Fall 2004 irc bot infection of suny canton network september 28 2004
1 / 15

Fall 2004 IRC Bot Infection of SUNY Canton Network September 28, 2004 - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Fall 2004 IRC Bot Infection of SUNY Canton Network September 28, 2004. The Perfect Storm. New Viruses Many unprotected computers Budget issues delayed investments that kept us ahead of the wave Our turn to get hit. Infection Extent. Other SUNYs as of 9/23/04.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Fall 2004 IRC Bot Infection of SUNY Canton Network September 28, 2004

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Fall 2004 IRC Bot Infectionof SUNY Canton NetworkSeptember 28, 2004

The Perfect Storm

  • New Viruses

  • Many unprotected computers

  • Budget issues delayed investments that kept us ahead of the wave

  • Our turn to get hit

Infection Extent

Other SUNYs as of 9/23/04

  • Cortland: 23 infected out of 400 scanned on a network of 2700.

  • Albany: 600 quarantined out of 6200

  • Oneonta: 49 quarantined out of 2840

  • Cobleskill: 120 out of 1400

  • Oswego 400 of 3700 and still counting

IRC Bot Infection Characteristics

  • Vectors: spyware, popups from infected websites, infected downloaded software and screen savers, other infected computers on the network

  • Vulnerable: unpatched computers, weak passwords

  • Infected computers launch massive scan of our network and others looking for computers to infect

IRC Bot Infection Characteristics (cont’d)

  • Trojan horse: goes back to sleep, often before we can see who it is and block it

  • “Send from” address is spoofed

  • Mutates frequently, making it difficult for virus protection companies to keep up with releases

  • Mutations mean after cleaning known viruses, we can miss some and a cleaned computer can “wake up” again.

How did it happen?

  • Old computers, nonstandard configurations, IT can’t manage them effectively

  • Neglected OS patch updates, or downloaded but not applied

  • Downloading freeware, screen savers.

  • Not using spyware or adware cleaners (e.g. Spybot Search and Destroy)

Recovery Process

  • 21 loaners deployed

  • Rest of unplugged users: use spares, share in short term, go to student labs

  • IT fixing old computers

  • Reissue loaners to others down the list

Future Prevention – Short Term

  • It can happen again. “Botnets” becoming hot tickets on the black market.

  • Preventative measures will reduce impact of future infections

  • Computers hit this time will be put on Active Directory as managed clients

  • Replace nonstandard PCs with standard configurations now and in spring, so more manageable

Future Prevention – Long Term

  • Full deployment of Active Directory on all campus-owned computers as managed clients

  • Isolate, pre-scan student and returning faculty computers before joining main network, apply updates, start of semester

  • Provide everyone with secured network storage space, backed up for you

Future Prevention – Long Term

  • Apply a personal firewall on all clients

  • Procure and execute Technology Study, redesigning network for reliability

  • Update the network according to the design so it’s “self-healing”

  • Disaster Recovery Plan – organized by system, developed with departments

  • E.g. remote critical server hosting – helps users with alternate internet access

Blackboard Users

  • Some students had problems this semester connecting, mostly password incorrect entry

  • When Bb was down, the network was down

  • Bb was up last Monday evening 9/20/04

  • Residence Hall network still infected. We don’t know who all the wireless users are: can’t force registration this year on wireless network.

  • Have student call Help Desk if can’t connect.

  • Considering an automated phone recording to call for network and server status.

What You Can Do To Help

  • Update Windows and virus protection regularly – especially older computers

  • Choose strong passwords to prevent theft of private information

  • Avoid storing personal information on your computers

  • Delete unopened email you’re not expecting

What You Can Do To Help (Cont’d)

  • Don’t download software you don’t need, or click on enticing pop-ups unrelated to work

  • Backup your data

  • See handout for more detail


  • Login