The University of Colorado at Boulder had to scramble this week to respond to the W32.Blaster.Worm and its attack on vulnerable computers running some of the most popular editions of Microsoft Windows software.
Detecting the virus-like worm on its campus network Tuesday morning, staff with CU-Boulder's Information Technology Services department worked around the clock to limit the worm's impact on approximately 30,000 students, faculty and staff.
Initial data scans indicated just over 500 possibly infected computers on campus by Tuesday's end, and ITS feared the number could easily reach 1,000 before the worm was done. But by actively blocking network access to suspect computers and quickly mobilizing its staff to help campus computer users apply the necessary Microsoft patch to their machines, ITS was able to limit the number of infected computers to approximately 260.
During the height of the worm attack, ITS also provided CDs with the necessary patch for computer users who couldn't go online to get one, as well as phone and walk-in support for those who needed help. By Thursday morning, the number of infected computers was down to 188.
"We were fortunate to have been able to proactively notify the campus when this vulnerability was raised on July 31," said Dan Jones, CU-Boulder IT security coordinator and an ITS employee. "At that time, there were more than 3,600 systems that could have been infected when the worm did hit campus. We are relieved that the number of vulnerable computers was drastically reduced before the Blaster worm hit."
ITS Executive Director Dennis Maloney echoed those sentiments and gave credit to the CU-Boulder community for its response to the threat.
"We appreciate the reaction by the campus to our messages urging them to address any software vulnerabilities they may have had," he said. "The majority of the campus community took the threat seriously and underwent the appropriate steps to update their computers before this worm hit. Their efforts played a significant role in limiting the impact this worm had on campus."
While the worm hit at one of the busiest times during the academic year -- right before the start of the fall semester -- officials with ITS feel that the impact could easily have been much worse. Not only had the majority of students not yet returned to campus, but the worm itself also ended up being less potent than many had originally feared.
However, the attack underscores the importance of computer user vigilance in frequently updating computer software and using up-to-date versions of antivirus software.
The worm, W32.Blaster.Worm, also known as MBlaster, W32/Lovsan.worm, MSBlast, W32.blaster.worm, Win32.posa.worm or Win32.poza.worm, exploits a vulnerability in the Windows operating system that was announced by Microsoft one month ago. Microsoft also made a patch available at that time to fix this vulnerability.
There are now at least three other variants of the Blaster worm and potentially more harmful strains on the horizon. The worm affects Microsoft Windows 2000 (Professional and Server), Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows NT 4.0 and Microsoft Windows NT 4.0 Terminal Services Edition. It does not affect Windows ME, Mac, Unix, Windows 98 or Linux systems.
More information about the ITS response can be found on its security Web site at