[unisog] DShield and Symantec report MSBlast in wild

Bill Martin bmartin at luc.edu
Wed Aug 13 03:24:25 GMT 2003

Much easier than that.  A simple cmd scripts will do.

1-check for msblaster.exe and branch according
2-apply the MS patch
3-run the symentec blaster cleaner

This can be done through any login script (Novell, Win32, etc)

-Bill Martin-
Sr. Systems Analyst
Loyola University Chicago
bmartin at luc.edu
-Bill Martin-
Sr. Systems Analyst
Loyola University Chicago
bmartin at luc.edu
>>> "Mike Honeycutt" <honeycutt at unca.edu> 08/12/03 14:27 PM >>>

We are still brain storming, but our current plan is:

1.  Distribute a flier describing the problem.
	(Perhaps followed by email to all residence students).

2.  Direct them to an on-campus web page with the patch - windowsupdate
	is getting slammed.

3.  Have them run the program from Symantec to remove the worm if
	they have it.

STRONGLY encourage them to start visiting windowsupdate.microsoft.com
on a regular basis since we know most students have never applied any

Mike Honeycutt  UNC Asheville University Computing

-----Original Message-----
From: Dax [mailto:dax at resnet.ucsb.edu] 
Sent: Tuesday, August 12, 2003 11:35 AM
To: Jeff Bollinger
Cc: Gary Flynn; unisog at sans.org
Subject: Re: [unisog] DShield and Symantec report MSBlast in wild

	Seconded...I'd love to hear any proactive measures that schools are
considering to combat this when Fall arrives...

On Tue, 12 Aug 2003, Jeff Bollinger wrote:

> Speaking of which, anyone have any good plans to prevent another 
> uprising for when the students do come back?
> Thanks,
> Jeff
> Jeff Bollinger, CISSP
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
> On Tue, 12 Aug 2003, Gary Flynn wrote:
> >
> >
> > Edward W. Ray wrote:
> >
> > > While this is illegal, and no site should be DDoSed off the web, I 
> > > find the fact that the worm slams the M$ site rather amusing :)
> >
> > That is because you don't have 10,000 student computers getting 
> > ready to come back to campus in a week that will need the Windows 
> > Update site operational. :)
> >
> > I'm cringing.
> >
> >

More information about the unisog mailing list