Tackling Malicious Code in a University Environment: A Case Study

and Selection Criteria This paper is a case study of malicious code incidents in a large public university as seen through the eyes of the security liaison over a one-and-a-half year period. It documents Internet research of these incidents and provides some helpful resources available on the Internet for other university Informa ion Systems Security Officers (ISSOs). This university acts as an Internet Service Provider (ISP) to the students, granting them access to the Internet in a variety of ways with multiple operating systems and platforms supported on multiple subnetworks. Although difficult to configure or control, this variety can have an advantage – diverse operating systems and e-mail applications can sometimes limit the amount of damage a specific instance of malicious code can cause given its dependencies on the operating system and/or applications it uses to spread. As long as there are users, there will be malicious code; so, as long as there are universities, there will be malicious code incidents. Glossary of Terms hybrid – as malicious code becomes increasingly sophisticated, a new type is emerging that combines characteristics from more than one type; e.g., malicious code that contains both worm and virus characteristics. mobile malicious code – viruses that self-propagate. This type of virus not only spreads itself by infecting new files, but it also “transfers the newly infected files to other systems.”[5] Because of this additional functionality, these viruses are only dependent on user action for initial infection and not propagation. security liaison – a university ISSO that acts as a liaison (e.g., being “NICE”) between the “suits” (e.g., administration, faculty, law enforcement) and “ponytails” (e.g., students, information technology (IT) staff) in addition to his/her regularly-defined ISSO duties.[29]