In July 2001, the SirCam virus began to spread across the Internet. Disguised as a simple email request from a friend, family member, or acquaintance for advice about a file (with phrases such as "I send you this file in order to have your advice"), the email sent by the virus encouraged its victims to open the attached file. Once opened, the virus would infect the computer and send out copies of itself to every email address it could find on the computer, and would send out new copies every time a program was run on the infected computer.

In the weeks and months following the discovery of SirCam, OIT began to see more and more instances of SirCam-infected computers at the University. Each new infection threatened to spread the virus further, and the email generated by the infected computers was filling up the email accounts of its intended victims.

To prevent the spread of SirCam and similar viruses, OIT Consulting Services, Network Operations Center (NOC), Distributed Computing Services (DCS), and Project NEThics groups joined forces to establish procedures to prevent infected machines from spreading the viruses further. NOC and DCS monitor the network and the email systems for computers that are attempting to spread a virus. When such a computer is detected, NOC blocks that computer’s ability to connect to the network, either by disabling the network jack of the computer or by preventing the computer user from dialing into the University network via a modem. NOC then contacts the computer owner, tells them why their computer can no longer connect to the Internet and what virus is on their system, and directs them to contact the OIT Help Desk. The Help Desk provides the owner with information and tools they can use to remove the virus from their computer. When the owner removes the virus, they contact the Help Desk, which in turn contacts NOC to let the computer connect to the network again.

The procedure is somewhat different in cases where members of the University are receiving viruses from computers that are outside of the University network. When the NEThics group or the Help Desk receives such a report, they will contact NOC and DCS to see if there is any way to selectively block network transmissions from the infected machine. NEThics will also attempt to contact the Internet Service Provider (ISP) being used by the infected computer and inform them of the problem.

"These new procedures are a great way to get people’s attention concerning security," said Daniel Carter, member of OIT Consulting Services. "It also cuts down on the number of complaints we receive from outside the University about our computers sending out these viruses."

While these OIT groups work together to combat viruses at the network level, the OIT Virus Notification Program (VNP) continues to work to combat computer viruses on the computers themselves. In November, the VNP released new versions of the McAfee VirusScan and Netshield anti-virus programs for Windows computers. The new versions are customized to automatically update their anti-virus files on a regular basis, eliminating the need for the user to remember to manually update the software. The new versions are available for download from the VNP website (http://www.helpdesk.umd.edu/virus) or can be purchased on CD from the OIT Software Licensing (SLIC) office for $10.

For Macintosh users running OS X, the Virex 7.0 anti-virus is also now available from the VNP and from Software Licensing.

Open a New Window to Rate This Article