Basic understanding of computer worms and viruses
Have you ever wondered what people mean when they talk about computer viruses and computer worms?
Recently there have been multiple computer worms and viruses hit the Internet. Companies and school systems around the world spent large amounts of money defending themselves against these events. On the heels of these attacks, it is important for Tuscaloosa County School System employees to understand the basics of these dangerous phenomenons.
Computer viruses are programs designed to spread themselves to multiple files and applications on a single computer. A computer virus does not intentionally try to spread itself from one computer to another. In most cases, that’s where humans come in. Viruses are usually spread by users sending e-mail attachments, trading programs on CDs or diskettes, or copying files to file servers.
A computer worm, on the other hand, is a program that replicates itself over a computer network and usually performs malicious actions, such as deleting files or shutting down the system. The primary difference between a computer virus and a computer worm is that a computer worm does not need human intervention in order to spread itself. Worms usually exploit some type of computer system vulnerability in order to reproduce.
Tuscaloosa County School System protects the network from computer viruses and worms by implementing multiple layers of network and system protection.
Our firewalls, intrusion detection and antivirus systems protect the network from thousands of attacks each day, however, even the best defenses are subject to compromise. This month, the following attacks infiltrated the Tuscaloosa County School System network:
·  The WelchiA32 virus entered the network via e-mail. This worm spawn to Windows XP and 2000 workstations that did not have updated security patches installed and eventually shut all Internet access down. This incident has taken over 160 man-hours to resolve and cost the district approximately $5000.00.
·  The SoBig.F virus entered the network via e-mail. This worm generated thousands of emails that were eventually trapped by the email anti-virus server. The district suffered a slow down with all email access during this outbreak.
Although these incidents had impact on our technology infrastructure, they could have been much worse.
To help the district minimize the spread of computer worms and viruses, be sure to follow these recommended guidelines:
·  Use caution when opening e-mails and attachments from known and unknown sources. Never open any e-mail or attachment from someone you don’t know. Also, use caution when opening e-mails from friends and coworkers. Some people think opening e-mail won’t hurt as long as they don’t open the attachment, but this is not always true. Viruses and worms can hide in the signature file of an e-mail and execute code when the e-mail is opened.
·  Exercise caution in downloading files. If you download files from the Internet, be certain you are downloading the files from a reputable source. Downloaded files or programs that are not approved cannot only introduce a worm or virus into our network, but can also damage the computer workstation.
·  If you transfer files from home to work, you should have current Antivirus software installed on your home or laptop computer with updated virus definitions. Copying files from home computers to Tuscaloosa County School System network drives or even sending Tuscaloosa County School System e-mails from home computers can introduce a virus or worm into the company network. For more information on how you can get antivirus software for home, visit the Symantec web site. http://www.symantec.com/
·  Watch out for hoaxes. While all e-mail virus alerts should be treated seriously, most messages circulating on the Internet involve hoax viruses that don’t exist. Always check the validity of a particular virus alert before forwarding warnings to friends and coworkers. You can verify this information from the links section on the Tuscaloosa County web site at www.tcss.net click on the Symantec Virus Database, to look up the name of the virus.
·  Verify that you have a current version of the anti-virus software. By clicking on the gold shield at the bottom of your windows start bar or going to start, programs and selecting Symantec Norton Anti-Virus. You can open the virus protection software by clicking on the icon. Be sure to look at the program version and virus definition file date. All computers should be running version 7.6 or higher with a virus definition date that should be in the same current month or not less than two weeks old. If you are not sure that your equipment is protected, please contact your local school technology coordinator or the TCSS Technology department at 342-2753, 342-2759.