School Takes On Malware with Open Source
A team of I.T. staffers at the University of Indianapolis recently showed off a bundle of open-source tools and scripts it uses to trap and isolate PCs infected by viruses or spyware.
Dubbed Shelob, after the sinister giant spider in J.R.R. Tolkien’s “Lord of the Rings,” the software identifies suspect traffic patterns, identifies the computers involved and then shunts them to a closed virtual LAN. Users get an appropriate Web screen, explaining what’s happened and how to fix their PC or whom to call for help.
Shelob’s inner workings were shown off recently in Orlando, Fla., at Educause, the annual user conference for I.T. professionals in higher education.
The school says that since being rapidly thrown together during the Blaster worm outbreak of 2003, Shelob has helped to keep it free of network or service outages related to virus infections. One limitation is it works only with clients that are plugged directly into the LAN, not wireless about wireless devices.