IT Infrastructure

Cyber Viruses Infect Schools Across Nation

By Andrew Trotter — September 10, 2003 7 min read
  • Save to favorites
  • Print

As schools prepared for a new year, waves of attacks by computer viruses temporarily shut down educational computer networks and Web sites, disrupting some school business and costing scarce budget dollars as technicians scrambled to fix the resulting problems.

See Also...

View the accompanying table, “Software Intruders.”

Districts across the country had to suspend e-mail delivery, the scheduling of students’ fall classes, and other functions surrounding the start of school. Web sites full of opening-day announcements went dark; those that were open greeted parents with virus warnings and instructions for installing “patches,” or software code to correct the flaws that a virus exploits.

“Just the sheer amount of effort and talent that was wasted in this latest series of attacks, you couldn’t measure,” said James Hirsch, the technology chief for the 52,000-student Plano, Texas, schools.

In Plano, a virus infected 2,800 school laptop computers, which lacked the latest updates to virus-protection software. It spread from the laptops to the district’s computer network, forcing the district to shut off some essential computer services, such as a system that monitors building-security systems throughout the district.

Mr. Hirsch and other educational technology experts said the recent global outbursts of computer viruses and worms—which also affected computers in businesses, government agencies, and homes, causing an all-time record for damage, according to virus experts—couldn’t have come at a worse time for schools.

And the troubles may not be over, as experts were predicting that a widespread attack by a new version of one of the viruses, called Sobig, would occur this week.

Malicious Code

A virus is harmful software code that is appended to another, apparently harmless, software file; it is often activated when a user innocently clicks on an infected file attached to an e- mail message. A worm, equally malicious, can spread by itself, over an open network connection, by exploiting a software flaw.

The spate of recent viruses and worms, of several basic types with multiple variants, brought computer networks to their knees by overloading them with thousands of signals, or “pings.” The intruders exploited flaws in widely used operating systems and Web-browser software designed by the Microsoft Corp.

In addition, they are sometimes equipped to install “backdoors” or “Trojan horses” on the computers they infect, an arrangement that later allows the attacker to control the computer remotely without needing a password.

Computer viruses and worms can spread relentlessly to any computer on a network, when technicians and ordinary users fail to take precautions. Standard tools such as firewalls and anti-virus software defeat these attacks, but not if, as often happens in schools, those defenses are not updated frequently, or if users bypass them by bringing in laptops or computer disks from home.

Few computer users have the skills to spot these software flaws and build totally new viruses and worms. But virus “toolkits” that have become widely available on the World Wide Web allow people with ill intentions and much less skill to launch their own potent knock-offs.

That’s apparently what happened with the Nachi, a worm also called Welchia, that was first detected in early August and the Blaster worm.

On Aug. 29, federal prosecutors in Seattle arrested Jeffrey Lee Parson, a Minnetonka, Minn., high school student, and lodged a felony charge against him for allegedly developing and releasing the “B variant” of the Blaster worm. Analysts discovered that the variant had infected thousands of computers and had attacked Microsoft’s “Windows Update” Web site.

In court documents, federal investigators claimed that Mr. Parson admitted to creating the worm variant.

Mr. Parson, 18, who lives with his parents and attended Hopkins High School, made no plea at the hearing and was released in lieu of a $25,000 bond and placed under house arrest. He will be arraigned in Seattle on Sept. 17.

Eileen Harvala, a spokeswoman for the Hopkins school district in Minnetonka, said Mr. Parson is currently attending a different school.

Meanwhile, three worms almost caused the postponement of the opening of the 75,000-student Cleveland public schools because the district network was prevented from processing student schedules, said Alan Seifullah, the district’s spokesman.

“It was reinfecting the machines before we had finished cleaning them,” said Peter Robertson, the district’s chief information officer. “We had to take each and every machine off the network and disinfect and update it before we reattached it.”

In Cleveland, more than 6,000 of the district’s 30,000 computers had to be patched, “and many others had to be looked at machine by machine,” Mr. Robertson said. To ensure that schools opened on time on Aug. 28, an assorted crew that varied between 30 and 100 district personnel, student interns, and hired and loaned temporary workers spent three days combing through 130 district buildings to install fixes.

Ironically, school systems with newer equipment were often the most vulnerable, as were districts that have switched to personal computers from Macintosh computers, which were not affected by this round of attacks.

New Computers Vulnerable

The 21,500-student Vancouver, Wash., school district had phased out most of its Macs, said Linda Turner, the director of information and technology services. “This summer we brought in 3,000 brand-new PCs—that’s a ‘gotcha,’ as well as a good thing,” she said.

The “gotcha” meant that, after being infected by Nachi/Welchia, the district network had to be turned off for a day, 10 college students who had been summer hires were recalled to aid district technicians, and the various systems were slowly restarted before classes began last week.

