UB's Computing and Information Technology (CIT) Help Desk issued a virus update to Flint Village residents via e-mail on Tuesday, Jan. 29. Many students experienced frequent pop-ups and Web browser issues as a result of the computer infection. A description of the virus and an up-to-date progress report are available in the notice.
CIT does not currently believe the newly created virus spread outside the apartment complex.
"We have 8,500 people that we are supporting, and the good news is because of the nature of the way our network is built like the water tight compartments of a ship this hasn't spread around to the other places," said CIT Director Richard Lesniak, Ph.D.
CIT is currently working to prevent further computer infection at Flint Village or to any other part of the ResNet network with the new developments, according to Lesniak.
Officials explain that there are different kinds of infection. There are computers that are actively spreading the virus and computers that are only exhibiting pop-ups, according to Mark Ferguson, CIT help desk manager.
"I would say that judging by people who have contacted the CIT Help Desk, we are estimating around 10 percent of machines (at Flint) were exhibiting symptoms, but a much smaller percentage of that was actually spreading the virus," Ferguson said.
The network security staff recently developed a method to pinpoint which computers are spreading the virus, according to Ferguson. These computers will be taken off the network to prevent further infection. Students whose computers are actively spreading the virus will be notified in person immediately.
"Our primary concern right now is actively taking people off the network. We will tell them they can't be back on the network until they get it fixed," Ferguson said.
CIT has applied this technology to the entire UB network.
"The fix that went in that automatically detects whether a machine has been infected with this virus has now been propagated throughout all of ResNet - which will help contain it," Lesniak said.
The virus has not been extricated from the network because of its innovative nature. Students may keep the virus off their personal computers, after removing it, by staying off the current network at Flint Village.
Lesniak also said that students should not use their computers anywhere else to ensure that they do not spread the virus.
"It's really important that someone we've told (that) we've shut off their network must not take that computer and use it someplace else or through their roommate's port or use it wirelessly," Lesniak said.
CIT emphasizes the persistent nature of the virus and insist on professional remediation.
"This is a very dangerous virus because it is not easy to get rid of. In fact, we bought a couple of CDs, the latest and greatest in spyware and antivirus tools, (and) the virus actually prevents any those from working. You can't even install them on your machine," Ferguson said.
A complete reformat of the hard disk and a master boot record may be necessary, according to Tuesday's CIT update.
"It's one of those things where you need to totally rebuild and that's why you need professional remediation - someone experienced with real virus removal just because it's that nasty," Ferguson said.
Ferguson compared the spread of a cyber virus to that of a human virus.
"We are dealing with people's personal properties. These are their personal computers. They are responsible for the maintenance...we want to indicate to people that they should take their computers to someone who they feel is competent. It's broken, we cannot just give you a shot and fix it - it's going to take a little bit more."
Students should also change any passwords they use online, Ferguson said.
"Due to the nature of this virus or any virus after you get your machine fixed, change passwords to your UBIT name, Facebooks, instant messengers and whatever you are accessing," Ferguson said.
CIT also advises UB students to use the tools provided by the University. Updated anti-virus and anti-spyware is a must despite the fact that the virus may evade and disable those precautionary tools, Lesniak said.
"It seems to be not prevented by anti-spyware. That is a major concern. But talking to UB Micro - what they have seen is people coming in with no antivirus installed or without antivirus updated," Lesniak said.
However, Frances Weaver, a junior speech and hearing major, had several security programs installed on her computer before her Internet began exhibiting symptoms as she was looking up an Italian word on an online dictionary. Her father, a computer programmer, always downloads updated versions of antivirus programs before she leaves for school, she said.
Lesniak and Ferguson explained that CIT is doing everything they can at the moment. Information about the virus is scarce because it is so new.
"It's been very difficult to understand. This particular infection is new," Lesniak said. "We have been dealing with our sources of information and the companies where we buy our antivirus products to figure out what is happening to us - they hadn't seen this thing before."
The origins of the virus are unknown so far in the investigation, according to the CIT officials. Only speculations are available at this time. Experts state it was most likely Web borne, from peer-to-peer sharing.
"Today it's downloading from this website, tomorrow it's downloading from the next website. We don't know which was the first computer," Ferguson said about the virus' unpredictable nature.
Further updates will be posted on the UBIT website at http://ubit.buffalo.edu/virus.
Photo: Courtesy of Laron Fomby
