Virus attack hits Vista machines, cripples university network

Virus attack hits Vista machines, cripples university network

Summary: A massive virus attack has hit the University of Exeter resulting in the entire network being shut down both by the virus and the network staff in an attempt to protect the infrastructure.

SHARE:

A massive virus attack has hit the University of Exeter resulting in the entire network being shut down both by the virus and the network staff in an attempt to protect the infrastructure.

The virus hit the network on Monday and is still having major implications even now - two days later. According to the IT support email:

"...this is a completely new virus and we are the only organisation in the world to experience it. None of the mainstream virus software suppliers have seen this virus, and as such, there is no fix."

It's unclear if this virus is entirely unique, but it does highlight the challenges of security.

According to my source within the university, they are attempting to fix the issues with MS09-050, which details a vulnerability in Windows Vista (including SP1 and SP2), along with Windows Server 2008 (SP1 and SP2), which allows remote code execution.

The network status page for the university was updated earlier on today to state that the "virus is only prevalent in machines running Vista SP2", and as a result they brought the network offline to limit any further spread. They were also advising that anyone with a Vista machine, either a public machine or a laptop, should not connect to the network until further notice.

Since then, the status page now shows that certain areas of the network are now running and are slowly being brought online - but still avoiding machines which are susceptible to the exploit.

Internal network users would have had no access to the web or email, however off-campus users can now use the dedicated student portal, the Outlook Web Access email system and VPN capabilities. The virtual learning environment (VLE) was brought offline which means students and learners will have had no electronic access to their study materials. Even phone systems which rely on VoIP technology had been affected and were disconnected from the network.

Student residences and halls of residence are still currently offline but this will be one of the priorities, yet most of the network has now been restored. David Allen, registrar and deputy chief executive of the university, has assured students that any delay to handing in work will be treated sympathetically and will have "arranged short term extensions... as appropriate".

Other campuses of the university and connecting networks have been isolated, removing the branch office element and cutting campuses off from each other to limit further damage.

An internal email from the network security administration has been quoted as saying, "This is what happens when SUS [software update service] admins don't auto-approve", suggesting someone managing the network updates hadn't patched the exploitable computers with the appropriate fix, leading to this issue.

The virus is believed to have come from inside the network according to my source; whether via a student PC or a staff PC is not yet known. Other networks which connect to the Exeter network, such as external colleges and campuses have been patched and are "using nmap'ping the network for Vista machines to stop them accessing the network".

Whether anything was stolen or hacked as a result of this breach is unknown.

Vista has seemed to live to die another day, and maybe for Exeter, this day will be sooner rather than later. However, universities and institutions are stuck with Vista if they have already upgraded due to compatibility issues and the lack of support available now for XP. After the disruption caused to staff and students as a result of this breach, not to mention the money lost, I wouldn't blame them if they thought an immediate upgrade to Windows 7 or even another operating system would be a wise investment.

Topics: Windows, Microsoft, Networking, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

234 comments
Log in or register to join the discussion
  • So where did the Virus come from?...is what I want to know..

    ...if they are right in saying it's unique &
    came from within the Network it could well be a
    student.

    Is this another case of Admins not patching
    their networks when fixes are available?

    Also if it has come from within, will it spread
    to the outside world?

    Zach, are you going to keep this post updated if
    you find out more?

    - Jonny

    p.s. Anyone want to take a bet on how many
    Talkbacks it takes until the Vista/MS sucks at
    security flame war starts by someone with
    "Linux" in their username! I am Linux fan, but
    another flame war is just pointless!
    DevJonny
    • Amen

      Yeah! Help us out here! Help us avoid the problem!

      What antivirus were they using?
      Any kind of layered approach?
      What was their policy on antivirus?
      It's not effecting servers?
      Are the workstations university machines (pointing to poor IT policy)?
      Or is the problem student machines which are unmanaged?
      crowley3
      • re:Amen

        Those are great questions. But no IT department is going to give up the internal make up of their infrastructure. Most IT department do not report this type of attack(virus) because of the PR repercussions.

        Lets hope we can get some more info.

        PS. These type of attacks goes on a lot more than you care to know.

        ^o^
        <br>
        n0neXn0ne
    • Unfortunatly you were correct

      Go down to the fifth entry - Red Hat, bla bla bla
      eric_s9
    • Deleted

      take that back - wrong vuln.
      honeymonster
    • The Virus came from a software terrorist

      Time to start treating the retards as what they really are, nothing but stupid ignorant TERRORISTS.

      Shoot the subhumans in the head and put them out of Earths misery.
      Reality Bites
      • Or...

        Alternatively, perhaps it is time to classify Microsoft products as being a threat to National Security, lol.

        :-)

        Best wishes , G
        mrgoose
      • Six Posts to Terrorism?

        Oh, please! When you ascribe someting like this to "terrorism" you marginalize the true meaning of terrorism. Grow up!

        It took six comments before some chucklehead brings up terrorism. How many more before some idiot blames it on Socialism, "Obama-care" or the ghost of Hitler?
        GeneBuettner
        • Get a Clue

          So some retard deliberately brings down millions of computers world wide and chucklehead's like you want to hire them.

