IT Infrastructure

Cyber Viruses Infect Schools Across Nation

By Andrew Trotter — September 10, 2003 7 min read
  • Save to favorites
  • Print

As schools prepared for a new year, waves of attacks by computer viruses temporarily shut down educational computer networks and Web sites, disrupting some school business and costing scarce budget dollars as technicians scrambled to fix the resulting problems.

See Also...

View the accompanying table, “Software Intruders.”

Districts across the country had to suspend e-mail delivery, the scheduling of students’ fall classes, and other functions surrounding the start of school. Web sites full of opening-day announcements went dark; those that were open greeted parents with virus warnings and instructions for installing “patches,” or software code to correct the flaws that a virus exploits.

“Just the sheer amount of effort and talent that was wasted in this latest series of attacks, you couldn’t measure,” said James Hirsch, the technology chief for the 52,000-student Plano, Texas, schools.

In Plano, a virus infected 2,800 school laptop computers, which lacked the latest updates to virus-protection software. It spread from the laptops to the district’s computer network, forcing the district to shut off some essential computer services, such as a system that monitors building-security systems throughout the district.

Mr. Hirsch and other educational technology experts said the recent global outbursts of computer viruses and worms—which also affected computers in businesses, government agencies, and homes, causing an all-time record for damage, according to virus experts—couldn’t have come at a worse time for schools.

And the troubles may not be over, as experts were predicting that a widespread attack by a new version of one of the viruses, called Sobig, would occur this week.

Malicious Code

A virus is harmful software code that is appended to another, apparently harmless, software file; it is often activated when a user innocently clicks on an infected file attached to an e- mail message. A worm, equally malicious, can spread by itself, over an open network connection, by exploiting a software flaw.

The spate of recent viruses and worms, of several basic types with multiple variants, brought computer networks to their knees by overloading them with thousands of signals, or “pings.” The intruders exploited flaws in widely used operating systems and Web-browser software designed by the Microsoft Corp.

In addition, they are sometimes equipped to install “backdoors” or “Trojan horses” on the computers they infect, an arrangement that later allows the attacker to control the computer remotely without needing a password.

Computer viruses and worms can spread relentlessly to any computer on a network, when technicians and ordinary users fail to take precautions. Standard tools such as firewalls and anti-virus software defeat these attacks, but not if, as often happens in schools, those defenses are not updated frequently, or if users bypass them by bringing in laptops or computer disks from home.

Few computer users have the skills to spot these software flaws and build totally new viruses and worms. But virus “toolkits” that have become widely available on the World Wide Web allow people with ill intentions and much less skill to launch their own potent knock-offs.

That’s apparently what happened with the Nachi, a worm also called Welchia, that was first detected in early August and the Blaster worm.

On Aug. 29, federal prosecutors in Seattle arrested Jeffrey Lee Parson, a Minnetonka, Minn., high school student, and lodged a felony charge against him for allegedly developing and releasing the “B variant” of the Blaster worm. Analysts discovered that the variant had infected thousands of computers and had attacked Microsoft’s “Windows Update” Web site.

In court documents, federal investigators claimed that Mr. Parson admitted to creating the worm variant.

Mr. Parson, 18, who lives with his parents and attended Hopkins High School, made no plea at the hearing and was released in lieu of a $25,000 bond and placed under house arrest. He will be arraigned in Seattle on Sept. 17.

Eileen Harvala, a spokeswoman for the Hopkins school district in Minnetonka, said Mr. Parson is currently attending a different school.

Meanwhile, three worms almost caused the postponement of the opening of the 75,000-student Cleveland public schools because the district network was prevented from processing student schedules, said Alan Seifullah, the district’s spokesman.

“It was reinfecting the machines before we had finished cleaning them,” said Peter Robertson, the district’s chief information officer. “We had to take each and every machine off the network and disinfect and update it before we reattached it.”

In Cleveland, more than 6,000 of the district’s 30,000 computers had to be patched, “and many others had to be looked at machine by machine,” Mr. Robertson said. To ensure that schools opened on time on Aug. 28, an assorted crew that varied between 30 and 100 district personnel, student interns, and hired and loaned temporary workers spent three days combing through 130 district buildings to install fixes.

Ironically, school systems with newer equipment were often the most vulnerable, as were districts that have switched to personal computers from Macintosh computers, which were not affected by this round of attacks.

New Computers Vulnerable

The 21,500-student Vancouver, Wash., school district had phased out most of its Macs, said Linda Turner, the director of information and technology services. “This summer we brought in 3,000 brand-new PCs—that’s a ‘gotcha,’ as well as a good thing,” she said.

The “gotcha” meant that, after being infected by Nachi/Welchia, the district network had to be turned off for a day, 10 college students who had been summer hires were recalled to aid district technicians, and the various systems were slowly restarted before classes began last week.

