W32.Blaster.Worm

discovered - Monday, August 11, 2003
This virus effects ONLY Windows 2000, NT and XP systems by exploiting a security flaw in Windows. If you have one of these operating systems, you need to get the security patch from Microsoft's website even if you are not infected. (If your computer does live updates, it is probably already protected.) Basically, the patch will block the hole where it enters. Once that is in place you are protected from future infections by this worm and many of its strain.

It is not an email-borne virus, it sneaks in through your Internet connection undetected. It will likely create problems with your Internet connectivity, generating error messages, locking up your email or browser software, even locking up your entire system. If you think you are infected, first you need to run that patch from Microsoft. Then you need to run a fix-it utility from an Anti-Virus company like MacAfee or Symantec (makers of Norton). Usually the company that makes your Anti-Virus software will have the file you need posted on their websites.

If you cannot get online to download these files, CedarNet has them. Call the office (233-5765), and we will put them on floppy disks for you. If you bring two blank floppies with you, to exchange for the two we give you, there is no charge.

• Microsoft Security Bulletin includes links to that patch you need.
• Symantec has the details, including a free fix-it tool which you can download.
• Sophos AntiVirus has good information about this infection and its removal.
• InfoWorld - "Blaster worm spreading, experts warn of attack"
• TRENDmicro has some good information about viruses in general, as well as specifics about the Blaster worm.

Welchia/Nachi.Worm

discovered - Monday, August 18, 2003
This one uses the same vulnerability to infiltrate your system that the Blaster worm does. Happily this means that if you have installed the patch above, you are already protected. Welchia also exploits another flaw in WindowsXP and Windows 2000 which can be patched through Microsoft.

Interestingly enough, Welchia tries to remove the Blaster worm. It still can cause trouble to networks and slow down connections, thus it needs to be removed.

• Microsoft information on Nachi.
• Microsoft Security Bulletin includes links to the other patch you need.
• Sophos AntiVirus has this to say about it.
• Symantec has explanation as well as a removal tool you can download.

W32.Sobig.F@mm

discovered - Monday, August 18, 2003
This one gets in as an email attachment. It may not do anything harmful to your system, but experts suspect that is was written for a SPAM company to open a portal into your machine which they can exploit for advertising. Experts report that this worm is spreading at record spead, clogging up email servers and slowing down networks.

Emails containing this virus are around 90-100k in size. The virus itself is an attachment with various filenames and endings. The email has a "spoofed" (faked) email address in the From line, giving false information about who sent you the email. CedarNet computers are not directly infected. The Subject line will vary. Please delete immediately, any emails with the following subject lines!!!

• Re: Details
• Re: Approved
• Re: Re: My details
• Re: Thank you!
• Re: That movie
• Re: Wicked screensaver
• Re: Your application
• Thank you!
• Your details

As always: Please be careful about opening email attachments that you are not expecting, and make certain your Anti-Virus software is current, up-to-date, and scanning regularly! If you suspect your machine is infected, and your AntiVirus software did not handle it automatically, visit their website to download a fix-it tool.

• Symantec has the details, including a free fix-it tool which you can download.
• CNN warns of a new development: "Race to contain malicious Sobig virus" (Friday, August 22)
• Sophos AntiVirus has good information about this infection and its removal.