Lexington Herald-Leader (KY)

August 28, 2003

INVASION OF THE DATA SNATCHERS
GET USED TO IT: NET BUGS WILL ONLY BECOME TRICKIER, MORE NUMEROUS

Author: Jim Jordan, Herald-Leader Business Writer

Edition: Final
Section: Main News
Page: A1

Estimated printed pages: 5

Article Text:

An aide to a member of the British Parliament e-mailed Dan Adkins last week, asking that he resend an e-mail. An important attachment had not been sent with the message, wrote the aide to Mark Fisher, M.P.

"I had never sent an e-mail to Mr. Fisher or had any contact with him," said Adkins, a spokesman for the University of Kentucky. But he knew immediately what had happened.

Adkins and Fisher, like other computer users worldwide, had been the victims of the so-called Sobig.F e-mail virus that has been bombarding e-mail users with countless phony messages for several weeks.

Besides the wasted time needed to separate bogus from real messages, the extra e-mails have slowed computer response time, caused the temporary shutdown of some small systems, and have forced computer professionals to devote hours of extra work to cleanse infected systems.

Sobig.F is the third known virus or worm to strike Kentucky computer networks over the past month. Microsoft blaster came first, followed by the Nachia or Welchia worm -- and all took their toll.

The worst is yet to come

Yet the worst is probably still ahead, say system operators. Each worm or virus is more sophisticated than the last one and typically takes longer to counteract. Eventually, the Internet itself may come under attack, not just the computer systems of individual companies, colleges or government agencies.

"It's like the Maginot Line. You set up your defenses and they find something else" that might break through, said Grover Hibberd, associate vice president for information technology systems at Georgetown College.

Finding new defenses and repairing damage "is a way of life now," agreed Gene Williams, vice president of fiscal affairs and information technology at UK. "This is the way it's going to be."

Mike Burke, supervisor of systems support for the Fayette County Public Schools, fears that what is now "a huge nuisance" could turn into a fight by large and small computer owners to keep control of their own systems as technology becomes more sophisticated.

"It's an ongoing battle," Burke said. "There's no end in sight. That's the environment we work in today."

The battle will put personal computer owners on the front lines, say Lexington's Internet service providers, the companies that connect computer users to the Internet.

Eventually, personal computer owners may face a choice: Keep their antiviral software up to date or face being cut off from the Internet when a serious virus or worm strikes, said Jonathan Yarden, senior systems administrator for BluegrassNet.

Otherwise, personal computers can shelter a virus or worm that can jeopardize other customers' computers.

"As much as we love our customers, we know they are the root of the problem," Yarden said. "They don't maintain their systems."

Colleges and universities have been especially vulnerable the past couple of weeks as students returned with their own computers and plugged them in. The schools' networks were then exposed to any worm or virus the students' personal computers might have been harboring.

Jonathan Barker, CEO of service provider QX.net, said customers are fooling themselves if they think the provider can protect their computers from all viruses and worms.

"These newer, more sophisticated viruses" gain access to the Internet through entryways that services providers cannot block, Barker said. "Everyone has to patch" protective software onto their individual computers to protect against new attackers, he said. Customers should also eliminate software from their computers that they are no longer using, to reduce the potential entry points for viruses and worms, he said.

Damage from the recent onslaughts appears to be light and "everything is back to normal," said Scott Render of the Governor's Office for Technology.

"We have no idea about the cost," Render said. "We haven't had a chance to deploy people to make estimates."

Effects across the state

The known effects of the attacks included:

* Computer systems at UK, Georgetown College and other schools were slowed as students were attempting to register for classes or change schedules.

Dormitory computers were shut down for several days at Georgetown College until yesterday, when they were brought back online.

* The server crashed in the Fayette County Public Schools budget office just as the budget for the 2003-04 school year was being prepared. The cause has not been determined, but a virus or worm is suspected.

* The statewide circuit court clerk's computer system was shut down, apparently by a variant of the Microsoft blaster worm.

* A worm or virus knocked out the Internet connections for several days for a computer used by the Urban County Government to prepare ozone and air-quality forecasts.

Business computer systems were affected also. Slowdowns or temporary shutdowns of computer networks were reported by Hilton Hotels, CSX Corp., Air Canada, Germany's BMW and BellSouth.

Burke said that whether a computer system is operated by a business or a government entity, the challenge remains the same: "It's always the human factor.

"It's inevitable that as operating systems grow and become more complex, there will be vulnerabilities. There also will be people who want to take advantage of them. That's our challenge," he said.

Herald-Leader staff writer Lisa Deffendall contributed to this story. Reach Jim Jordan at (859) 231-3242 or 1-800-950-6397, Ext. 3242, or jjordan1@herald-leader.com.

WHAT IS A VIRUS?

A computer program that copies itself and infects other programs by modifying them into an evolved copy of the original.

WHAT IS A WORM?

A program that spreads copies of itself or its segments to other computers. A worm can be based in one computer or in segments in several computers in a network.

WHAT CAN YOU DO?

* Install a firewall, a program that limits outside access to your computer.

* Install anti-virus software and keep it up to date.

* Install security patches to counter specific viruses as soon as software makers make the patches available.

* Shut down programs you are not using, to prevent viruses from using them to enter your computer.

* Do not open e-mails or attachments that look suspicious.

* Back up important files and keep printed copies.

* Change passwords regularly and avoid those a hacker might easily guess.

Sources: Microsoft, CERT Coordination Center, QX.net and www.faqs.org

Recent attacks

Two computer worms and a virus have struck many computer users in recent weeks:

Microsoft blaster: A worm that caused personal computers to mysteriously restart and to flood a Microsoft Web site with messages to prevent the company from sending software patches that would stop the virus.

Welchia or Nachia: Based on blaster, this worm causes network slowdowns and other problems as infected systems barrage networks looking for unprotected computers that are vulnerable to infection.

Sobig.F: An e-mail virus that is spreading millions of bogus spam messages often aimed at the large computer systems of corporations, colleges and government agencies.

Caption:
MARK CORNELISON, STAFF - When the Fayette County school system's server crashed Tuesday, budget director Doug Marshall keyed in figures from a hard copy because the computer copy was destroyed, possibly by a virus.

Copyright (c) 2003 Lexington Herald-Leader
Record Number: 0308280067