January 2004: Student Computer "Hijacking" and Computer Protection

This message has important information on how to secure your computer from attacks--and being used to attack other computers on campus and elsewhere on the Internet--and how Information Technology Services secures the network while preserving individual rights to privacy.

During the past year, many security weaknesses in the Microsoft Windows operating system have been discovered and Microsoft regularly issues critical updates to correct these problems.

Computers that have not had these updates installed are vulnerable to attack, which can result not only in damage but also to rogue software being installed to make further attacks elsewhere and to carry out undesirable or illegal activity on the infected computer.

If you do not regularly (at least once a week) check for and install critical updates being released by Microsoft, your computer is vulnerable to attack and potentially even more unpleasant consequences.

Recently, student computers at Colby infected with IRC Server and/or Sub Seven Trojan software are reported to have launched attacks on computers all over the world.

Network use patterns on the Colby campus right now indicate at least a dozen student computers have IRC Server running on them, most likely without the knowledge of the owner.

ITS is concerned about the vulnerability of students with these compromised computers regarding the possibly illegal content that is being distributed from them and with the attacks on other computers that may be originating from them, both on and off campus.

What Windows (and Mac) Computer Owners MUST DO to protect yourself and others:
1. Windows computer owners: Check the Microsoft web site weekly and install the critical Windows security updates  see instructions at http://www.microsoft.com/security/protect/default.asp
2. Windows and Mac computer owners: License an anti-virus program AND an update service contract. For more info see http://www.colby.edu/its/viruses
3. Windows and Mac computer owners: Set strong passwords to log onto your computer, using the guidelines at http://www.colby.edu/info.tech/viruses/tips.html If you have not set a password, it is very easy for you AND ANYONE ELSE to gain full control of your computer.
4. Windows and Mac computer owners Avoid low-power (energy conserving) sleep mode -- turn your computer off (or use Suspend or Hibernate) when not using it to conserve even more energy and make the computer unavailable for attack. Be alert for signs of infection, such as slow performance or unusual hard drive activity (constant noise, even when you're not using it).
5. Always backup important documents. Don't risk the loss of your senior thesis, major research paper, etc. Copy your working documents to a Zip disk or CD. This is important for lots of reasons.

In most cases, the staff of ITS, including Student Computer Services, will not fix the infected computer; the owner must make the repairs or take it to a local repair shop. For a list of vendors see http://www.colby.edu/info.tech/helpdesk/local_vendors.html

Questions? Contact Student Computer Services at x4224.

What ITS is Doing and Why Your Network Connection May Suddenly Stop Working

Under the Colby Code of Ethics for Information Technology, ITS manages the network in a way that ensures its availability and reliability but does not track individuals activities or the content of communication unless a computer is originating attacks or otherwise disrupting security on the network. When network monitoring indicates activity that puts computers in jeopardy, ITS will take the following steps:

1. Block network access by the infected computer if it poses a threat to the network or other computers on it.
2. Notify the student that her/his computer may have been compromised and is blocked from using the network until cleaned of rogue software.
3. Provide the student, when appropriate, with removal instructions. Typically, the student is referred to local vendors for fee-based repair services.
4. Network access is restored after assurance that the computer has been cleaned of infections.

In such instances, the actions of ITS are not meant to be punitive or accusative but to protect both the computer owner and others on the network.

Because of the dangerous nature of the content that might be distributed from an uncontrolled server, if it is not possible to remove the application immediately, notified students should unplug the computer from the network until it can be cleaned.

Please check out the ITS website: http://www.colby.edu/info.tech/ if you have questions about any ITS policies.

Don't wait for a notice to be received from ITS that your computer has been compromised and is attacking computers elsewhere. The damage may already have been done. Apply the new critical updates regularly and maintain your anti-virus software.

Ray Phillips
Dir. of Information Technology Services