College Communications Home
||Contact: Carmen Rahm, Director & Chief
Technology Officer, Information Technology - 208/792-2215
Lewis-Clark State Not Immune from
Tuesday, December 4th brought an unwelcome visitor to desktops around the Lewis-Clark
State campus: That afternoon the college joined the list of those infected with the most
recent virus to be unleashed on the desktop computers of the world. Fortunately, thanks to
the quick actions of the college's Information Technology (IT) staff, the impact was
isolated to a small number of systems.
Nicknamed Goner (short for "W32/Goner@MM"), the virus was labeled a Class 4
Internet Worm with a high-risk assessment. (A Class 5 Virus is considered the worst). The
Goner virus spreads rapidly, using Microsoft Outlook to send itself to all entries in the
infected computer's Address Book. Information on "Goner" and other viruses is
available from a link on the IT Website.
The virus was first identified at the college early in the afternoon on the 4th. Because
the global discovery date of the virus--when it was officially recognized--was that same
day, there were no updated screening definitions to fight the virus available immediately.
These definitions have to be developed once a virus is identified, and, until updated
definitions for Goner could be developed and applied, computer systems everywhere were
Gavin Budd, of IT's Networks and User Services Group, was instrumental in limiting the
virus' spread on campus. Describing events, Budd said, "Normally new virus
definitions are automatically updated on our systems. However, since this virus was
spreading so rapidly, it was able to reach us before anti-virus vendors had definitions
available to screen for it." Budd worked closely with the college's virus scanning
software vender to make sure updated definitions for Goner were put to work as soon as
Lewis-Clark State uses virus scanning software from Network Associates to protect the
college from defined viruses. Within a very short time, Network Associates had updated
virus definitions for Goner available and Budd forced a download of these definitions to
the Lewis-Clark State system.
At the same time, Lewis-Clark's email server was shutdown to prevent further propagation
of the virus to other computers on campus. Administrative Assistant Julie Crea and others
in IT were also notifying email users of the situation and advising them about actions to
take when mail service was resumed. Once the college's anti-virus software was updated,
the email server was returned to service and clean-up of the infected systems began. Budd
and IT co-worker Jon Sittner visited each infected desktop computer to return them to a
Commenting on the virus' impacts, IT Director Carmen Rahm noted that, "In addition to
the pure nuisance of this virus, it does have direct and indirect impacts: First of all,
the virus attempts to delete security software and other files located on computers that
it is able to infect. Another impact of viruses that spread in this manner, is that they
will consume huge amounts of storage space as the email is sent hundreds or even thousands
of times." He added that detailed information on the "payload" of the Goner
virus is available on web.
Outside of the problems it may have caused for college computer users, Rahm said the virus
may have created an opportunity of sorts: Lewis-Clark State email users, whether infected
with the virus or not, would be encouraged to take steps to clean-up email in their
"Sent" and "Deleted" folders. He reported that Instructions for doing
this, as well as answers to other frequently asked questions (FAQ's) regarding email are
available on the IT website.
Can these attacks be prevented? Rahm's response to that question was: "There are
certainly numerous steps that can be taken to reduce the risk of infection by these
viruses. However, due to the speed at which this and other viruses are spreading,
guaranteeing that viruses will never attack Lewis-Clark is impossible. The only true way
to maximize protection would be to disconnect from the Internet, ban personnel from
carrying CDs and disks from off-campus, place burdensome restrictions on how email is
managed, or move to lesser used systems/software that are currently not the targets of the
These options are clearly not realistic in the higher education environment, Rahm noted.
"So education, up-to-date screening software, and other tools of the times will
continue to be employed as they are needed."