Business-like, isn't he?



Business in Vancouver logo

    Lessons from another malware meltdown

    by  Alan Zisman (c) 2009 First published in Business in Vancouver January 27-February 2, 2009; issue 1005

    High Tech Office column

    At the foot of this column, there’s a tagline reading: “Alan Zisman is a Vancouver educator and computer specialist.” Really that means I teach and manage a computer lab in an east Vancouver elementary school.

    For the past two weeks, my job has been made harder because some network servers and some workstations within the Vancouver school system have been among the millions of other Windows systems worldwide successfully attacked by malware. The school district IT department shut down infected servers and sent memos out to all schools requesting that all Windows systems be shut down until technicians could check each one individually ensuring that it was uninfected and protected. As I write, online services and most school offices and libraries are back up and running, but it will take time to get to all of the systems in classrooms and in labs like mine.

    The Vancouver school system is far from alone. As I write in mid-January, the estimated number of computers infected with what is called Downadup, Kido or Conficker has grown daily, rising over a four-day period to 8.9 million from 2.4 million, according to Finnish security experts F-Secure. The British navy has reported problems with computer systems on some warships.

    The disturbing thing is that the vulnerability to Downadup attacks has been known for months. Microsoft released a patch last October in an unusual “out of cycle” security update. Since then, about two-thirds of all Windows systems have installed the patch and are not susceptible to the attack. But that leaves millions of vulnerable home and business systems.

    Unpatched servers and workstations behind a firewall are not safe. It’s too easy for a laptop to be infected while on the road and then be brought in, spreading the worm within the firewall. And Downadup can even spread via USB flash drives, which again often travel in and out of a firewall’s security zone.

    Perhaps because it has been several years since Blaster and other pandemic malware attacks, users (and system administrators) have become complacent. Some organizations have policies requiring the testing of security patches before applying them widely. That’s a good idea in theory, but it leaves large numbers of systems unpatched for extended periods.

    One infected system within a network spreads the infection to other unpatched systems. Infected systems are hooked into botnets, serving up mass amounts of spam e-mail messages. An estimated 90% of all spam comes from such botnets.

    When a server is infected, users might be unable to log in to active directory accounts; users on infected workstations might be unable to browse to common security company websites. Infected systems busy sending out mass spam mailings may seem more sluggish than usual, especially online.

    Even if you don’t see those symptoms, don’t assume your Windows system is free of this infection.

    Microsoft’s malicious software removal tool (updated each month – will scan for it, cleaning it off if necessary. Symantec (of Norton Antivirus fame) also has a free downloadable utility to check for and remove it – Google “Downadup Symantec.” Afterward, make sure that Windows is set to download and install updates automatically and that you’re running antivirus and antispyware utilities and that these are regularly updated.

    Users of alternatives to Windows – Mac and Linux, for instance – are too polite to be gloating over this.
    While I’m waiting for IT technicians to check the Windows systems in my computer lab, I’m booting some to Ubuntu CDs; this Linux-based, non-Windows operating system can run without installing anything on my hard drives, letting users access the Internet and run the very capable OpenOffice application suite while being invulnerable to Downadup and other malware targeting Windows systems.

    I’m going to investigate whether it makes sense to move in this direction permanently. It might make sense for my organization – and yours – to ask the same question. •

    Alan Zisman is a Vancouver educator and computer specialist. He can be reached at His column appears weekly.

Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan
Search WWW Search