Friday, January 23, 2009

Virus slows school district's computers

Technicians must detach each machine from network after suspected 'trojan' attack

Vancouver Sun: 2009 January 23
Tara Carman and Mary Frances Hill


The Vancouver school district's information technology staff is working overtime to repair the damage caused by a virus introduced into its computer system more than two weeks ago.

The virus hit the school district's system Jan. 6. It affected computers in school offices, slowing data entry for processes such as enrolment, school computer labs and library computers.

There are more than 10,000 computers in the district, each of which had to be shut down and disconnected from the network, then individually scanned and repaired if necessary, said Vancouver school board representative David Weir. He said he could not identify how many machines were infected.

The virus is not destructive, and all student and staff-related data is safe. The virus was replicating itself and causing computers to slow down, he said. "We know we were not targeted by hackers."

Weir said the business systems at schools, including the front-office systems, are all running. IT staff are now focusing on "curriculum sites" such as school computer labs, he said.

Because the process of scanning and repairing each computer is onerous, it is not possible to estimate how long it will take before the district's computer system is fully operational, Weir said.

Although Weir couldn't confirm the name of the virus, on a Point Grey secondary student online forum, students suspected the virus was Win32.Krap.b trojan, a bug that affects mostly Windows operating systems, shutting down computers as soon as users try to start them.

Alex Gondek, a Grade 9 Point Grey student who runs his own server and website, noted on his blog that his home personal computer system caught the virus. He used anti-virus software to remove it quickly, he wrote.

Mohammad Akis, security and privacy lead at Microsoft Canada, said there are three possible ways such a virus could have been introduced: someone on one of the district's computers could have downloaded an e-mail attachment containing a virus, visited a corrupt website, or a student or teacher may have been working at home on an infected computer and used a USB stick or other device to unknowingly transfer corrupt files onto a school machine. Once the virus enters a computer system, it can attach itself to e-mails and documents, Akis said.

Akis said if the virus in question was the identified by the Point Grey students, it is likely the work of a "script kiddie," an aspiring hacker who lacks the ability to write sophisticated programs capable of capturing data, but can use scripts or programs written by others to attack computer systems.