With Wednesday marking one week since the infamous computer virus Conficker was scheduled to activate, technology experts on campus are pushing continued vigilance by students, staff and faculty to keep University of Wisconsin networks safe from infection.
Conficker, a sophisticated computer worm experts estimate has infected millions of Microsoft Windows-running computers across the United States, was scheduled to “call home” April 1 for instructions. With the capability to connect all of the computers it had infected, some feared the day would be catastrophic.
However, the danger never materialized, although some believe the virus still has plans in store.
“This is a very well-engineered piece of software that has some very sophisticated capabilities. [A] historical point is that all really good pieces of malicious software have a long life,” Paul Barford, computer science professor, said. “This one probably will as well, so there is no reason to believe it is gone or going to quickly diminish because of its risk.”
UW Chief Information Security Officer Jim Lowe said DoIT took a proactive approach on campus in preventing widespread infection by Conficker, which he said originally came to their attention in October 2008.
Lowe said DoIT scanned as much of the network as possible, including academic departments and residence hall computers, and eventually concluded there had been little infection by the virus.
He added that maintaining patches issued by Windows on university computers and encouraging students to make use of the free anti-virus software DoIT offers made this minimal effect possible.
“For this particular thing, we seem to be in pretty good shape, but there is always the next thing around the corner. If you follow [the steps for prevention] we have outlined on our website … then in general, when things like this come up, you should be in good shape and you shouldn’t have to worry about it,” Lowe said.
Barford said while DoIT did an effective job in preventing infection on UW equipment, personal computers still remain a threat.
“Who knows what the effects on student systems were,” Barford said. “DoIT doesn’t control every computer that uses the campus network. Students need to be aware this is a very malicious system … and those who haven’t updated are going to be vulnerable.”
He said computers still infected can act as launching points for further malicious activity, which could be extremely dangerous if the controllers of Conficker decide to go forward with an attack.
While Barford said a very capable virus-fighting team protects UW, he said students and the greater U.S. can only expect to be faced with even more powerful viruses in the coming years.
“It is a great example of what we can expect in the future, which are very carefully engineered pieces of malicious software … that can spread widely and evade security measures,” Barford said.
Students interested in testing their system for an infection are invited to visit the DoIT site at http://www.doit.wisc.edu/.