MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsGrantlandCommunity HappeningsCampus News

Return to Main Menu

Worm virus cripples MUSC Internet link

MUSC’s Internet link to the outside world was scheduled to be restored slowly but steadily by week’s end following a virtual shutdown of campus Internet activity caused by a global computer virus attack.

“It’s an international problem,” said Frank Starmer, Ph.D., associate provost for information technology and professor of epidemiology, biometry and medicine.

The culprit was the computer program “W32-Nimda,” which slowed or shut down tens of thousands of computers around the world.

Starmer said the Nimda worm, which attacks only Microsoft computers, operates in two ways: via e-mail attachment called “README.EXE” or by an infected Web server attacking another vulnerable computer. Once a computer is infected by e-mail, it re-mails the worm to everybody in the infected computer’s address book.

Starmer said he noted that an infected server from off-campus began probing his computer around 9:30 am Tuesday. Eventually, a hospital-based computer was attacked, thus penetrating MUSC’s firewall and allowing other computers on the MUSC network to be attacked. Once the problem spread on campus, MUSC’s firewall crashed, cutting the institution off from the Internet.

“This was actually a blessing,” Starmer said, “because it kept other outside computers from infecting us, and it kept us from infecting computers on the outside.”

External e-mail access was reestablished around midnight Tuesday, and the more critical segments of MUSC’s network, such as clinical and academic activities, were brought on-line later Wednesday morning. Starmer said normal Internet activity should be reestablished by the end of the week.

A total of 43 MUSC-based computers were infected and those have been isolated from the network, Starmer said. A software patch to protect against the worm is available from <http://techweb.musc.edu>. Starmer said the users of the infected computers have been notified of the problem and informed that they must repair their computers before they will be allowed back on the network. Starmer encouraged all users of computers running Windows systems to download the software patches to prevent future attacks  by the Nimda worm. The virus does not affect Macintosh and Linux computers.

Starmer said MUSC’s Center for Computing and Information Technology (CCIT) has established a new firewall and added a program to rename executable e-mail attachments to prevent them from readily opening by a single click of the mouse. Recipients of e-mail attachments will have to rename the attachment in order to open them.

“For example, an attachment called anything.exe would be renamed to anything.exe.xyz to prevent it from executing when opened,” Starmer said.

“You should ask yourself if you really want to open that attachment or maybe just trash it instead,” Starmer said.