MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsCatalyst PDF FileCommunity HappeningsCampus News

Return to Main Menu

Been wormed, virused, blasted—now what? 

by CCIT Staff
During the last few weeks, we were wormed, virused, and so blasted, our heads were spinning, and our hard drives weren’t.  If something wasn’t crawling around in our computers, it looked like it was flying out of our e-mail, meaning to sting us and infect us and shut us down. The wormholes are plugged, for now, but only barely. We’ll hear from these buzzing nasties again. It’s unfortunate, but it’s also the harsh reality of this neophyte information age.

Throughout the crisis, three questions were persistently asked: How did it happen? Whose fault is it? How do we keep it from happening again?

Before answering “how” we’ll back up a bit. 

Worm and virus computer infections aren’t like catching a cold, where you grab a door handle right after it’s been touched by someone sick. It’s more like a disease where, if you engage in high-risk behaviors, you’re almost certain to have a close call. 

Worms like Blaster and Welchia exploit problems with operating systems, such as Windows, OS X, and Linux. The high risk behavior for worms is ignoring the need to apply patches that correct operating system problems. 

If you’re a Windows 2000 or XP user, you’ve seen the annoying little cloud pop up on the bottom right of your screen, the one that says, “Learn how to apply Windows updates.” Like almost 800 (and counting) coworkers, instead of learning how to apply the updates, you may have clicked on the X to make it go away. In this particular case, there had been warnings about bugs in the conventional media for several weeks. Microsoft itself issued a cautionary notice in mid-July, followed by a plea to apply update patches to Windows 2000 and XP computers (the worm wranglers decided not to pick on the old stuff like Windows 95 and 98). 

On Aug. 12, we and the rest of the computing community learned the consequences of not configuring our workstations.

Viruses like Sobig.f also respond to a click but in a different way.  Here, they come attached to e-mails from either people you don’t know or people you do know but who wouldn’t send you such a message.  The high-risk activity for getting these infections is double-clicking on the attachment in order to see someone’s “beautiful girlfriend.”  Because this method of infection is so well-known, MUSC’s e-mail systems are designed to render most of these messages useless. Still, MUSC’s filters won’t help when you use a different e-mail system, like AOL. And a handful of coworkers learned the consequences of double-clicking on unknown attachments.

Feel bad now? That’s really not the point of this article. Instead of placing blame, by knowing the risk factors, you’re now armed to reduce the likelihood of being infected.

  • When the update reminder pops up, don’t ignore it. Learn how to properly configure your workstation for operating system patches. If you have questions about whether to actually apply a specific patch, ask your department’s IT coordinator (ITC) or CCIT; they’re probably already testing the latest patch’s impact upon MUSC’s applications.
  • If you receive a pop-up window or an e-mail message from MUSC Security, it’s real and it really means you. If the message states that you have an infection but cannot find or disinfect it, contact your ITC or CCIT.
  • If the e-mail message or the attachment doesn’t make sense, don’t open it. Just receiving an infection-bearing message doesn’t mean your computer has the infection. Doing something with it, however, could invite an unwanted guest that uses your computer for no good.  Sobig.f, for example, turned infected computers into spoofing servers that took address books and sent out thousands of messages that looked like they were being sent by the addresses in the address book. That’s why many of us received bounced notices and warnings about messages we really didn’t send.
  • Know how to use virus protection software. Protection software, from vendors like Symantec and Network Associates (whose VirusScan is available for both on-campus and off-campus computers from MUSC’s software download site at http://www.musc.edu/ccit/software) is only effective if it’s active and is only as good as its last update. You won’t get a friendly reminder to check for the latest virus scanning engine; you’ll have to remember to do that yourself.
  • The first part of self-defense is “self.” Even if you use a workstation that’s actively managed by a department’s ITC or CCIT, your home computer is your responsibility. Know it, accept it, live it.
  • Communicate! If you have concerns, ask! If you hear something but don’t know if it’s true, ask! If you have an idea or a solution, share!  During the height of the emergency, instructions and suggestions from IT professionals, such as Adrian Nida from General Internal Medicine/Hypertension, helped everyone recover from the “blast.”


Hard lessons were learned by everyone, but some good may arise from the mess. A grassroots effort to keep one another informed and prepared is already afoot. Everyone touched by Blaster or Sobig.f appreciates that computer viruses aren’t things that happen somewhere else and that enacting protection isn’t someone else’s job— they can hit here if just one of us ignores the warnings. And, if we ease back into complacent inactivity, we may find ourselves in the same boat with Maryland’s department of motor vehicles, and take ourselves off-line and out of business.
 

Catalyst Online is published weekly, updated as needed and improved from time to time by the MUSC Office of Public Relations for the faculty, employees and students of the Medical University of South Carolina. Catalyst Online editor, Kim Draughn, can be reached at 792-4107 or by email, catalyst@musc.edu. Editorial copy can be submitted to Catalyst Online and to The Catalyst in print by fax, 792-6723, or by email to petersnd@musc.edu or catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Community Press at 849-1778.