At the 1,240- student Watertown Senior High School in Watertown, S.D., officials in mid- August issued 1,400 new laptops to students and teachers to kick off the school’s “learning with laptops” program. But as soon as students logged in on the first day of school, Aug. 25, the network was flooded with messages generated by the Welchia worm.

Technicians first installed patches on the machines automatically over the network. But a program on each laptop that was meant to remove viruses and other unauthorized programs whenever the laptop was turned on actually eliminated the patch. A team of 20 technicians, computer teachers, and administrators had to collect all the laptops and spend two days patching them.

Layers of Defense

Companies that make anti-virus software say that because of the growing number of viruses and worms, organizations need to apply several layers of defense against them.

The biggest difficulties that schools face can be the result of a deliberate choice, said Larry Rogers, a senior member of the technical staff at the CERT Coordination Center, a federally financed group at Carnegie Mellon University in Pittsburgh that studies Internet vulnerabilities. He noted what security experts are fond of saying: The most secure computer system is one that is turned off.

The problem is that the requirements for ultimate security are diametrically opposed to those for open access to information, Mr. Rogers said.

“The challenge in the educational environment,” he said,"is providing an educational environment.

In short, schools don’t want their cyber padlocks to prevent students and teachers from discovering new things, he said, “including visiting places they can wander into by accident.”

To balance those priorities, Mr. Rogers said, schools should study the connection between their “two businesses"—the business of running operations and securing district information and communications, and the business of giving people access to information.

“It isn’t quite the case that never the twain shall meet, but they should meet in clearly defined places,” he said.

Some school districts that were only minimally affected by the recent attacks were well served by outside organizations that provide their technology services.

For example, in New York state, the Lower Hudson Regional Information Center used “many lines of defense” to keep viruses and worms out of 45 districts that use the center to access Internet services and maintain an electronic gateway for routing e-mail, said Mike Stepowski, the center’s manager of telecommunications.

“We caught pretty much all the Sobig virus and Blaster; 9,000 or 10,000 e-mails were infected per day,” Mr. Stepowski said.

The nonprofit center, one of 12 in the state’s Board of Cooperative Educational Services system, also updated the virus protection automatically for 25,000 school computers.

Networking experts say more consolidation of defenses against viruses and worms may be needed in the future as they become more destructive.

Microsoft, for its part, has acknowledged that there are security vulnerabilities in its products, and says it will identify, investigate, and remedy security vulnerabilities “when they occur,” according to a document on the Microsoft TechNet Web site.

Coverage of technology is supported in part by the William and Flora Hewlett Foundation.

Related Tags:

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Well-Being Webinar
Stronger Together: Integrating Social and Emotional Supports in an Equity-Based MTSS
Decades of research have shown that when schools implement evidence-based social and emotional supports and programming, academic achievement increases. The impact of these supports – particularly for students of color, students from low-income communities, English
Content provided by Illuminate Education
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Well-Being Webinar
A Whole Child Approach to Supporting Positive Student Behavior 
To improve student behavior, it’s important to look at the root causes. Social-emotional learning may play a preventative role.

A whole child approach can proactively support positive student behaviors.

Join this webinar to learn how.
Content provided by Panorama
Recruitment & Retention Live Online Discussion A Seat at the Table: Why Retaining Education Leaders of Color Is Key for Student Success
Today, in the United States roughly 53 percent of our public school students are young people of color, while approximately 80 percent of the educators who lead their classrooms, schools, and districts are white. Racial

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure Privacy Group Cautions Schools on Technology That Flags Children at Risk of Self-Harm
Software that scans students’ online activity and flags children believed to be at risk of self-harm comes with significant risks, a new report warns.
6 min read
Conceptual image of students walking on data symbols.
Laura Baker/Education Week and Orbon Alija/E+
IT Infrastructure School Districts Seek Billions in New Federal Money for Connectivity, FCC Announces
The Federal Communications Commission received $5.1 billion in requests for new funding to purchase devices and improve internet access.
2 min read
Image shows two children ages 5 to 7 years old and a teacher, an African-American woman, holding a digital tablet up, showing it to the girl sitting next to her. They are all wearing masks, back to school during the COVID-19 pandemic, trying to prevent the spread of coronavirus.
iStock/Getty Images Plus
IT Infrastructure School District Data Systems Are Messed Up. A New Coalition Wants to Help
Organizations representing states and school districts have teamed up with ISTE to help make data systems more user-friendly and secure.
3 min read
Conceptual collage of arrows, icon figures, and locks
Sean Gladwell/Moment/Getty
IT Infrastructure More Families Have Internet Access. So Why Hasn't the Digital Divide Begun to Close?
A new study says low-income families’ access to the internet has soared in the past six years. But there are other barriers to connectivity.
3 min read
Glowing neon Loading icon isolated on brick wall background. Progress bar icon.
Mingirov/iStock/Getty Images Plus