University student Mike Coe was logged onto AOL Instant Messenger Wednesday when a message with a link popped up from one of his buddies, reading “LOL, ha, check this out.”
Not a big deal, except after clicking the link, his computer has been rendered virtually useless.
Students like Coe have fallen victim to what the Office of Information Technology says is the worst computer virus infection outbreak in several years. The office has gotten 120 reports recently of a bot infecting residence hall computers on the campus network through AIM, said Gerry Sneeringer, information technology security officer. Bots infect computers and allow hackers access to infected computers.
The current infection is from a family of bots known as SDbot and is sent through AIM. Messages are accompanied by a link that seems to be a picture.
“If you’re not thinking, you can click on it and before you know it, you’re bitten,” said Sneeringer.
The messages and link seem innocent because they are sent from a screen name on the victim’s buddy list, Sneeringer said. The bot then causes a victim’s AIM to send the worm to people on his or her buddy list. Coe, a senior English major, said several of his friends received the link from his screen name, prompting them to inquire about the link or request he take them off his buddy list.
Technology officials will send a message in the next several days to the student body urging them to verify each AIM link received was actually sent from a friend. Students who do not verify with their buddy before clicking the link could be in for trouble, Sneeringer said. Bots seek out programs, generate spam and can spread to computers across a network.
“Essentially, it’s a computer worm that has a number of features built into it and it allows a master to do its bidding,” Sneeringer said.
“It’s like a Swiss army knife virus,” he said, referring to its many components.
Officials will advise students not to click on suspicious links “until we’re blue in the face,” Sneeringer said, but OIT does have some other tips. First, students should update the settings on their security software. The university offers free anti-virus software from McAfee at www.helpdesk.umd.edu/virus. OIT sent McAfee its information on the bot, so the company should update its settings to catch the bot in the near future, Sneeringer said.
Once infected, the best option is to reinstall Windows, Sneeringer said. Bots disable or tweak anti-devices first, rendering the user helpless. System restore, which returns a computer’s settings to a previous date, is an option worth trying before reinstalling. Even if students go into Safe Mode and delete the bot, enough damage has been done to warrant reinstalling Windows.
“We’re pretty much pushing the re-format thing pretty heavily,” Sneeringer said. “People have gotten rid of the bot and been re-infected the next day, so we’re recommending you just reinstall.”
One of Coe’s friends recommended AIMfix, a program offered online by a person named Jay Loden. AIMfix is reported to scan AIM for problems and fix them. Coe said after running the program, AIM is the only working application and all other programs will not open. His computer will also turn on and off randomly, he said.
In worst-case scenarios, bot creators have used infected computers as a sort of “getaway car,” Sneeringer said. They can extort money from a company by threatening to shut down its website using the bot. Hackers attack the website using an innocent victim’s computer, thus providing a silk-screen to protect them.
“I’m not really sure what motivates [bot creators],” Sneeringer said. “It looks like some of the motivation has gone from ego to profit.”
Bot creators can then retreat from the computers they used for their dirty work, he said.
“Then instead of them being accused, it’s some poor kid in Cambridge Hall,” Sneeringer said.
Contact reporter Tom Howell at thowell@umd.edu.
