The Office of Information Technology has modified the network registration procedures used in the dorms and on the wireless network to combat the spread of viruses and worms on campus.
The university minimized damage last week from the attack of the Blaster worm, but this week many university employees were afflicted with hundreds of phony e-mail messages coming from machines infected with the Sobig.f worm. With subject lines such as "Your Details" and "Your Applications" and "Thank You," the messages quickly filled up many e-mail boxes if employees weren't diligent in deleting them.
"August has been a rough month from the standpoint of viruses and worms. We've seen the W32/Blaster worm and the Sobig.f virus infect hundreds of machines at Duke," said Chris Cramer, the university information technology security officer. "To help counter the infestation, we have made some changes to the network registration page that students see when they first use the network.
"Students will have the option of downloading the Microsoft patch, the worm cleaning tool and the Duke site-licensed anti-virus and personal firewall - all for free."
The Sobig.f virus spreads through e-mail, but unlike many recent e-mail viruses, it appears to spread very rapidly, perhaps because of the intriguing subject lines that it uses, Cramer said. "Sobig.f is the latest mutation of an older virus which sends out attachments that infect the user who opens them," he said. "If you see unfamiliar or unexpected messages in your inbox - even if they come from people you know, it's best not to open the attachment."
E-mail plays no role in the spread of the W32/Blaster worm, Cramer said. "Blaster takes advantage of a vulnerability in Windows NT, 2000, XP and 2003 server, but does not impact other operating systems such as Macintosh, Linux or Windows 95, 98 or ME. If you are running one of the vulnerable operating systems, you are at risk until you apply the patch from Microsoft. The new front page on the network registration system gives all of the information you need to protect yourself from this worm."
Although the network registration screen provides the information and links, users have to install the patch, the anti-virus and personal firewall programs themselves, Cramer said. "It's important to take time to do this. Blaster spread so rapidly and caused so many problems because so many people had not downloaded the patch." The anti-virus program is configured to automatically update itself with the latest virus definitions.
"Once students have installed the anti-virus program, it should just work. Students should not have to take any additional steps."
Cramer said it's important for students to turn on the automatic Windows updater. "More security holes will be found and more worms and viruses will be written to take advantage of them. The automatic updates from Microsoft and McAfee reduce the risk of getting your system trashed and losing all your work."
Infected computers that are causing problems for other computers may be pulled off the network. "While we do not want to take such drastic measures and will try to contact the owner of a computer first, we need to be certain that the network is available for everyone. So, computers that have not installed the recommended patches and software installed and which become a problem, may have to be quarantined to protect everyone else," said Cramer.