Despite regular updates to its anti-virus software, the University of Southern Queensland suffered at the handiwork of the Stages worm, which flooded the campus' e-mail systems and infected as many as 180 desktop machines.
USQ's mail servers were shut down for about 24 hours as IT staff scanned machines overnight, removing each of the worm's attachments from the systems.
"We've got virus software on our gateway. It picked up the 'Love Letter' virus last time. But we didn't have the right engine for this one," Mike Thompson, USQ Desktop Services Manager told ZDNet Australia.
Thompson said there had been an unfortunate problem with timing between updates to the anti-virus engine and the .dat file virus information updates. The university uses anti-virus software from Trend Micro for guarding the network gateway. The software engine is updated every week and anti-virus updates are supplied every day. However, "the .dat file we had didn't work with this engine. From what we understand it was a glitch at our end," Thompson said.
The university has a total student population of about 20,000, but most are off campus. Last year it was voted the leading on- and off-campus distance education facility in the world, by the United Nations affiliated organisation International Council for Open and Distance Education.
On campus there are about 5000 students, but fortunately, "most were attending exams or had just finished," as the worm struck yesterday morning, Thompson said. Most of the workstations infected were those used by university staff.
The university's mail servers were brought back up online by lunchtime today. Next, the workstations, "for those who opened the attachments, have to be disinfected and installed with the latest McAfee anti-virus software," Thompson said.
After the clean-up, the university will conduct a debriefing and use the experience to review disaster recovery procedures.
"We believe we are on the ball as far as we can be protected. (However) The big focus is education of our staff to not open attachments," Thompson said. "We need to educate them to be suspicious. I'm surprised at some of the people who opened attachments."
