ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 

News - Aug 2003

   
 
     
Reports of W32.Dumaru@mm worm on campus
 

Aug 29 2003 - A fairly new mass mailing worm pretending to be email from Microsoft has been reported on campus. It has been added to the inbound mail filters to prevent future copies from arriving via the uic.edu mail servers.

The email has the following characteristics:

  • From: "Microsoft"
  • Subject: Use this patch immediately !
  • Message:
    Dear friend , use this Internet Explorer patch now!
    There are dangerous virus in the Internet now!
    More than 500.000 already infected!
  • Attachment: patch.exe

For more complete information: http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html

If you haven't installed Norton AntiVirus on all your machines, both on campus and at home, or if you haven't run LiveUpdate recently, do it now.

For more information, see http://www.uic.edu/depts/accc/software/antivirus/

  
     
Links to Info and Removal of Sobig and Blaster Worm
 

Aug 27 2003 -

Blaster Worm

The W32.Blaster.Worm exploits the DCOM RPC vulnerability in Windows 2000, Windows XP, Windows NT, and Windows 2003 Server machines. The ACCC has prepared a CD with the patches you need for your machine, virus definitions, and Symantec Antivirus; you can get it from either BGRC (Taylor and Damen) or in 2267 SEL (near Halsted and Taylor). Alternatively, you can go to a different machine, and download the virus removal tool Symantec (first link) and patches from Microsoft (second link):

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

The first link is to the Symantec Security Response site; it includes information about the worm and complete instructions on removing the worm.

Even if you haven't gotten Blaster, you should go to the second link, or run Windows Update, to patch the vulnerability.

If your on-campus machine has been infected with the Blaster worm, you will need to have the virus cleaned and the machine patched before the ACCC's filter will removed from your machine. If you're removing Blaster from an on-campus machine that has been filtered, after the patch is applied and worm removed, please reply to the original email sent to you stating that your machine has been filtered and let them know that your machine has been patched and the virus removed. This will expedite the removal of the filters on your machine.

Sobig

Sobig email has the following characteristics:
  • From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address, admin@internet.com, as the sender.
  • Subject: 
     
Re: Details 
Re: Approved 
Re: Re: My details 
Re: Thank you! 
Re: That movie 
Re: Wicked screensaver 
Re: Your application 
Thank you! 
Your details
  • Body: 
     
See the attached file for details 
Please see the attached file for details.
For more information and removal tools and instructions, see Symantec's Security Response Center: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html.

  
     
ACCC System Outage - 7pm to 9pm Thursday August 14th
 

Aug 13 2003 - The ACCC will be installing new power protection for the east and west campus server rooms. During the installation of the new machinery systems and services will be unavailable. This includes a brief interruption to internet access. If you have any questions please contact our Network Operations Desk (NOC) at 312-413-8080.

Mark N. Goedert ACCC LAN Manager

  
     
Port Filters on Dialin - Can't Use Outlook/Exchange Via Dialin
 

Aug 12 2003 - There is a new worm on the Internet that attacks the MS Windows operating system -- not email -- and has been attacking the UIC campus via the dialin lines. To prevent this attack we have filtered incoming traffic on the dialin lines from several "ports".

The vulnerability this worm attacks was discovered several weeks ago and patches are available from Microsoft. For more information about the worm, including instructions on how to detect and delete it and links to Microsoft's Security Bulletin and information on how to install the patch, see Symantec (Norton AntiVirus)'s W32.Blaster.Worm.

Filtering these ports will stop people from using Outlook/Exchange via the dialin lines. We're sorry for the inconvenience, but we had to do it because the home machines of many dialin users are unpatched and are heavily infected with the Blaster worm and we need to protect the UIC network and our connections to the Internet.

 
     
Blackboard scheduled downtime
 

Aug 12 2003 - Blackboard is down for system maintenance, scheduled to last from 1pm until 9pm.

  
     
ACCC all-system downtime for UPS switch 8/14 6:45pm
 

Aug 12 2003 - Electrical contractors have finished installation of the new UPS (Un-interruptible Power Supply) systems in our BGRC (west) and SEL (east) machine rooms.

After extensive testing to date, a final system test will be performed on Wednesday, August 13th. Assuming success in this last run-through, BGRC will be cut over beginning at 6:45 PM on Thursday, August 14th.

ALL ACCC servers and routers in BGRC, and later in SEL, must be completely powered down during the UPS cutover.

We are planning a two-hour window, though the contractor suggests it should go much more quickly than this. Assuming quick success at BGRC, we will go over to SEL to complete the East-side cutover, which requires much less downtime.

This time was scheduled to coincide with Interim Break from classes, and it is also a time when we will have the maximum complement of available ACCC Systems and Network staff on-hand.

UI-Integrate traffic will not be interrupted, as there is an alternate path to UIUC through a separate network feed not affected by either cutover.

  
     
UICalendar down Sunday 8pm for 4-6 hour
 

Aug 08 2003 - The UICalendar service will be down for maintenance starting Sunday August 10th at 8pm. The outage should last 4 to 6 hours./

  
     
UICalendar down this morning
 

Aug 05 2003 - We are experiencing problems with UICalendar this morning (Aug 05). We're working to resolve the problems asap, but the calendar server is down in the meantime.

  
     
Virus Alert -- Subject: "your account"
 

Aug 01 2003 - A new virus is going; its particulars are: 

   Subject: your account                         iywigoeg
   Hello there,
   I would like to inform you about important information regarding your
   email address. This email address will be expiring.
   Please read attachment for details.

Don't open the attachement. The ACCC doesn't send attachments like this. If we have something to say to you, we'll say it plainly in PLAIN TEXT.

The attachment is a zip file that tries to exploit an unpatched vulnerability in Internet Explorer.

To slow the spread of this virus we are adding *.zip to the list of file extensions that are renamed to *.txt files by mimedefang. If you do receive a .zip file that's genuine, you can still save it and rename it back to .zip.

Sorry for the inconvenience, but it's better than being hacked.

Bob Goldstein, ACCC

  

   JGS
UIC Home Page Search UIC Pages Contact UIC