Notices
NSC-030826: Security Update
Department Network and Security Contacts:
Please distribute this update information to all IT support staff in your departments. If your department depends on end-users to support their own computers, please distribute this to them as well. Persons in UIHC are advised to consult with the HCIS Help Desk (5-6500) for instructions.
1. These network security problems are *not* over. We continue to find and disable more infected computers on a daily basis. The number of compromised machines is increasing every day. Until we have repaired and updated ALL Windows computers, and develop strategies and discipline for keeping them updated into the future, we will continue to have problems of this nature. A new variation of the "pAdmin" trojan tool was launched on the Internet yesterday, and we had a number of computers compromised by it. We continue to see Blaster, Welchia (Nachi), and other worm-infected machines.
2. We are requiring ALL computers have the "rpcfix" toolkit run on them to help ensure they are virus-, trojan-, and worm-free. There are many variations of computer attacks circulating on campus and the Internet, so we cannot guarantee that the tool will fix all machines. The rpcfix toolkit can be found at http://www.its.uiowa.edu/cs/helpdesk/virus/rpcfix.htm If the toolkit does not fix a compromised computer, the drive will need to be reformatted and the operating system reloaded from scratch, and then properly patched before it is reconnected to the network.
3. It is extremely important that all computers attached to the network be visited and ALL current security updates get installed after the rpcfix tool is run. This may take several iterations of the "Windows Update" function.
4. As you clean, repair, and update affected machines, please submit reconnect requests using the web form below. A complete form will provide networking with required information to identify and expedite the port enabling process. Networking reports they are "caught up" on all requests. There are some ports that when enabled are found to still be compromised so if you requested a port be enabled, and it is not on, the machine was *not repaired*. Many port enables were performed, and then removed, when the machine immediately started flooding the network again. The reconnect form can be found on the home page of the IT Security website at http://cio.uiowa.edu/itsecurity, or directly at: http://www.its.uiowa.edu/tns/Request%20to%20Enable%20Data%20Port%20Form/request_to_enable_data_port_form.htm
5. Regular reports of affected campus computers are being posted on a secure website for collegiate and administrative unit IT leadership to then parse and distribute as necessary to department support staffs. If you need updated information on the status of computer network port shut-offs in your department, contact your collegiate or unit IT management. If you do not know who that person is, check the following list:
http://www.its.uiowa.edu/cio/itprofshare/members.htm
We appreciate all the effort that each of you has put towards eradicating the various compromises that have appeared on our campus. But it is important that we continue to clean up machines so that the situation doesn't get out of control. If you have questions please contact the IT
Security Office at 5-6332.