 |
||||
|
||||
| CUIT News | | | | |
|
||||
|
||||
|
||||
|
Uninvited Guests: Watching out for Internet Invaders22 Jun 06
Major computer threats on the Internet today include worms and viruses that can covertly install software on a vulnerable computer and turn it into what is known in the IT world as a "zombie." Such a computer functions under the control of malicious hackers who implant software that runs automatically and repetitively—all without the knowledge of the computer’s owner. This uninvited software, called a “bot” (short for robot), gives the hacker the ability to destroy the computer’s files, send spam, collect keystrokes as they are typed into the computer, and scan for other computers to infect. Much of this activity is now a major underground commercial enterprise. The hackers’ business model typically involves creating a huge army—sometimes up to one million machines—of infiltrated computers (“botted zombies”) and then renting them out. Sometimes, this network of computers is hired by other lawbreakers to send out spam, attack a web site or just collect private information—such as social security and credit card numbers, bank accounts and PINs. If your computer is not adequately protected, it could be taken over in this way and you probably wouldn’t even know it. What Can Be Done to Protect My Computer?The best way to avoid being a victim of such an enterprise is to take steps to secure your own desktop computer. See below, CUIT Security, for safe computing guidelines. In addition, to help protect Columbia’s network of users and resources, CUIT has developed a system to detect botted computers and to remove them from the network. We do this by looking only at a computer's behavior—the amount and pattern of its network traffic. We do not examine the content of the traffic or scan computers. But we can identify such compromised computers at Columbia by the scans they run in an attempt to infect other machines, the specific network communication channels (ports) they use, and the existence of traffic to and from other known bot sites.Our detection system, PAIRS (Point-of-contact Automated Incident Response System) combines detection and notification. We have run PAIRS in one form or another for well over a year, and it has helped limit the number of compromised machines on campus. When PAIRS detects that a Columbia computer has been taken over by an outside source, it either notifies the system administrator responsible for the machine or immediately takes the computer off the CU network. What Happens if My Computer is Taken off the Network?Your applications that rely on the network will no longer work. To fix the problem you will need to completely reformat your computer’s hard drive. To do this, try to open your browser and you will be directed to a help page with reformatting instructions. When you have finished, you will be able to access the network again. Connecting your computer back to the network is the fastest way of finding out if you have truly fixed the problem. Our PAIRS system will quickly detect your computer again if the problem has not been fixed. If you are unable to open your browser or if you need assistance with the reformatting process, contact the CUIT Support Center (see below).Sometimes, a program that you are using (for example, to scan for open, shared folders) makes your computer look as if it has been compromised. Since scanning the network is against the University Computing, Network and Information Policies (see below), you will need to stop using the program in order to maintain your network connection. We understand that it is time-consuming and inconvenient to have to reformat your computer if it has been taken over, but this is the only certain way CUIT can protect the entire Columbia network and its users. Again, to protect your own computer, please follow the University’s safe computing guidelines and policies. See below for more information. Joel Rosenblatt Network Security |
| |
|