navigation content contact

Northern Illinois University
CalendarPhone BookCampus MapsN I U SearchA to Z IndexN I U Home
Current Issue
Archived Issues
Publication Schedule
Subscribe
Contact the Editor
Office of Public Affairs
News & Events
Northern Today
 


Blaster virus worms its way onto NIU’s network

NIU was not immune to the effects of the Blaster worm, a malicious computer virus that wreaked havoc on computers across the nation last week. The worm briefly slowed NIU’s computer network and caused erratic behavior on infected machines.

Information Technology Services (ITS) staff worked to block access points used by the worm and scan subnets for infected machines, preventing further spread of the worm. Thanks to their swift work, and some preventative steps taken a few weeks earlier, a relatively small number of NIU computers were infected: around 350 out of a possible 7,500.

“All of the IT staff on campus quickly came together to work to stop the spread of the worm and restore the malfunctioning computers,” said Walter Czerniak, associate vice president for Information Technology Services. “Many put in extra hours, and this will probably continue throughout next week. All did a first-class, professional job to keep the impact localized and not impact the entire campus.”

The department also created CD-ROMs with the repair patch, removal tool and instructions, and staff were dispatched to assist departments with computers affected by the worm.

The Blaster worm exploits a weakness in Microsoft’s newer operating systems.

“Microsoft provided a patch for the flaw back in July, but many users did not download and install the patch,” said James Fatz, director of NIU Enterprise Systems Support, noting that ITS actually applied the appropriate patches to the majority of machines under their management within days of Microsoft’s release of the patch.

The patch must be installed on all computers running Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003. A removal tool is available for infected computers once the patch has been applied.

“Removal tools can be used on an infected computer, but the machine also needs to have the patch applied. Otherwise, it would remain vulnerable,” Fatz said. “Also, because the computer was un-patched in the first place, there is no telling what else could have been done to the computer.”

Therefore, ITS recommends that any infected computer containing mission-critical or confidential business data be reformatted and rebuilt to ensure that no other compromises are present.

Meanwhile, ITS officials are concerned that faculty and students returning for the start of the fall semester this week might bring infected machines back to campus, causing another round of worm transmission.

“We expect mini-outbreaks of the worm as faculty come back this week and as students come back the week after that,” said Jason Richardson, manager of IT security and client development.

“We are blocking the means by which the worm spreads for the residence halls, so there is little chance of student computers infecting the rest of the campus. Faculty and staff computers should not be much of a problem as most of the campus machines are now patched, and we should be able to easily locate and block new infected machines as they come up.”

Faculty and staff who suspect their machine might be infected are urged to call their technical support person or ITS at 753-8100. Students should contact the ResTech Helpdesk at 753-6267 or ITS for assistance.

CD-ROMs with the patch and removal tool are available from the ITS Customer Support Center in Swen Parson 120. To download the patch and worm removal tools online, visit http://www.microsoft.com/security/incident/blast.asp.

8-18-03

NIU Office of Public Affairs, Lowden Hall 308, DeKalb, IL 60115
Web Site Feedback