[unisog] DShield and Symantec report MSBlast in wild

Bill Martin bmartin at luc.edu
Wed Aug 13 03:24:25 GMT 2003


Much easier than that.  A simple cmd scripts will do.

1-check for msblaster.exe and branch according
2-apply the MS patch
3-run the symentec blaster cleaner
4-Reboot.

This can be done through any login script (Novell, Win32, etc)

-Bill Martin-
Sr. Systems Analyst
Loyola University Chicago
bmartin at luc.edu
-Bill Martin-
Sr. Systems Analyst
Loyola University Chicago
bmartin at luc.edu
>>> "Mike Honeycutt" <honeycutt at unca.edu> 08/12/03 14:27 PM >>>

We are still brain storming, but our current plan is:

1.  Distribute a flier describing the problem.
	(Perhaps followed by email to all residence students).

2.  Direct them to an on-campus web page with the patch - windowsupdate
	is getting slammed.

3.  Have them run the program from Symantec to remove the worm if
	they have it.

STRONGLY encourage them to start visiting windowsupdate.microsoft.com
on a regular basis since we know most students have never applied any
patches.


Mike Honeycutt  UNC Asheville University Computing

=============================== 
-----Original Message-----
From: Dax [mailto:dax at resnet.ucsb.edu] 
Sent: Tuesday, August 12, 2003 11:35 AM
To: Jeff Bollinger
Cc: Gary Flynn; unisog at sans.org
Subject: Re: [unisog] DShield and Symantec report MSBlast in wild


	Seconded...I'd love to hear any proactive measures that schools are
considering to combat this when Fall arrives...
	
/Dax

On Tue, 12 Aug 2003, Jeff Bollinger wrote:

> Speaking of which, anyone have any good plans to prevent another 
> uprising for when the students do come back?
> 
> Thanks,
> Jeff
> 
> Jeff Bollinger, CISSP
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
> 
> On Tue, 12 Aug 2003, Gary Flynn wrote:
> 
> >
> >
> > Edward W. Ray wrote:
> >
> > > While this is illegal, and no site should be DDoSed off the web, I 
> > > find the fact that the worm slams the M$ site rather amusing :)
> >
> > That is because you don't have 10,000 student computers getting 
> > ready to come back to campus in a week that will need the Windows 
> > Update site operational. :)
> >
> > I'm cringing.
> >
> >
> 




More information about the unisog mailing list