At the 1,240- student Watertown Senior High School in Watertown, S.D., officials in mid- August issued 1,400 new laptops to students and teachers to kick off the school’s “learning with laptops” program. But as soon as students logged in on the first day of school, Aug. 25, the network was flooded with messages generated by the Welchia worm.

Technicians first installed patches on the machines automatically over the network. But a program on each laptop that was meant to remove viruses and other unauthorized programs whenever the laptop was turned on actually eliminated the patch. A team of 20 technicians, computer teachers, and administrators had to collect all the laptops and spend two days patching them.

Layers of Defense

Companies that make anti-virus software say that because of the growing number of viruses and worms, organizations need to apply several layers of defense against them.

The biggest difficulties that schools face can be the result of a deliberate choice, said Larry Rogers, a senior member of the technical staff at the CERT Coordination Center, a federally financed group at Carnegie Mellon University in Pittsburgh that studies Internet vulnerabilities. He noted what security experts are fond of saying: The most secure computer system is one that is turned off.

The problem is that the requirements for ultimate security are diametrically opposed to those for open access to information, Mr. Rogers said.

“The challenge in the educational environment,” he said,"is providing an educational environment.

In short, schools don’t want their cyber padlocks to prevent students and teachers from discovering new things, he said, “including visiting places they can wander into by accident.”

To balance those priorities, Mr. Rogers said, schools should study the connection between their “two businesses"—the business of running operations and securing district information and communications, and the business of giving people access to information.

“It isn’t quite the case that never the twain shall meet, but they should meet in clearly defined places,” he said.

Some school districts that were only minimally affected by the recent attacks were well served by outside organizations that provide their technology services.

For example, in New York state, the Lower Hudson Regional Information Center used “many lines of defense” to keep viruses and worms out of 45 districts that use the center to access Internet services and maintain an electronic gateway for routing e-mail, said Mike Stepowski, the center’s manager of telecommunications.

“We caught pretty much all the Sobig virus and Blaster; 9,000 or 10,000 e-mails were infected per day,” Mr. Stepowski said.

The nonprofit center, one of 12 in the state’s Board of Cooperative Educational Services system, also updated the virus protection automatically for 25,000 school computers.

Networking experts say more consolidation of defenses against viruses and worms may be needed in the future as they become more destructive.

Microsoft, for its part, has acknowledged that there are security vulnerabilities in its products, and says it will identify, investigate, and remedy security vulnerabilities “when they occur,” according to a document on the Microsoft TechNet Web site.

Coverage of technology is supported in part by the William and Flora Hewlett Foundation.

Related Tags:


Special Education Webinar Reading, Dyslexia, and Equity: Best Practices for Addressing a Threefold Challenge
Learn about proven strategies for instruction and intervention that support students with dyslexia.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
College & Workforce Readiness Webinar
The School to Workforce Gap: How Are Schools Setting Students Up For Life & Lifestyle Success?
Hear from education and business leaders on how schools are preparing students for their leap into the workforce.
Content provided by Find Your Grind
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
School & District Management Webinar
The Key to Better Learning: Indoor Air Quality
Learn about the importance of improved indoor air quality in schools, and how to pick the right solutions for educators, students, and staff.
Content provided by Delos

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure From Our Research Center What the Massive Shift to 1-to-1 Computing Means for Schools, in Charts
1-to-1 computing has expanded at a rate few could have imagined prior to the pandemic, creating opportunities and problems.
1 min read
Illustration of laptop computer displaying bar graph.
Illustration by F. Sheehan/Education Week (Images: iStock/Getty and E+)
IT Infrastructure Internet on School Buses: FCC Eyes E-Rate Change to Expand Access
FCC Chair Jessica Rosenworcel announced a proposal that would allow the use of federal E-rate funding for Wi-Fi in school buses.
2 min read
A Brownsville Independent School District bus acts as a Wi-Fi hotspot for students needing to connect online for distance learning at the beginning of the 2020-21 school year in the Texas school system.
A Brownsville Independent School District bus acts as a WI-FI hotspot for students needing to connect online for distance learning on the first day of class Tuesday, Aug. 25, 2020, in the parking lot of the Margaret M. Clark Aquatic Center in Brownsville, Texas. The bus is one of 20 hotspots throughout the city to help students have access to their online classes as part of the remote start to the school year due to COVID-19 pandemic.
Denise Cathey/The Brownsville Herald via AP
IT Infrastructure Stopping Cyberattacks Is Top Priority for Ed-Tech Leaders. But Many Underestimate the Risk
Most K-12 district tech leaders rate common cybersecurity threats as just low or medium risk, survey shows.
4 min read
Images shows a symbolic lock on a technical background.