[unisog] DShield and Symantec report MSBlast in wild

Mike Honeycutt honeycutt at unca.edu
Tue Aug 12 19:26:23 GMT 2003

We are still brain storming, but our current plan is:

1.  Distribute a flier describing the problem.
	(Perhaps followed by email to all residence students).

2.  Direct them to an on-campus web page with the patch - windowsupdate
	is getting slammed.

3.  Have them run the program from Symantec to remove the worm if
	they have it.

STRONGLY encourage them to start visiting windowsupdate.microsoft.com
on a regular basis since we know most students have never applied any

Mike Honeycutt  UNC Asheville University Computing

-----Original Message-----
From: Dax [mailto:dax at resnet.ucsb.edu] 
Sent: Tuesday, August 12, 2003 11:35 AM
To: Jeff Bollinger
Cc: Gary Flynn; unisog at sans.org
Subject: Re: [unisog] DShield and Symantec report MSBlast in wild

	Seconded...I'd love to hear any proactive measures that schools are
considering to combat this when Fall arrives...

On Tue, 12 Aug 2003, Jeff Bollinger wrote:

> Speaking of which, anyone have any good plans to prevent another 
> uprising for when the students do come back?
> Thanks,
> Jeff
> Jeff Bollinger, CISSP
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
> On Tue, 12 Aug 2003, Gary Flynn wrote:
> >
> >
> > Edward W. Ray wrote:
> >
> > > While this is illegal, and no site should be DDoSed off the web, I 
> > > find the fact that the worm slams the M$ site rather amusing :)
> >
> > That is because you don't have 10,000 student computers getting 
> > ready to come back to campus in a week that will need the Windows 
> > Update site operational. :)
> >
> > I'm cringing.
> >
> >

More information about the unisog mailing list