University technology officials said the recent rash of Internet-based computer worms and viruses may have been the root cause of Tuesday’s e-mail delivery delays, which left GWMail system users receiving e-mails hours after they had been sent.
Although the direct cause of the slowdown was linked to a memory failure on the University’s e-mail server, GW Information Security Officer Krizzi Trivisani said the disruption could be directly connected to the increased load placed on University servers by worms and viruses coursing through GW’s network.
“Over the average month our servers will filter between 25 and 30,000 known viruses from being delivered to our users,” Trivisani said. “But now we’re getting 130,000 infected messages in a single day, an absolutely incredible jump in our load.”
Mail queues returned to normal by late Tuesday evening, according to the Colonial Mail Web site, although servers are still dealing with an increased volume of Internet traffic.
Viruses, including Sobig.F, are responsible for the increased burden on GW servers, although University officials attempted to limit campus susceptibility to potentially more debilitating computer worms, such as Blaster, before the school year began.
GW computers are protected from the Blaster worm by Microsoft’s “patch,” but it could circulate among student-owned computers that have yet to install the worm protection, Trivisani said.
The difference between a virus and worm, Trivisani said, is that a virus “requires you to click, or execute, something while a worm takes advantage of a preexisting hole in the operating system.”
According to CERT’s Web site, a national computer security incident response group, worms such as Blaster can generate a crippling amount of traffic on Internet-connected networks as they search for and infect vulnerable computers. This increased traffic could bring networks to a standstill and, in the case of GW, leave students without access to the Internet.
University information security officials worked with Resnet and other concerned support departments to ensure computers on campus and student-owned computers were protected from the security hole the Blaster worm was meant to exploit.
At its yearly connection fair this fall, Resent gave students CDs with instructions and tools that searched for the security hole and applied the patch for the Blaster virus if needed.
Those already infected with the worm or unsure of how to apply the patch were also able to get onsite assistance with patch installation and worm cleanup. Assistance is still available for those who need it from campus IT services in Academic Center B107.
While the University has not tabulated the cost of dealing with Blaster infections, cleanup of the worm takes a significant amount of manpower, between a half an hour and one and a half hours per computer, Trivisani said.
While the campus IT staff has done “an excellent job” dealing with the results of recent viruses and worms, the best line of defense is still prevention, she said.
“We’re working hard to encourage folks to do what’s best (and easiest) for them,” Trivisani said. “Take advantage of the free virus protection software we have available and do your automatic updates for it and Windows.”
More information about free versions of Norton Antivirus software and other computer security information is available at http://helpdesk.gwu.edu.
