August 18, 2003
UCSC computing staff dealing with computer worm
By Janine Roeth
The Microsoft Blaster Internet worm grabbed a lot of attention last
week as it infected up to 1.4 million Microsoft Windows computers, according
to the CERT Coordination Center. Users saw mild symptoms if infected,
with their computers mysteriously rebooting, but mostly the worm was
just busy trying to infect other computers.
"This is a reminder to everyone to patch, patch, patch,
and to do so immediately. That is the best protection against these
worms." says Mark Boolootian, a member of the UCSC Information
Systems Security team. Microsoft makes patches available on their
website. |
UCSC was among the sites affected. By Tuesday evening, it was clear
that there were Windows computers on campus that were infected. By Wednesday,
many computing support staff members were busy protecting other Windows
systems, and the UCSC Information Systems Security team had worked to
block the propagation attempts in and out of the campus network.
As a result, UCSC was not crippled as other businesses and institutions
reported in the media, but many computing staff were kept busy applying
patches.
A "patch" is software that fixes a flaw that makes the computer
vulnerable to worms. The vulnerability that the Blaster worm exploited
and the corresponding patch were announced in mid-July.
The Blaster worm continues to exist on campus, but mid-level computing
coordinators responded in dramatic fashion and aggressively patched
and disinfected systems campuswide.
The number of vulnerable and infected systems at the start of the week
was greatly
diminished from what was seen at the end of last week. The worm has
been
modified several times since first released, and the latest incarnation
is
benevolent. But just as this problem receded, another rash of of virus-infected
e-mail courtesy of the Sobig
virus arrived in campus mailboxes.
"This is a reminder to everyone to patch, patch, patch, and to
do so immediately. That is the best protection against these worms."
says Mark Boolootian, a member of the UCSC Information Systems Security
team. Microsoft makes patches available on their web
site.
For those who were too late and whose computers were infected, the
task was to patch and then clean the systems. There are several removal
tools from antiviral vendors, including Network
Associates, Trend Micro,
Symantec,
and Computer
Associates.
The punch of the Blaster worm was expected to come on August 16, when
all infected systems would then turn their attention to one of Microsoft's
websites, www.windowsupdate.com. The flood of Internet traffic
was intended to make this Microsoft site unavailable--an attack known
as a Distributed
Denial of Service. Ironically, this Microsoft web site is one of
several Microsoft sites that distributes "patches" for Windows
systems. By Friday, Microsoft had announced that it was removing the
target site to thwart the attack expected to start that evening.
Information about IT Security can be found at the UCSC
Information Systems Security website
Information and local copies of patches and removal tool are also available
at that site.
Questions on the support of your campus computer can be directed to
your computing coordinator or more generally to the CATS Information
Resource Center, 50 Communications, (831) 459-HELP or help@ucsc.edu.
Return to Front Page
|