Infection protection

General Article
August 21, 2003

When viruses attempt to storm the center's computer systems, the best protection against infection can be you

Molly Josephson, program assistent in the Clinical Research Division, was among the first to spot the Mimail computer virus and alert the Information Technology Department. This is exactly the response IT encourages from everyone at the center. Photo by Todd McNaught

By BARBARA BERG

Like hundreds of other center employees on the morning of August 1, Molly Josephson turned on her computer, opened her Outlook program and read through the first batch of the day's e-mail messages. Amidst the dozens of notes for meeting requests and seminar notices, one message with an attached file, sent from "admin@fhcrc.org," caught her attention.

"It looked like it was from a valid address, but there were some strange characters in the text," said Josephson, a program assistant in the Clinical Research Division director's office. "I didn't open the attachment and forwarded the message to Ron Hood with a note saying that I thought the e-mail looked suspicious."

Josephson's instincts proved correct. The e-mail was actually the Mimail virus, which ultimately infected 24 desktops at the center before the outbreak was contained, said Hood, the center's information-security officer. Her behavior is exactly what he and other members of the Information Technology Department would like to encourage from all 2500-plus Fred Hutchinson employees.

"Every single person at the center can play an important role in keeping our computer system safe and stable," Hood said. "We do have very good systems in place that check for viruses, but the technology isn't foolproof. It really helps us to have employees be aware of what constitutes a suspicious message."

Suspicious signatures

The Mimail virus proved to be more of a nuisance than a danger and, thanks to the quick response of the IT department, was eradicated within about three hours after the first message was received at the center. It was one of tens of thousands that attempt to sneak into the system each year, although the entry of most viruses is blocked by a four-tier security infrastructure that costs the center about $25,000 annually to maintain. The system was upgraded last November to scan every e-mail message sent to center accounts.

"We screen for viruses with programs on individual desktops, on our file servers, on the Exchange post offices and at the e-mail gateway to the center," Hood said. "These programs can distinguish between what is a virus and what is not, depending on whether a particular signature is present in the mail message or attachment."

Information on virus signatures is updated daily in the scanning programs. Yet if a virus hits the center before its signature has been entered-as was the case with the Mimail virus earlier this month-the system is vulnerable to attack.

Hood said that on a typical day, about 40,000 e-mail messages move into and out of the center, and about 100 of them contain a virus that is detected and cleaned by the virus-scanning engine. On some days, the number of virus-laden messages can be as high as 3,000.

Despite the reliability of the center's virus-scanning engine, digital infections can find ports of entry. For example, the security software does not scan Web pages or pop-up boxes, so staff should be wary of sending information or responding to Web sites that look suspicious, especially if they ask for personal information such as credit-card numbers.

In addition, use of non-center e-mail accounts, such as Hotmail and Yahoo, are not screened by the center's security software and can serve as a conduit for viruses to enter the system. Hood said although the Mimail virus was innocuous, some viruses are potent enough to cause servers to shut down.

"That's why it's important for everyone-not just the computer specialists-to be alert and cautious when reading their e-mail."

---

IT prevents worm from blasting through center's computer system

The Mimail virus wasn't the only threat to the center's computer security this month. Last week, Internet Technology fended off a much more virulent invader, the MS Blaster Worm, which had the potential to bring Fred Hutchinson's system to a screeching halt.

The MS Blaster takes advantage of a vulnerability in Microsoft operating systems NT and higher, said Robbie Scherr, an IT manager.

"The reason this was potentially very dangerous is that it can be introduced into a computer without any user intervention, which means it can get in without a person having to open an e-mail attachment," she said.

To prevent entry of the worm, IT closed the firewall at the vulnerable port to the center's system. But Scherr said that a security threat still exists from staff who bring laptops to and from work or who dial up from home to access the center's network. To close those potential security breaches, all staff were provided with downloadable patches that prevented the worm from gaining entry and were asked to contact the IT Help Desk to authorize their reestablishment of secure remote access.

Scherr said that only four desktops at the center have been identified as infected and all were quickly cleaned of the worm.

Staff with questions regarding the MS Blaster Worm should contact the IT Help Desk at helpdesk@fhcrc.org or 206-667-5700.

Center News Table of Contents