IT Infrastructure

Cyber Viruses Infect Schools Across Nation

By Andrew Trotter — September 10, 2003 7 min read
  • Save to favorites
  • Print

As schools prepared for a new year, waves of attacks by computer viruses temporarily shut down educational computer networks and Web sites, disrupting some school business and costing scarce budget dollars as technicians scrambled to fix the resulting problems.

See Also...

View the accompanying table, “Software Intruders.”

Districts across the country had to suspend e-mail delivery, the scheduling of students’ fall classes, and other functions surrounding the start of school. Web sites full of opening-day announcements went dark; those that were open greeted parents with virus warnings and instructions for installing “patches,” or software code to correct the flaws that a virus exploits.

“Just the sheer amount of effort and talent that was wasted in this latest series of attacks, you couldn’t measure,” said James Hirsch, the technology chief for the 52,000-student Plano, Texas, schools.

In Plano, a virus infected 2,800 school laptop computers, which lacked the latest updates to virus-protection software. It spread from the laptops to the district’s computer network, forcing the district to shut off some essential computer services, such as a system that monitors building-security systems throughout the district.

Mr. Hirsch and other educational technology experts said the recent global outbursts of computer viruses and worms—which also affected computers in businesses, government agencies, and homes, causing an all-time record for damage, according to virus experts—couldn’t have come at a worse time for schools.

And the troubles may not be over, as experts were predicting that a widespread attack by a new version of one of the viruses, called Sobig, would occur this week.

Malicious Code

A virus is harmful software code that is appended to another, apparently harmless, software file; it is often activated when a user innocently clicks on an infected file attached to an e- mail message. A worm, equally malicious, can spread by itself, over an open network connection, by exploiting a software flaw.

The spate of recent viruses and worms, of several basic types with multiple variants, brought computer networks to their knees by overloading them with thousands of signals, or “pings.” The intruders exploited flaws in widely used operating systems and Web-browser software designed by the Microsoft Corp.

In addition, they are sometimes equipped to install “backdoors” or “Trojan horses” on the computers they infect, an arrangement that later allows the attacker to control the computer remotely without needing a password.

Computer viruses and worms can spread relentlessly to any computer on a network, when technicians and ordinary users fail to take precautions. Standard tools such as firewalls and anti-virus software defeat these attacks, but not if, as often happens in schools, those defenses are not updated frequently, or if users bypass them by bringing in laptops or computer disks from home.

Few computer users have the skills to spot these software flaws and build totally new viruses and worms. But virus “toolkits” that have become widely available on the World Wide Web allow people with ill intentions and much less skill to launch their own potent knock-offs.

That’s apparently what happened with the Nachi, a worm also called Welchia, that was first detected in early August and the Blaster worm.

On Aug. 29, federal prosecutors in Seattle arrested Jeffrey Lee Parson, a Minnetonka, Minn., high school student, and lodged a felony charge against him for allegedly developing and releasing the “B variant” of the Blaster worm. Analysts discovered that the variant had infected thousands of computers and had attacked Microsoft’s “Windows Update” Web site.

In court documents, federal investigators claimed that Mr. Parson admitted to creating the worm variant.

Mr. Parson, 18, who lives with his parents and attended Hopkins High School, made no plea at the hearing and was released in lieu of a $25,000 bond and placed under house arrest. He will be arraigned in Seattle on Sept. 17.

Eileen Harvala, a spokeswoman for the Hopkins school district in Minnetonka, said Mr. Parson is currently attending a different school.

Meanwhile, three worms almost caused the postponement of the opening of the 75,000-student Cleveland public schools because the district network was prevented from processing student schedules, said Alan Seifullah, the district’s spokesman.

“It was reinfecting the machines before we had finished cleaning them,” said Peter Robertson, the district’s chief information officer. “We had to take each and every machine off the network and disinfect and update it before we reattached it.”

In Cleveland, more than 6,000 of the district’s 30,000 computers had to be patched, “and many others had to be looked at machine by machine,” Mr. Robertson said. To ensure that schools opened on time on Aug. 28, an assorted crew that varied between 30 and 100 district personnel, student interns, and hired and loaned temporary workers spent three days combing through 130 district buildings to install fixes.

Ironically, school systems with newer equipment were often the most vulnerable, as were districts that have switched to personal computers from Macintosh computers, which were not affected by this round of attacks.

New Computers Vulnerable

The 21,500-student Vancouver, Wash., school district had phased out most of its Macs, said Linda Turner, the director of information and technology services. “This summer we brought in 3,000 brand-new PCs—that’s a ‘gotcha,’ as well as a good thing,” she said.

The “gotcha” meant that, after being infected by Nachi/Welchia, the district network had to be turned off for a day, 10 college students who had been summer hires were recalled to aid district technicians, and the various systems were slowly restarted before classes began last week.

At the 1,240- student Watertown Senior High School in Watertown, S.D., officials in mid- August issued 1,400 new laptops to students and teachers to kick off the school’s “learning with laptops” program. But as soon as students logged in on the first day of school, Aug. 25, the network was flooded with messages generated by the Welchia worm.

