Fall 2004 irc bot infection of suny canton network september 28 2004
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

Fall 2004 IRC Bot Infection of SUNY Canton Network September 28, 2004 PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on
  • Presentation posted in: General

Fall 2004 IRC Bot Infection of SUNY Canton Network September 28, 2004. The Perfect Storm. New Viruses Many unprotected computers Budget issues delayed investments that kept us ahead of the wave Our turn to get hit. Infection Extent. Other SUNYs as of 9/23/04.

Download Presentation

Fall 2004 IRC Bot Infection of SUNY Canton Network September 28, 2004

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Fall 2004 irc bot infection of suny canton network september 28 2004

Fall 2004 IRC Bot Infectionof SUNY Canton NetworkSeptember 28, 2004


The perfect storm

The Perfect Storm

  • New Viruses

  • Many unprotected computers

  • Budget issues delayed investments that kept us ahead of the wave

  • Our turn to get hit


Infection extent

Infection Extent


Other sunys as of 9 23 04

Other SUNYs as of 9/23/04

  • Cortland: 23 infected out of 400 scanned on a network of 2700.

  • Albany: 600 quarantined out of 6200

  • Oneonta: 49 quarantined out of 2840

  • Cobleskill: 120 out of 1400

  • Oswego 400 of 3700 and still counting


Irc bot infection characteristics

IRC Bot Infection Characteristics

  • Vectors: spyware, popups from infected websites, infected downloaded software and screen savers, other infected computers on the network

  • Vulnerable: unpatched computers, weak passwords

  • Infected computers launch massive scan of our network and others looking for computers to infect


Irc bot infection characteristics cont d

IRC Bot Infection Characteristics (cont’d)

  • Trojan horse: goes back to sleep, often before we can see who it is and block it

  • “Send from” address is spoofed

  • Mutates frequently, making it difficult for virus protection companies to keep up with releases

  • Mutations mean after cleaning known viruses, we can miss some and a cleaned computer can “wake up” again.


How did it happen

How did it happen?

  • Old computers, nonstandard configurations, IT can’t manage them effectively

  • Neglected OS patch updates, or downloaded but not applied

  • Downloading freeware, screen savers.

  • Not using spyware or adware cleaners (e.g. Spybot Search and Destroy)


Recovery process

Recovery Process

  • 21 loaners deployed

  • Rest of unplugged users: use spares, share in short term, go to student labs

  • IT fixing old computers

  • Reissue loaners to others down the list


Future prevention short term

Future Prevention – Short Term

  • It can happen again. “Botnets” becoming hot tickets on the black market.

  • Preventative measures will reduce impact of future infections

  • Computers hit this time will be put on Active Directory as managed clients

  • Replace nonstandard PCs with standard configurations now and in spring, so more manageable


Future prevention long term

Future Prevention – Long Term

  • Full deployment of Active Directory on all campus-owned computers as managed clients

  • Isolate, pre-scan student and returning faculty computers before joining main network, apply updates, start of semester

  • Provide everyone with secured network storage space, backed up for you


Future prevention long term1

Future Prevention – Long Term

  • Apply a personal firewall on all clients

  • Procure and execute Technology Study, redesigning network for reliability

  • Update the network according to the design so it’s “self-healing”

  • Disaster Recovery Plan – organized by system, developed with departments

  • E.g. remote critical server hosting – helps users with alternate internet access


Blackboard users

Blackboard Users

  • Some students had problems this semester connecting, mostly password incorrect entry

  • When Bb was down, the network was down

  • Bb was up last Monday evening 9/20/04

  • Residence Hall network still infected. We don’t know who all the wireless users are: can’t force registration this year on wireless network.

  • Have student call Help Desk if can’t connect.

  • Considering an automated phone recording to call for network and server status.


What you can do to help

What You Can Do To Help

  • Update Windows and virus protection regularly – especially older computers

  • Choose strong passwords to prevent theft of private information

  • Avoid storing personal information on your computers

  • Delete unopened email you’re not expecting


What you can do to help cont d

What You Can Do To Help (Cont’d)

  • Don’t download software you don’t need, or click on enticing pop-ups unrelated to work

  • Backup your data

  • See handout for more detail


Questions

QUESTIONS?


  • Login