Dozens of students lined up in the O’Connor Campus Center computer lab on Thursday, September 2nd waiting for SOURCe to work on their computer. Their problem? A virus called W32/Sdbot.worm. Learn more about this virus by reading the McAfee brief found online: http://vil.nai.com/vil/content/v_100454.htm
Why did student computers get infected? Because they had accounts on their computer with no password or weak (easily hacked) passwords.
How could this be (you ask) if students have installed the ePO Agent and are running up to date antivirus software? The reason is password protection. This particular virus, first discovered in February of 2002 in Russia, has continued to makes its rounds on the Internet through more than 4,000 known variants. The staying power of this worm is due to the fact that computer users continue to leave their systems vulnerable. This worm propagates in many ways.
What we’re seeing at Colgate is propagation through accounts with no password or an easily hacked password. What kind of account? Here’s what SOURCe reported finding on Colgate student computers infected with this virus:
An account called “Administrator” or “Guest” and the password is blank — you just hit return and you get into your computer. If you can do that on your computer, then you are either already infected or vulnerable!
An account that mom or dad or a sibling or friend used over the summer and the password is blank or weak (refer to SOURCe guidelines on using strong passwords).
What should students do? Use strong passwords — make sure every account on your computer has a strong password associated with it. No matter what ITS or SOURCe or anyone else at Colgate does to try to protect you, you must make sure you protect yourself.
Learn more about this and other vulnerabilities by visiting the Student Technologies tab on the Colgate University Portal (my.colgate.edu). The SOURCe sub tab provides information about protecting your computer.