Technicians first installed patches on the machines automatically over the network. But a program on each laptop that was meant to remove viruses and other unauthorized programs whenever the laptop was turned on actually eliminated the patch. A team of 20 technicians, computer teachers, and administrators had to collect all the laptops and spend two days patching them.

Layers of Defense

Companies that make anti-virus software say that because of the growing number of viruses and worms, organizations need to apply several layers of defense against them.

The biggest difficulties that schools face can be the result of a deliberate choice, said Larry Rogers, a senior member of the technical staff at the CERT Coordination Center, a federally financed group at Carnegie Mellon University in Pittsburgh that studies Internet vulnerabilities. He noted what security experts are fond of saying: The most secure computer system is one that is turned off.

The problem is that the requirements for ultimate security are diametrically opposed to those for open access to information, Mr. Rogers said.

“The challenge in the educational environment,” he said,"is providing an educational environment.

In short, schools don’t want their cyber padlocks to prevent students and teachers from discovering new things, he said, “including visiting places they can wander into by accident.”

To balance those priorities, Mr. Rogers said, schools should study the connection between their “two businesses"—the business of running operations and securing district information and communications, and the business of giving people access to information.

“It isn’t quite the case that never the twain shall meet, but they should meet in clearly defined places,” he said.

Some school districts that were only minimally affected by the recent attacks were well served by outside organizations that provide their technology services.

For example, in New York state, the Lower Hudson Regional Information Center used “many lines of defense” to keep viruses and worms out of 45 districts that use the center to access Internet services and maintain an electronic gateway for routing e-mail, said Mike Stepowski, the center’s manager of telecommunications.

“We caught pretty much all the Sobig virus and Blaster; 9,000 or 10,000 e-mails were infected per day,” Mr. Stepowski said.

The nonprofit center, one of 12 in the state’s Board of Cooperative Educational Services system, also updated the virus protection automatically for 25,000 school computers.

Networking experts say more consolidation of defenses against viruses and worms may be needed in the future as they become more destructive.

Microsoft, for its part, has acknowledged that there are security vulnerabilities in its products, and says it will identify, investigate, and remedy security vulnerabilities “when they occur,” according to a document on the Microsoft TechNet Web site.

Coverage of technology is supported in part by the William and Flora Hewlett Foundation.

Related Tags:

Commenting has been disabled on effective Sept. 8. Please visit our FAQ section for more details. To get in touch with us visit our contact page, follow us on social media, or submit a Letter to the Editor.


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Teaching Webinar
6 Key Trends in Teaching and Learning
As we enter the third school year affected by the pandemic—and a return to the classroom for many—we come better prepared, but questions remain. How will the last year impact teaching and learning this school
Content provided by Instructure
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Student Well-Being Webinar
Attendance Awareness Month: The Research Behind Effective Interventions
More than a year has passed since American schools were abruptly closed to halt the spread of COVID-19. Many children have been out of regular school for most, or even all, of that time. Some
Content provided by AllHere
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
School & District Management Webinar
Ensuring Continuity of Learning: How to Prepare for the Next Disruption
Across the country, K-12 schools and districts are, again, considering how to ensure effective continuity of learning in the face of emerging COVID variants, politicized debates, and more. Learn from Alexandria City Public Schools superintendent
Content provided by Class

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure School District Data Systems Are Messed Up. A New Coalition Wants to Help
Organizations representing states and school districts have teamed up with ISTE to help make data systems more user-friendly and secure.
3 min read
Conceptual collage of arrows, icon figures, and locks
Sean Gladwell/Moment/Getty
IT Infrastructure More Families Have Internet Access. So Why Hasn't the Digital Divide Begun to Close?
A new study says low-income families’ access to the internet has soared in the past six years. But there are other barriers to connectivity.
3 min read
Glowing neon Loading icon isolated on brick wall background. Progress bar icon.
Mingirov/iStock/Getty Images Plus
IT Infrastructure Remote and Hybrid Learning Are Declining. But the 'Homework Gap' Will Still Be a Problem
Schools are returning to in-person instruction, but students' connections to the internet at home remain spotty.
2 min read
Sam Urban Wittrock, left, an advance placement World History Teacher at W.W. Samuell High School, displays a wifi hot spot that are being handed out to students in Dallas on April 9, 2020. Dallas I.S.D. is handing out the devices along with wifi hotspots to students in need so that they can connect online for their continued education amid the COVID-19 health crisis.
Sam Urban Wittrock, left, an Advanced Placement World History Teacher at W.W. Samuell High School in Dallas, displays one of the Wi-Fi hotspots that were given to district students during the pandemic.
Tony Gutierrez/AP
IT Infrastructure 'Big Burden' for Schools Trying to Give Kids Internet Access
A year into the pandemic, millions of students remain without internet because of financial hurdles and logistical difficulties.
5 min read
Veronica Esquivel, 10, finishes her homework after her virtual school hours while her brother Isias Esquivel sits in front of the computer, Wednesday, Feb. 10, 2021, at their residence in Chicago's predominantly Hispanic Pilsen neighborhood.
Veronica Esquivel, 10, finishes her homework after her virtual school hours while her brother Isias Esquivel sits in front of the computer, Wednesday, Feb. 10, 2021, at their residence in Chicago's predominantly Hispanic Pilsen neighborhood.
Shafkat Anowar/AP