Cyberworm freezes campus

By Вen Li

Faster than a speeding bullet, a new computer worm wreaked havoc on the Internet on Tues., Sept.18.

"Nimda," the latest development in cybermischief, slowed network access to a crawl across campus and left frustrated students behind.

"The worm was released at about 7 a.m. and we got infected at about 7:15 a.m. Tuesday morning," said U of C Information Technologies Manager of Network Services Tom Seto. "We noticed it because of the heavy traffic Nimda was producing trying to infect servers. We then started looking for the source of the heavy traffic and isolated about 16 infected networks."

To relieve the heavy traffic and isolate the infected networks, the entire campus network was disconnected until 9:11 a.m. Networks affected included servers at the Health Sciences Centre, which briefly lost all outside network access. The Elbow Room computer lab in Science Theatres was also crippled for most of the day when the application server for the lab became infected.

"Between 10:30 and 2 p.m. we contacted the administrators of those 16 networks to disinfect their machines," said Seto. "Then we gradually reconnected the networks as the administrators cleaned them."

All affected networks except one were reconnected to the rest of the campus network by the end of Tuesday afternoon.

According to experts, Nimda spreads among unpatched servers running Microsoft’s Internet Information Services Server Software via network connections. End users may also be infected via Web pages from infected servers.

"When the worm arrives by e-mail, it uses a [vulnerability in Outlook and Outlook Express] allowing the virus to be executed just by reading or previewing the file," explains the Symantec Antivirus Research Center. "Users visiting compromised Web servers will be prompted to download an .eml [Outlook Express] e-mail file, which contains the worm as an attachment."

Users of insecure PC versions of Microsoft’s Outlook and Outlook Express are vulnerable to infection. Since Nimda also spreads by sharing computer hard disks, the confidentiality and integrity of user data may also be compromised on infected systems, although it is unknown if anyone on campus was affected.

7 comments

Leave a comment