Campus scans network for Conficker-infected machines

If the Conficker virus causes trouble on April 1, the campus plans to be ready. Individual computer users would be smart to do the same.

Conficker has infected millions of computers worldwide and earned a reputation as one of the worst computer viruses in months. "Once a machine is infected, the worm can download and install additional malware from attacker-controlled Web sites," PC World reported. The malware would place an infected PC "essentially under the complete control of the attackers."

The campus previously warned about the virus in January. So far Conficker hasn't done its worst, instead directing infected computers to check in for instructions. Some security experts believe whoever is behind Conficker might trigger an attack on April 1, perhaps stealing sensitive data from computers or launching a massive spam attack.

The campus scanned its computer network for Conficker-infected computers on the afternoon of March 30, after testing the tool earlier that day. The identities of infected systems will be placed in the secalert database for retrieval by network administrators, and sent to administrative and academic network staff.

To guard against Conficker and other viruses, the campus also provides free Sophos Anti-Virus to all students, staff and faculty, and requires users to apply operating system patches in a timely manner.

To block Conficker, individuals who use a Windows operating system need to be sure they have installed patch MS08-067.

Faculty, students and staff should keep their computer software updated as a matter of habit. They should also have anti-virus software installed and running on their computers. You can download and install a free co py of Sophos AntiVirus from the campus software site.

Microsoft's Malicious Software Removal Tool will identify Conficker and remove the infection. Find links to removal tools, and other information, here. Technologists can find additional technical resources here and here.

It can be difficult to know if your machine has been infected. The scan should identify compromised campus machines. If you haven't kept your software updated, or don't use an anti-virus program or have let it lapse, you are at risk. An infected computer might not respond to user commands, and would not be able to reach any sites in the www.sophos.com, www.symantec.com, www.mcafee.com or similar security site domains.

If you have these symptoms, check with your department tech help or contact the IT Express Campus Computing Services Help Desk at (530) 754-HELP (4357).