monitored. The operating systems are kept up-to-date and patched. A patch covers something such as a flaw or hole in an operating system or browser that allows a hacker to come in—literally “patching” a hole.

E-mail “barracudas” are used to filter out about 90 percent or more of the spam and viruses in online messages, according to Muraski.

“We’ll see influxes,” Meads said. “One day we’ll see a spike, then the applications catch up, and it does back down.”

“Barracudas” belong to an international network that is updated every hour to prevent spam from coming through in e-mail.

Muraski recommends keeping browsers and operating systems up to date and using pop-up blockers. A user must be sure to disable pop-up blockers for trusted sites such as D2L and eSIS, as they both use pop-up messages.

Windows Update is another important tool to use on machines to try and stay ahead of viruses. All current students, faculty and staff have access to a free download of McAfee Virus Scan via the DoTS Web site.

Meads said most programs are pretty good about letting a user know if something is out of date. Muraski also highly recommends using FalconFile daily to back up their work folders since it is on a protected server.

External hard drives are another useful option.

If a user has any questions about computer protection or they see a suspicious pop-up, they are encouraged to call DoTS at extension 3687.