Blaster Worm Continues To Plague MIT CampusBy Gireeja Ranade
The Blaster worm continues to plague the MIT community, with over 900 network drops still disabled, eight weeks after Microsoft recognized the vulnerability in Windows 2000 and XP.
“Approximately 3,000 to 4,000 machines all over campus have been affected. In the last 60 days a little over 1,652 drops have been turned off. Of those 916 drops are still off right now,” said Robert Mahoney, Network Security team leader for Information Systems.
“This is the first time we have seen 10,000 machines vulnerable,” Mahoney said.
On July 30, Network Security began to see one machine compromised per minute, as opposed to initial rate of three compromises per hour, Mahoney said.
“As of last week, when I started, there were about one thousand disabled drops on campus ... that’s a lot more than the two or three cases you expect in a week,” said Thomas E. Cavin, manager of computer operations for the Division of Health Sciences and Technology, who volunteered to help Network Security re-enable disabled drops.
Cavin said that Network Security requires users to reformat their hard drive and re-install their operating system before the network drop is turned back on.
“Reinfection rates are very high. You need to follow the instructions to lessen your chances of being reinfected.” Cavin said.
“Microsoft has not had the best security record in the past. Even if they did, the mere fact that there are so many Microsoft computers out there means a single flaw in their code leaves a vast number of machines vulnerable,” Cavin said.
“We have been working really hard and we would appreciate people realizing this. I ask that people be patient,” Mahoney said.
Dominik R. Rabiej ’05 is one of the many students deprived of network access.
“I do realize that they are swamped. But it does seem strange that they can turn off a drop within three hours but not turn it back on for ten days,” Rabiej said.
Microsoft issues new update
On Wednesday, Microsoft issued a new patch for another Windows vulnerability, to prevent another Blaster-like intruder from compromising machines.
“All machines that have recently been patched for the MS03-026 vulnerability are once again vulnerable to a new known method of remote compromise. I write to ask all Windows users to immediately install the new patch made available by Microsoft,” said James D. Bruce, vice president of Information Systems, in an e-mail to all of the MIT community.
In response to this development, Information Systems will require all students registered for dynamic network access to reregister. For assistance registering a dynamic network access, visit http://web.mit.edu /is/help/dhcp/dhcpstud.html.