Skip to comments.Virus has had Vancouver school computers down for three weeks - so far
Posted on 02/01/2009 11:42:01 PM PST by Swordmaker
Three weeks after a virus infected computers across the Vancouver school district, information technology staff are being forced to attend to thousands of computers individually - and still have a long way to go before the system is running efficiently.
The virus hit most computers in the school district on January 7. Since the virus replicates itself from one computer to the next, staff were instructed to shut down every computer in the school district.
"My understanding is we weren't the only ones to get it," said Vancouver School Board chair Patti Bacchus, who acknowledged repairs have taken much longer than expected.
"Getting IT workers from school to school has been a slogging process."
VSB spokesman David Weir said he doesn't know how many tech workers are working on the problem.
There are more than 10,000 computers in the district, each of which had to be shut down and disconnected from the network, then individually scanned and repaired if necessary, said Weir.
An online student forum by Point Grey secondary students identified the virus as Win32.Krap.b trojan, a bug that affects mostly Windows operating systems, shutting down computers as soon as users try to start them.
Noel MacDonald, a Westside parent of an 11-year-old who attends Bayview elementary school, said many computers in his son's school have been marked with a red dot, signifying that the machine is so old it wouldn't be able to withstand the anti-virus program.
MacDonald said the school's Parent Advisory Council had paid for a computer lab with Macintosh machines, which haven't been affected.
Mohammad Akif, security and privacy lead at Microsoft Canada, told the Vancouver Sun someone on one of the district's computers could have downloaded an e-mail attachment containing a virus, visited a corrupt website, or used a USB stick and unknowingly transferred corrupt files from a home to school machine. Once the virus enters a computer system, it can attach itself to e-mails and documents, Akif said.
"The teachers are really upset about it," said Anna Ward, a grade 12 student at Lord Byng secondary school.
Ward and her fellow students are expecting mid-term exams soon, and she said there's little information on how they'll receive them.
While many computers are now working at Lord Byng, so many learning resources are kept within the computer system that instructors have found it difficult to work.
"It's really affected the teachers, who have to do everything at home. They couldn't record any marks or attendance," said Ward.
Weir said all student and staff-related data is safe, and IT staff focused their first efforts on sites related to the curriculum, such as school computer labs.
If you want on or off the Mac Ping List, Freepmail me.
Win32.Krap.b — what an appropriate name.
“Noel MacDonald, a Westside parent of an 11-year-old who attends Bayview elementary school, said many computers in his son’s school have been marked with a red dot, signifying that the machine is so old it wouldn’t be able to withstand the anti-virus program.”
So, they’re more than two years old and they’re trying to install McAfee products on them, then? :P
See! Even virus-writers don’t support Macs!
It’s not for lack of trying.
And the whole “there’s not enough Macs for them to go after” argument doesn’t work when people are writing viruses for cell phone operating systems with less than 200,000 possible victims. There are millions of Macs running OS X today.
As of yet, no successful OS X virus has ever been found in the wild. (Social engineering exploits do not count against ANY platform IMHO as the only OS that they need to succeed is the several million year old one between people’s ears.)
**** iSnob PING!!!! ****
I find such news entertaining....better that 'Everybody Loves Raymond' and 'Lost' combined..... heheheehehe.
Looks like MS IE (plug-ins) is most susceptible for the trojan which is very malicious but doesn't seem to induce a high security risk:
Snippet and link to article if anyone is interested showing details for the bug:
o Submission received: 16 December 2008, 19:46:39
o Processing time: 5 min 38 sec
o Submitted sample:
+ File MD5: 0xDAD2CCF6919B794797B7E9C484A89A56
+ Filesize: 165,539 bytes
# Trojan.Packed.NsAnti [Symantec]
# Packed.Win32.Krap.b [Kaspersky Lab]
# Generic PWS.ak [McAfee]
# Mal/Frethog-B [Sophos]
# PWS:Win32/Frethog.AJ [Microsoft]
# Trojan.Crypt.XPACK [Ikarus]
* Summary of the findings:
What's been found:
Downloads/requests other files from Internet. Modifies some system settings that may have negative impact on overall system security state.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.............
One of my favorite notations on helpdesk reports: PEBCAK.
Problem Exists Between Chair And Keyboard.
Or even better, if they were running Ubuntu - it’s free and like Macs, no anti-virus is required.
And it’s free!
Or PICNIC “Problem In Chair, Not In Computer”. Heh.
I love Linux. Linux would’ve avoided this as well as a Mac, for no cost but those “IT” guys.
“Mohammad Akif, security and privacy lead at Microsoft Canada...”
And they’re wondering how the problem originated...
You don’t need a Mac. Just load Linux.
In that case Linux is the answer.
Linux would run great on those older boxes. They wouldn’t even need to upgrade the hardware in most cases. A simple, inexpensive solution.
A locked-down computer with automatic updates installed shouldn't need anti-virus software.
If they were all booting off a standard configuration, and if they didn't have local access to hardware [e.g. no ability to boot to floppy or boot to cd-rom] and if they had Active Directory [or Novell Directory Services] policies which locked down the access to the innards of the box, then none of this stuff could happen.
The very fact that staff had to physically visit each and every computer [instead of being able to remote-reinstall each computer] indicates to me that this was a haphazard, slipshod environment where a catastrophe was just waiting to happen.
Actually, from the virus info posted on this thread it sounds like Windows machines would be safe if running Firefox.
The problem is that the IT people in the school system are unionized, so even if the “educators” knew how to scrub them the work rules prohibit them from doing so. Ditto for the students- the union would be up in arms if they showed the students how to fix the problem.
You've described most school board computer networks to a tee.
My local school system has 30,00 networked windows computers, and none of them runs with supervisor priveleges. You can't install anything.
