ITS combats Malware with system upgrades

Septembre Russell
Copy editor

“If you know where to go on the Internet, you can buy Social Security numbers and credit card numbers,” Chief Technology Officer Irv Wiswall said.
Before 2001, viruses were produced because their creators wanted to prove their ability and for bragging rights, Wiswall said. However, a shift occurred in the purpose for creating viruses after that year.
“The motivation is now money, which is a bigger motivation than bragging rights, and [virus production] is also proving successful as a money maker,” Wiswall said.
Today there are more people manufacturing viruses, he said. Because the primary incentive is money, the sophistication of the viruses is dramatically increasing. Different categories of viruses exist, such as Worms, Trojans and keystroke loggers, but they are collectively referred to as Malware.
“The Malware is getting better and better at how it works and not interfering with the operation of the computer,” Wiswall said.
A common Malware tool is what is called a Botnet, which is a shortened term for Robot Network. A Botnet is a piece of Malware that finds its way into a computer and assumes central control of one entity, Wiswall said. The common use for Botnet’s is for spam hosting. A Botnet herder, the person facilitating the Botnet, rents his or her services to spammers and sends spam to the computers under their control. The Bot herder profits a few cents for each message he or she sends, and should a computer become infected, he or she uses that computer to amass millions of dollars as thousands of messages are sent to thousands of computers.
“If they have a really good thing running on your computer, you’ll never notice,” Wiswall said. “Unfortunately, or fortunately, depending on how you look at it, [Malware] often times doesn’t work quite the way the author intended, and it causes problems on your computer, you notice and you bring it to ITS and we help you deal with it.”
A particularly dangerous and common occurrence is Malware recording a person’s activities on his or her computer and then analyzing the results and reporting that information back to a central server, Wiswall said.
“And then they’re sold in bundles,” Assistant Director of ITS Michael Blanco said.
Victims of identity theft more than likely had Malware tracking their Internet activities, Wiswall said. It is possible that a keystroke logger may have been installed onto a computer and watched for patterns that correspond with names, Social Security and credit card numbers.
“It’s astonishing, the things that people are thinking about that are taking advantage of your behavior,” Wiswall said. “They’re using social engineering, which has become a major component of all these things, to invite people to infect
themselves.”
Pop-ups are a popular method by which Malware is welcomed in to the computer, and it happens frequently because they are an accepted form of advertising on the Internet, but sometimes pop-ups are not. Sometimes pop-ups are Malware waiting for someone to click on it, Blanco said.
“In September, when the school season was starting, [there] was a pop-up that warned people that they had done something and their computer was infected; if they clicked on it they’d just infected their machine because that [pop-up] was the infector,” Blanco said.
ITS became efficient at purging the Malware from campus computers, Blanco said, but by spring the program changed.
“It morphed and looked much more official,” Blanco said. “If you would click the little ‘X’ button to kill it, they’d switched it so the ‘X’ button installed it.”
The three most commonly affected areas among the Internet are pornography, gambling and kids’ gaming Web sites, Blanco said. Also susceptible to Malware infection is peer-to-peer file sharing, Wiswall said. When you’re sharing music,
usually in violation of copyright laws, Malware is often placed there. Downloading songs can invite Malware in, he said.
“The virus advancement does not affect Clean Access; this horror story is the reason we have Clean
Access,” Wiswall said. “While it doesn’t protect against people inviting Malware in, it does protect against other important methods of transmission. What Clean Access is doing is insisting that people’s computers be as up-to-date as possible.”
During January Term, the overall security model was upgraded on the computers within the labs managed by ITS, which include both Renshaw Hall labs and the lab inside of Miller Fine Arts Center, Wiswall said.
“The basic change we made is that when a student logs in they are just a user,” Blanco said. “They have a lower permissions level, which means certain key areas of the operating system are off-limits to them, and therefore if they click on something, [Malware] will have a much more difficult time deploying its payload because it can’t get to the places it wants to go.”
As security goes up, ease of usability goes down, Blanco said.
“Finding [a] balance point was difficult,” he said.
Before the upgrades, he said the software on the computers removed any changes made so that if someone accidentally infected the computer, the infection would be removed as well.
“We had to open up certain aspects of the machine so that people could do things they wanted and [that] we needed to do, like Windows updates and anti-virus updates,” Blanco said.
He said he believes usability has improved since the upgrades were
completed.
“From what we’ve seen, the machines have been running better overall,” Blanco said.

Leave a comment

Your email address will not be published.

*