IT dept contains Conficker virus

By Jeremy Thompson, Staff Writer

A highly infective computer virus that attacked the U last week has been contained.

The virus, known as the Conficker worm, implants itself into computers with compromised antivirus software, or those lacking proper patches to repel the worm, said Mindy Tueller, communications manager for the Office of Information Technology. Tueller explained that the worm then lies dormant on the computer until it is programed by an external source to activate, at which time it can be programed to do a variety of things.

The worm invaded computers on campus late last week, and affected University Health Science computers during the weekend. The worm was contained and eliminated by Sunday evening.

Chris Nelson, spokesman for U Health Sciences, said the worm had to be taken seriously because of its threat to personal data.

“This virus is dangerous because even machines that were patched with the most current updates were found to still contain the worm,” Nelson said. “This means that even after a machine was cleaned, the virus would reappear. So, as a precautionary step, the health science centers shut down access to external Internet pages for most of the day Friday in an attempt to isolate the worm.”

As of Monday afternoon, Nelson said the worm had been contained and removed, and the IT department was in the process of rechecking all computers to make sure the worm would not reappear. He said that on Monday, a few machines showed up with the worm, likely brought to the network by private users.

He explained that when the worm is detected on any computer, the computer is immediately quarantined and access is restricted to prevent the spread of the virus. Nelson said the network will be monitored carefully for the next month to ensure that the virus doesn’t return.

Nelson explained that as far as the U could tell, there was no risk to health care records or patient care records at the hospital. He said that he also didn’t think any personal data was compromised, including personal user information.

“We caught the worm so early that all data should be OK,” Nelson said. “I feel comfortable in saying that we stopped this worm before it compromised a large amount of data.”

Nelson said the U is unsure how the worm made it onto the U’s networks, but that a formal investigation is underway and should be finished later this week. The investigation will address how the worm got on campus, whether the response from the U was appropriate, and what steps must be taken to prevent it from happening again, said Nelson.

Friday, Tueller said they sent out an e-mail so people were aware of the danger.

“The important thing to note is to not panic,” Tueller said. “At the same time, this is a malicious threat that must be taken seriously.”

Campus authorities sent an e-mail Friday morning that was addressed to all campus members, stating that the worm presented “a serious concern that data may be compromised. This includes login and password information, patient data, student data, credit card numbers, etc.”

The e-mail encouraged all students to install up to date antivirus software, as well as security patches in an attempt to repel the worm.

Tueller said that if students are afraid that their computers might be infected, or have questions about the worm, they can contact the campus help desk at 801-581-4000. They can also follow the steps outlined in the e-mail to ensure that their personal machines are clean.

[email protected]u