<< Back to article Print this page Loading page, please wait...

Bagle bites deep at uni network

Michael Crawford (Computerworld)
30 July, 2004 08:12

When the Bagle virus struck at the University of NSW last week it was forced to pull infected PCs off the network.

An IT staff member at the university, which has more than 40,320 enrolled students over three campuses, said Bagle has wreaked havoc for the past two weeks.

The IT team has to take infected PCs off the network to return them to a clean bill of health, a task that took more than a week.

"Everyone's e-mails and address books have been thrashed," the staffer said.

"Staff on the network have received lots of e-mails saying they are undeliverable; more than 600 users have been directly hit and we have to take their PCs off the network to be cleaned."

Australian organizations have had to toughen up their defences to combat Bagle, which made McAfee's top 10 biggest malicious threats in 2004.

For example, local government councils have become hardened fortresses against the likes of rogue viruses, Trojans, worms and spam, with very few hit by the Bagle outbreak which resurfaced last week.

Most councils have adopted antivirus solutions but managing it is much harder in large educational institutions commonly seen as a breeding ground for virus traffic with so many users on the network engaging in activities like P2P file sharing.

Ballarat University senior IT security manager Jeff Dowsley is responsible for a network of around 2500 PCs and said the reason they remained relatively unharmed by the Bagle virus is that they run strict security protocols for students and staff. By using Novell the university has chosen security "by obscurity".

"The e-mail ran a bit slow [during the outbreak] but it was back to normal in a few hours," Dowsley said.

"We run a firewall for incoming mail, client-based e-mail scanning and have developed a policy of getting a strict regime for ensuring student PCs have up-to-date protection before allowing them behind the firewall.

"The best thing to do is to have two if not three antivirus systems in place from different vendors so 97 percent of everything can be captured."

Meanwhile, Netcraft has warned of a surge in Internet scanning activity in the past week, which could indicate a fresh wave of attacks on e-commerce servers.

The vendor has detected a surge in scans of port 443, used by Secure Sockets Layer (SSL), a technology designed for securely transmitting financial data such as e-commerce transactions.

The last time Netcraft observed similar activity was in April, shortly before a wave of attacks on SSL servers that included the compromise of some major e-commerce sites.

Attackers used a flaw in Microsoft's implementation of SSL to install malicious code known as "Scob" or "Download.ject" on servers, which in turn implanted a Trojan horse on vulnerable PCs.

(With Matthew Broersma.)