30,00 = 30,000
Sorry to hear that.....unions are counterproductive for a country’s prosperity....they once had their place to protect workers, now it’s about politics and a cash cow from dues to donate to socialist candidates and support the union bosses.
But since it's not their money . . .
“A locked-down computer with automatic updates installed shouldn’t need anti-virus software.”
Unfortunately, this is NOT true if the computer is running Windows and Microsoft’s Internet Explorer. You can be fully up to date and still be exploited by a rogue ad on a normally trustworthy web page.
Been there, done that.
Yeah, the school system I work for doesn’t allow students or teachers to run executables. Which can be somewhat amusing if someone brings in a Sandisk thumb drive.
Cue the WinTards.
“But I can build a Windows Pee C for $122.35 from scraps of baling wire and duct tape. And I’ve never had any problems! Windows Rox!”
That's okay. The Windows System User will still run them.
I haven’t been in a school for a couple of years, but last time I checked each high school kid gets a bit of personal space on the server for documents. Homework is carried on floppy disks. Anyone bring in documents on non-standard media takes it to the Library (media center) for conversion to floppy disk.
Any project needing some special operating system or feature is done on an off-line computer. Any computer getting hosed by accident or vandalism gets re-imaged.
Of course, that assumes every machine will be connected to a fast network, but that's the case in most schools nowadays. And it would have intentional limitations (no local file storage, no installing of executables) that I wouldn't want in a home computer, but that are appropriate in a school environment.
The way I see it, in marketplace terms, Mac OS and Linux are allies. Anyone who chooses Linux benefits the Mac, and vise versa, by weakening the hegemony of Windows. Microsoft has maintained its market share largely through FUD, and anyone who switches -- no matter what they switch to -- weakens Windows and opens up more opportunities for all the alternatives. Opportunities the alternative OSes in days of yore like Amiga, Be, OS/2, DRDOS and NextStep never got.
I don't expect to see a world in which the Mac occupies the place once held by Windows, but a world in which no one does; where documents and Web pages are built to open standards, and any OS can play. We're a lot closer to that than we were ten years ago.
I’d replace the floppies with flash drives, but otherwise that model makes a lot of sense.
I dunno - it's been years since I've heard of any remote [& non-priveleged] rootings which weren't already covered by a Microsoft update.
Our security consists of a firewall and all users running in normal mode [NOT Administrator mode], and we've never had any worms or viruses in ten years now.
Of course, if you allow your users to run their systems in Administrator mode, then all bets are off - there's absolutely nothing whatsoever that can be done to stop a determined virus/worm when it comes in contact with a technically illiterate user running his system in Administrator mode.
But my experience has been that as long as you keep your users in User mode, then there's really not all that much to worry about.
Yes, if one has access to the command prompt and permission to run the AT command.
Those permissions are denied to end users on our domain.
We allow flash drives, but have filters set on the file server when it comes to data storage.
That's assuming that Windows works the way that Microsoft says it does.
Granted, most users don't have the know-how to work their way around such restrictions.
That's okay, the worm writers do.
The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft Corp.'s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.
Here, let me bring you up to date:
That one’s only two years old.
This is the biggest worm attack for years, and in theory could hit 350 million PCs or thereabouts. However, in spite of this “amazing” worm “skyrocketing,” F-Secure says: “Downadup infections appear to have peaked during the week.” Its latest reported estimate is only 15 million, which is not all that impressive for something that was first seen last November, and should be able to double every day.
Maybe the next version(s) will do better. But let's hope not.
Of course, there's no real reason why anyone should have Downadup/Conflickr: Microsoft patched that security hole last October with Microsoft Security Update MS08-067 (KB958644), and on October 25, I posted Microsoft releases critical patch, extra to Windows update to tell you to install it. I'm sure there are a few unlucky souls among the estimated 15m victims, but I suspect most have got Downadup/Conflickr because they are too lazy or too dim to install Windows Updates, or they're running pirated copies of Windows.
I just grabbed the first one on Google. There were so many to choose from.
Here then, here's one from December.
“Users of Windows Vista and Server 2008 can breathe easy as those packages are unaffected by the flaw. XP - running SP3 - is also clear of trouble.”
So the bottom line is that people who are running pirated versions of Windows that are not updated run some risk. OK.
Or perhaps it's because previous updates have hosed their computers (see post #30 above) or because something they installed happened to uninstall the patch.
Oh wait, that could never happen!
Er, well...maybe it could, since it's happened before.
And those users that have installed the SP blocker built by Microsoft to get around all the problems associated with SP3.
If you browse the internet of open email without having security updates and without having a virus scanner, you should probably be doing something else with your time.
There is another free and relatively painless preventive, which I use with my business clients.
I do occasional backups of System State. It takes about two minutes and can be scheduled.
Restoring System State after a virus attack takes about ten minutes — including a reboot and reinstallation of updates.
I recovered four machines by this procedure. It’s a lot less painful than tracking down spyware removers, and a lot faster than reformatting. Unfortunately I need tricks like this, because the companies I work with do not restrict internet access, and given enough users, some will install almost anything.
Or you could just run an operating system that isn't a cheap whore for every virus, worm and other bit of malware around.
I recovered four machines by this procedure.
Well, you hope so.
The problem with "restoring" owned machines is that you can't ever be sure that you got everything.
Security best practice for a compromised machine is format and re-install from known, clean media.
Unfortunately I need tricks like this, because the companies I work with do not restrict internet access, and given enough users, some will install almost anything.
No, the unfortunate part is that you think this kind of thing is necessary.
Simple solution: just stick with notebook paper and pencil. Never fails.
Old school prevails!
If Mac ever does they'd end up being as lazy & bloated as MSFT.
I don't :-)
OK, I'm pretty good about security updates.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.