          It is terrorism in every way and until it is treated as such it WILL continue unabated.

          Just like it does now.
          Reality Bites
          • Nah, credit where credit is due...

            What about the shabby US software corporation that profits so greatly by consistently producing poor-quality, unreliable software, that can be hacked by any twelve-year old script kiddie with half a brain?

            The hard fact is that Microsoft and its rotten products represent a far greater threat to national security than all the terrorists in the world, all put together!

            If Obama ever decides he wants to bring down North Korea, then he does not need to trouble the US Army. All he needs to do is give Kim Jong-il a couple of million free copies of MS Vista and wait for a few months! lol :-)

            C'mon, seriously mate, everyone knows that Micro$haft software has more holes than a Swiss cheese! Fiascos such as this Exeter University affair will happen over and over and over again, until the computer-buying public finally realises it is being conned and stops buying Microsoft products.
            mrgoose
          • Just a thought...

            you're an Idiot...with a capital I...
            rmazzeo
          • No.

            You only need a capital letter if the word is a proper noun or if the word appears at the start of a sentence.
            mrgoose
          • Indeed, credit where credit is due...

            What about the shabby ZDNet Talkback posters who either don't bother to read the whole article or deliberately ignore the part about someone at the university failing to apply a patch that Microsoft provided. If MS already fixed the problem and you fail to apply the fix, the consequences are your fault, not Microsoft's.
            hungryjoe
          • And why are system admins reluctant to apply Microsoft patches immediately?

            The answer is that all-too-often these patches adversely affect the systems they are supposed to protect. It seems that the largest software corporation on the planet is still incapable of delivering updates of sufficient quality for users to be able to trust them.

            Of course, you must realise that the situation will only get worse? The attacks will become more frequent and more successful and sadly I suspect it may not be long before people actually do die as a result. For example, the French and German Governments have already warned against using Microsoft Internet Explorer following the Chinese/Google debacle last week.

            http://news.bbc.co.uk/1/hi/technology/8463516.stm

            http://news.bbc.co.uk/1/hi/technology/8465038.stm

            If the Chinese secret police were [i]really[/i] behind these attacks then the affected dissidents could be arrested, imprisoned or even tortured and executed, all thanks to those nice people at Redmond. And don't forget the code is out in the wild now, ready for a new bunch of hackers & chancers to do their worst.

            http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/

            Still, if you want to risk your security and continue paying this appalling corporation for products that are clearly unfit for the purpose, whilst making its senior executives even richer than they are already, then please be my guest. lol :-)

            As a matter of interest: do you have some vested interest in promoting Microsoft products? Are you an "IT consultant" or a reseller perhaps? Or have you just never bothered to try any of the alternatives?
            mrgoose
          • The US Army uses Vista dude

            They just finished migrating to Vista over the turn of the year because XP was too insecure and Vista was much more secure.

            744,000 PC's with Vista and Office 2007.

            http://arstechnica.com/microsoft/news/2009/05/us-army-to-adopt-vista-and-office-2007-by-end-of-2009.ars

            Nothing is "invulnerable" dude. MS stuff has "holes" because everyone an their mom creates the holes because Windows is like 95% of the computers. Who the heck wants to hack a mac and steal a bunch of artsey pictures or family photos?
            rasmasyean
          • The US Army uses Macs, too.

            http://www.forbes.com/2007/12/20/apple-army-hackers-
            tech-security-cx_ag_1221army.html


            "Apples For The Army
            Andy Greenberg , 12.21.07, 6:00 AM ET





            Given Apple's marketing toward the young and the trendy,
            you wouldn't expect the U.S. Army to be much of a customer.
            Lieutenant Colonel C.J. Wallington is hoping hackers won't
            expect it either.

            Wallington, a division chief in the Army's office of enterprise
            information systems, says the military is quietly working to
            integrate Macintosh computers into its systems to make
            them harder to hack. That's because fewer attacks have been
            designed to infiltrate Mac computers, and adding more Macs
            to the military's computer mix makes it tougher to
            destabilize a group of military computers with a single
            attack, Wallington says."
            Jkirk3279
          • Experiment not equals deployment

            744K Windows vs. 5 Macs is not a deployment. Besides, apparently, they decided against converting over to enterprise macs because that was in 2007!

            And that's not including the tablets they use in vehicles and robot teams. Not to meantion control stations for UAV's. Pretty much ALL wihdows. You can see it whenever they show those documentaries in discovery channel or write articles about the latest military gadgets and you get a glimps of the theme in the backgorund of the picture.
            rasmasyean
          • Nothing is "invulnerable" dude

            Right...

            We had our linux webserver attacked and shut down. You know what it's now a really good windows file server.

            Whats the point of passing jabs at each other.

            The university should have protected itself better. period.

            Vista isn't as bad as everyone says... Internet explorer/adobe pdf reader & flash player are mostly the problems.

            clean your computer, use a firewall/virus software update, update, update. sandbox your browser, don't open stupid emails. and, you should be fine.
            cad-man-06
      • terrorize the terrorists eh?

        terrorize the terrorists eh?
        DragonAX
        • Achmed the dead terrorist would beg to differ

          Just send Walter to deal with those darn terrorists
          x-windows user