Blaster Worm, Sobig Hit MIT ComputersBy Michael E. Rolish
Recent worms and viruses attacking Windows operating systems have created large-scale problems on the MIT network.
One worm, known as the Blaster, exploits a vulnerability revealed by Microsoft in mid-July. It is designed to infect other machines on the network, install a backdoor on the host computer, and periodically attack a Microsoft Web site. There are several variants of the worm.
“The worm has probably been the most virulent I have ever seen,” said Linda LeBlanc, network security analyst for Information Systems.
“We’ve had more than 750 machines compromised in the past three weeks. Five hundred are currently off the net and awaiting reinstallation,” LeBlanc said.
The MIT network has also been plagued by the SoBig virus that infects Windows computers via e-mail attachments.
Noah Meyerhans, system administrator for the MIT Computer Science and Artificial Intelligence Laboratory, said that the ai.mit.edu and csail.mit.edu domains have begun filtering e-mail for the virus.
“In the span of about 24 hours, our servers blocked over 40,000 copies of the SoBig virus,” he said.
MIT, Microsoft offer advice
LeBlanc said the MIT policy for compromised machines is that their hard drives should be reformatted and the operating systems re-installed.
However a vulnerable machine still needs to connect to the Internet to download the necessary patches.
“This worm has been so widespread that people have been compromised while downloading patches,” LeBlanc said. She cited an example where a vulnerable computer was compromised within a minute of being put on the network. As a result, Information Systems is distributing the patches on compact disks.
A spokeswoman for Microsoft listed three measures as part of the softwaremaker’s “Protect Your PC Campaign”: 1. Use a firewall, like the Internet Connection Firewall already in Windows XP. 2. Use Microsoft Windows Update to keep your PC up to date. 3. Install antivirus software and ensure it's up-to-date.
LeBlanc offered this advice: “If you receive e-mail from [Network Security] ... please do what we ask you to do and send us e-mail telling us you’ve done it.”