INFORMATION SERVICES
August 2003
return
to Information Services
Announcements from the Bulletin, Today, Notification-L
08/26/03, E-Mails from Ted Fines / Sobig.F
To all:
Here's what the Sobig.F virus does once it infects a computer:
Sends out e-mails to addresses in the infected computer's
Outlook addressbook. In the From address, it just
puts in other addresses from the addressbook.
So no, I didn't send any of those notification-l messages. No, I never
was infected, and no, I don't use Outhouse - er Lookout - er Outlook.
Many people called about this, asking, Did I really send those? Keep up
the skepticism!
You can easily examine an e-mail and get a pretty good idea of its
authenticity by reading "How to determine whether an e-mail is bogus"
from 6/10/03. Read it at http://www.
macalester.edu/infoservices/2003june.html. Look for the part about
headers. - Ted Fines [Notification-L]
08/22/03, The Blaster Worm
If you still are battling this beast, or it only just visited you, go to
http://www.macalester.edu/cit/.
There you will find links to programs written by C.I.T. staff to rid
your machine of the worm, restore its settings and install Microsoft's
patch to ward off another attack. If your computer is too unstable to
support the download, come to the Help Desk, where we will lend you a CD
with the program. It works on home computers, though we do not guarantee
results unless the machine is College-owned. [Bulletin]
08/22/03, E-Mail
is growing by leaps and bounds and we are developing strategies to
handle the load. One issue is the size of some Inboxes. Because the
server must comb through all of them to open each, the volume of data in
your Inbox matters to others. Simply moving old e-mail to another folder
is all that is required, though this is the perfect opportunity for real
house-cleaning. We will enforce a generous 5 Megabytes per Inbox rule by
moving the excess into another folder. The need is exacerbated by delay
in shipment of our new, larger server from Sun Microsystems. We had
planned installation this summer but must wait until fall break.
[Bulletin]
08/22/03, New Faculty Orientation
This is the best opportunity for your new colleagues to fire up their
network accounts, activate their library card, see Media Services'
production facilities and meet each other. The Center for Scholarship
and Teaching (Prof. Jan Serie, Director) coordinates and it begins at 9:00
AM, Thursday August 28, 4th floor of Humanities. [Bulletin]
08/22/03, Information Services Advisory Committee
This group advises on policy for computing and information technology,
the library and media services. The faculty and staff membership would
be happy to hear your suggestions and comments (as would I.S. staff, of
course). The Chair is Prof. Eric Wiertelak and the second faculty member
is Prof. Karen Nakamura. Staff representatives are Kate Abbott and Brian
Lindeman. [Bulletin]
08/20/03, Sobig Virus
The Sobig virus is getting lots of notoriety. So far, only one truly
infected computer has been identified on our network. Lots of people,
however, are seeing spurious e-mail generated by this or infected
computers elsewhere. The virus hijacks the e-mail address book of the
infected machine and automatically sends e-mail. The e-mail potentially
carries a virus in an attachment but would affect your computer only if
you choose to open it.
Our scanning technology has intercepted thousands of virus payloads.
Further, we have taken the extraordinary measure of blocking forty-three
varieties of executable files as attachments to e-mail to prevent
further infection during this outbreak. You can still send and receive
any file as an attachment if it is compressed in any of the common
compressed formats, such as .zip, .sit, .gz, .tgz, .arj, etc. We will
discuss the considerations of security versus convenience and
implications for our educational program with our advisory committee
before lifting this measure.
As always, please contact the Help Desk at x6525 if you suspect that
your machine needs intervention. [Notification-L]
08/19/03, Internet Services Restored (2:03 PM)
A short time ago, the network staff got our internet connection back up
and running. The issue was determined to be some sort of equipment
problem in our firewall. There has been a work-around put in place while
the firewall is fixed. [Notification-L]
08/19/03, Internet Connection Down (9:39 AM)
As you've probably noticed, our internet connection is currently down.
The cause seems to be a hardware failure in the device that controls our
connection. Support staff from Qwest are currently on their way to fix
the problem. We will send out an update when we have more information on
the problem. [Notification-L]
08/18/03, Multi-System Outage On Thursday 8/21
At 5:00 PM on Thursday, August 21, all of the Netware servers will be
taken down for maintenance. This will affect just about everyone.
Why? All of our Netware servers connect to a SAN (Storage Area Network)
unit which needs to be rebooted. The SAN provides all disk storage for
all of the Netware servers. We are upgrading the software on the SAN,
which requires a reboot.
Services affected:
All file and print services will be unavailable. No printing, no G:\
drive, etc. E-mail and Corporate Time will also be unavailable during
this time, as they authenticate users through LDAP, which runs on our
Novell servers. Macalester's Web server will be down, sort of. We'll
have at least a temporary page up for that, and possibly something more
comprehensive.
Access to CARS and the Internet will not be affected by
this outage.
The upgrade is supposed to take 30 minutes. Upgrades to this system in
the past have gone just as expected and have been painless. But you
never know. [Notification-L]
08/15/03, The Worm's Turn
The Blaster worm continues on its merry way across the Net, infecting
computers and propagating itself to other Windows XP, Windows 2000 and
Windows NT machines. Macalester faces a two-fold challenge: protecting
college-owned computers on our local area network and dealing with the
introduction of the worm via personally-owned computers. The arrival of
our students will make early September especially adventuresome.
Our first priority is to keep our college-owned computers working. We
face a complication here. The nature of the worm is to interfere with
the cleansing action of the patch issued by Microsoft if the computer
already has been infected. The computer needs to be pre-scrubbed in
order for the software patch to successfully install and provide
protection from that point.
C.I.T. staff wrote a program, called MacBlast, to do just that and it is
available at http://www.macalester.edu/cit/.
