UCSC Currents online

Front Page
Appointments
Awards and Honors
Classified Ads
LettersPublications
UCSC in the News

August 18, 2003

UCSC computing staff dealing with computer worm

By Janine Roeth

The Microsoft Blaster Internet worm grabbed a lot of attention last week as it infected up to 1.4 million Microsoft Windows computers, according to the CERT Coordination Center. Users saw mild symptoms if infected, with their computers mysteriously rebooting, but mostly the worm was just busy trying to infect other computers.

"This is a reminder to everyone to patch, patch, patch, and to do so immediately. That is the best protection against these worms." says Mark Boolootian, a member of the UCSC Information Systems Security team. Microsoft makes patches available on their website.

UCSC was among the sites affected. By Tuesday evening, it was clear that there were Windows computers on campus that were infected. By Wednesday, many computing support staff members were busy protecting other Windows systems, and the UCSC Information Systems Security team had worked to block the propagation attempts in and out of the campus network.

As a result, UCSC was not crippled as other businesses and institutions reported in the media, but many computing staff were kept busy applying patches.

A "patch" is software that fixes a flaw that makes the computer vulnerable to worms. The vulnerability that the Blaster worm exploited and the corresponding patch were announced in mid-July.

The Blaster worm continues to exist on campus, but mid-level computing coordinators responded in dramatic fashion and aggressively patched and disinfected systems campuswide.

The number of vulnerable and infected systems at the start of the week was greatly
diminished from what was seen at the end of last week. The worm has been
modified several times since first released, and the latest incarnation is
benevolent. But just as this problem receded, another rash of of virus-infected e-mail courtesy of the Sobig virus arrived in campus mailboxes.

"This is a reminder to everyone to patch, patch, patch, and to do so immediately. That is the best protection against these worms." says Mark Boolootian, a member of the UCSC Information Systems Security team. Microsoft makes patches available on their web site.

For those who were too late and whose computers were infected, the task was to patch and then clean the systems. There are several removal tools from antiviral vendors, including Network Associates, Trend Micro, Symantec, and Computer Associates.

The punch of the Blaster worm was expected to come on August 16, when all infected systems would then turn their attention to one of Microsoft's websites, www.windowsupdate.com. The flood of Internet traffic was intended to make this Microsoft site unavailable--an attack known as a Distributed Denial of Service. Ironically, this Microsoft web site is one of several Microsoft sites that distributes "patches" for Windows systems. By Friday, Microsoft had announced that it was removing the target site to thwart the attack expected to start that evening.

Information about IT Security can be found at the UCSC Information Systems Security website

Information and local copies of patches and removal tool are also available at that site.

Questions on the support of your campus computer can be directed to your computing coordinator or more generally to the CATS Information Resource Center, 50 Communications, (831) 459-HELP or help@ucsc.edu.


Return to Front Page
  Maintained by pioweb@ucsc.edu
UC Santa Cruz Home Page Contact Currents Currents Archives Search Currents Currents Home Maintained By Email Contact