Seventy-five students have been disconnected from the University network in the past two weeks, which marks the highest spike in intranet kick-offs since August, according to UNet Systems Administrator Rich Graves. Students' computers have been taken off the network because they "have been compromised and used to attack others," a school-wide e-mail from Graves read. Two of the worms most prevalent are called Welchia-B and Phatbot.

A compromised computer is one that has been infected by a virus and is controlled by a third party or is running a code that puts the network at risk. According to UNet, if computers that have contracted viruses are not taken off the network they will attack or infect other computers.

According to Graves, the reason for disconnecting computers from the network is that immediately upon infection, the worms start noisily scanning the whole Internet.

"It would be impolite to other potential victims on campus and elsewhere to allow this to continue," he said.

"[People who comprise computers are going after several things," Graves said. "[One is] control of devices on the network to do other things and by using yours they can cover their tracks. [They also have] free use of your passwords and bank account."

Although Graves said he has no direct knowledge of this happening at Brandeis, he has seen the potential for it and hopes people who get viruses take his advice about carefully watching their bank statements for the next year.

"We're seeing computers scanning other computers and sending out tons and tons of information to other computers, which is a sign of a virus," UNet consultant Bert Huang '04 said.

According to Graves, the comprised computers had one of two known security holes for which patches have been available since September. He said the treatment for these breaches in security were widely reported in the press and by November about 80 percent of students running Windows had applied these fixes.

"[The viruses are caused by] negligence by students not running security updates since October," Graves said. "I sent two to three e-mails at the beginning of the year and there are links at the top of the [Brandeis] Web page, so this shouldn't be news to people. All anti-virus software has been able to detect and stop the worm they've been infected with since Feb. 11, so getting infected now means these some 100 students were pretty negligent."

Graves said that most people took care of the problems exploited by Welchia and Phatbot a long time ago and thus were not affected by the virus.

He said that there are about four general security recommendations in the Student Network Security document, and one can follow them without being a computer genius.

According to Graves, the total amount of people shut off through September was 10 percent of the student body. Many were not aware of any problem until they could not get on the Internet.

"I couldn't get online and so I thought maybe I had a virus," Mike Soffer '07 said. "I got on my roommate's computer and they (ITS) had e-mailed me that I had a virus. UNet came and fixed it, but then I got another message that said I have [the virus] again."

According to Graves, some 20 students opened e-mail virus attachments in the last month and a half dozen students opened what they assumed to be pirated software or porn downloaded from Kazaa. These files were actually a virus that took over the host computers, exposing computer users to Internet crime. Graves has noted that this is a lower number of problems than at other universities, suggesting students are learning.

"One strategy viruses use is changing their name (so you think it is something else) and download it," Huang said. "It's nothing students do themselves, but they can prevent it," Huang said.

Graves said he cannot impress upon students enough the importance of running security updates to prevent viruses.

"This is technical stuff most people won't understand, but there are simple things you can do," Graves said. "Run security updates and be careful and paranoid: don't be dumb about Kazaa, a program used to share files over the internet, or e-mail attachments. Keep your computer up to date and set anti-virus programs to run automatically so you don't have to worry about it."

Steps students should take to prevent such problems are available at web.brandeis.edu/pages/view/Network/StudentNetworkSecurity.

"UNet consultants do their best to force a CD with a recent version into the hands of every new student on opening Sunday, so you may already have a copy installed," the Web site reads. "If you don't or aren't sure, you can download the most recent version for free at http://virus.brandeis.edu/."

According to employees at the UNet help desk, the majority of e-mail attachments are viruses and warns students to "not accept candy from strangers."

For those students already infected, the UNet help desk and Graves suggest re-installing Windows.

"Our strong recommendation is to re-install Windows from scratch," Graves said. "The install shop will do that for $75, but the help desk has been doing it for free. They have been going above and beyond the call of duty."

"Because of the amount of students that need help, the workshop is offering to re-install Windows for money," Huang said.

Most students who have had to deal with a virus this year know what hassle it can be and agree with Graves that this is an issue that needs to be taken care of.

"I was irresponsible and didn't update my computer security," Soffer said. "I don't know anything about computers though - they scare me, they're like robots. Let this be a warning to everyone."

Welchia-B, first discovered in mid-February, is a new and different program than Welchia-A. Back in September, Welchia-A infected computers and used them to scan the network for other computers to infect. Welchia-B exploits another round of security holes first publicly disclosed in September and October.

When Phatbot infects a computer it attempts to auto-start itself every time a computer is turned on. It then attempts to terminate any security or anti-virus software running on the computer and scan for other computer it can infect through network shares.