If you have a Windows XP computer, please go to that location and
download the program. After further development this weekend, we will be
able to automatically run the program on susceptible computers early
next week.
You may go to the C.I.T. Web site and download the program to your home
computer as well. A test download over a 56 Kbps dial-up connection
took 15 minutes. If your computer is too unstable to support the
connection, come to the Help Desk or call x6525 and arrange to borrow a
CD with the program. We have not subjected the program to rigorous
testing so we cannot guarantee results.
Details on the Blast worm are available at http://www.symantec.com. [Notification-L]
08/13/03, E-Mail and the Blaster Worm
E-mail interruption on 8/12/03
Due to a system problem which appears to be hardware-related, inbound
e-mail from the Internet was not reaching Macalester for a period of
about 2-3 hours on 8/12/03. Outbound and intra-campus e-mail were
unaffected. This outage didn't have anything to do with Blaster - the
timing is just a coincidence.
The Blaster Worm
The Blaster worm is creating a lot of work and hassle. Microsoft's
Windows Update site has been overwhelmed by the volume of requests for
updates. We have downloaded the Blaster patch and made it available on
our local servers. Visit http://www.macalester.edu/cit/
to get it. Everyone using a Windows NT, 2000 or XP computer is
strongly encouraged to do this immediately.
The Help Desk has several students and staff out busily fixing computers
that have already been infected with the Blaster worm. If you think
your computer is infected, the Help Desk is still the place you want to
call, x6525.
Several servers were rebooted this morning, after getting patched for
the Blaster worm. Among them are: Corporate Time, Powerfaids, and the
on-line directory. We apologize for the lack of notification, but
urgently wanted to get them patched. [Notification-L]
08/12/03, Critical Security Update for Windows
There is a nasty computer worm (like a virus) named 'Blaster' spreading
on Windows XP and Windows 2000 computers. This worm does not affect any
Macintosh, WIndows 98, 95 or ME computer.
Unlike most recent viruses, worms do not spread via e-mail, but directly
over the network. So even if you haven't received any funny e-mails, it
is entirely possible you are infected.
It is very important that you update your Windows computer with the
built-in Windows Update so that it is not affected by this worm. There
are a couple ways to run Windows update:
(1) Launch Microsoft Internet Explorer (no other
Web browser will work) and click on this link: http://windowsupdate.microsoft.com
-or-
(2) Click Start, then Run, then type in 'wupdmgr.exe'
Either method will take you to the Windows Update web site. There,
click "Scan for Updates." The scan will take a little while, then the
web page will read "Review and Install Updates". Click this link. Then
click on the "Install Now" button when it is displayed.
You will probably be asked to reboot your computer after the updates are
downloaded and have run. After you reboot, RUN WINDOWS UPDATE AGAIN. Why?
Some updates do not appear until other updates are installed. Also, not
all updates can be installed simultaneously. Continue to run Windows
Update until there are no 'Critical Updates and Service Packs'
available.
If you have any questions about this or need assistance, please contact
the Help Desk, at x6525. If you're judiciously skeptical about the
origins of this e-mail, this announcement may also be read at
http://www.macalester.edu/cit/.
More info on 'Blaster': http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
More info on the difference between a virus and a worm:
http://www.symantec.com/avcenter/venc/data/wormvsvirus.html [Notification-L]
08/12/03, Your Voicemail
We have had reports of problems with our voicemail system. Examples are
message lights not turning on or messages not being delivered in a
timely manner. If you haven't checked your voicemail lately, please do
so, even if your message light is not on. If you experience any of
these problems - or others - please call Telecommunications at x6566.
We apologize for any inconveniences and hope for a speedy resolution! [Notification-L]
08/08/03, Telephone Service Downtimes, Saturday August 9
In order to upgrade Macalester's telephone services, all telephone
systems will be taken down starting at 10:00 AM tomorrow, Saturday
August 9. Service is expected to be restored by 12:00 noon (of course,
the work could take longer). During the downtime, all campus phone
services--including voicemail and 911 access--will be unavailable.
Pay phones will be unaffected: these are located in the lower level of
the Campus Center, the hallway of the Art Gallery, and the Snelling
Avenue entrance to the Field House.
You may be wondering "wasn't this service performed recently? It was
announced a couple of times in Notification-L." You remember correctly.
The phone service upgrades/downtimes have been scheduled and announced
twice since mid-July, only to be cancelled at the last minute by our
vendor. We sincerely hope that the third time is the charm for these
necessary service improvements! [Notification-L]
08/05/03, That Letter From Dr. George Ibrahim
Many people have forwarded me a message from "Dr. George Ibrahim." The
letter states that you will get a percentage of millions of dollars if
you just provide some seed money and/or bank account numbers.
Unfortunately, I got this e-mail before any of you and already responded
to Dr. Ibrahim. I'll be getting the millions! [JOKE! - editor's note]
In all seriousness, this is completely fraudulent, and known as the
Nigerian Scam, or the 419 Scam (supposedly named after the relevant
section of the criminal code in Nigeria). Variations of this have been
around for a few years now. Read more about it here:
http://www.snopes
.com/inboxer/scams/nigeria.htm.
This, and another e-mail purporting to be from your "System
Administrator" have been making the rounds lately. Both are nonsense
and may be quickly debunked by taking a look at the headers (see the
notification-l titled "How to Determine Whether an E-Mail is Bogus" in
the archives at http://www.macalester.edu/infoservices/2003june.html
for info on this). The letter from "Dr. Ibrahim" for instance, who is
supposedly from the Ivory Coast, originates in the United Arab Emirates
(http://www.uaenic.ae/). [Notification-L]
[return to Information Services ] [CIT homepage] [Library homepage] [Media Services homepage]