August 25, 2003

Computer worm eats its way into campus

Michael Terrazas

Emory still was recovering last week from lingering effects of the “W32. Blaster” worm that hit not only the University but much of the Internet and the world computing community beginning Aug. 11.

The worm—different from a computer virus in that it works its way into a system through any open portal, such as a network connection, and thus does not require opening an infected file—affects the Microsoft Windows operating systems versions 2000 and higher (including Windows XP, Windows NT4, Windows Server 2003). Earlier Windows versions (95 and 98) and Macintosh operating systems are not affected.

The worm exploits a newly discovered vulnerability in the Windows platform and essentially renders infected machines inoperable until treated. A Microsoft “patch” that protects computers from the worm, as well as removal tools and detailed instructions, is available at

The Blaster worm hit Emory full-force the evening of Aug. 11 and throughout the day Aug. 12, sending Information Technology Division (ITD) staff members and local computer support personnel scurrying about campus to repair damaged computers and patch those not yet affected. Alan Cattier, director of ITD’s Academic Technologies Group, said the relatively small number of machines under his control—classroom computers, language labs, etc.—have all been patched.

“We were successful in not having the virus spread to any of our labs, such as the Emory Center for Interactive Teaching and the Cox Hall Computing Lab,” Cattier said. “In addition, we had updated very recently all of the classroom computers, so all of them were patched appropriately to prevent Blaster from having any effect.”

Jay Flanagan, ITD security administrator, said new exotic computer worms and viruses sometimes emerge that are able to get around even the most sophisticated firewalls.

“A lot of times there’s not a whole lot you can do; more often than not you’re being reactive rather than proactive,” Flanagan said. “We are in the process of putting in place a ‘trusted-core’ firewall, which will be a very strict-ruled firewall. It will block a lot of these things.”

Flanagan was careful to add that no firewall can be 100 percent effective. He said newer versions of Windows have a tool called “Windows Updates” that allows users to quickly access the latest patches and protections for their machines; if a user makes a habit of checking for updates once every week or two, for example, it could go a long way toward protecting against infection.

Cattier said anyone who believes their computer has been affected or has not yet been treated should contact either their local support person or the ITD Help Desk (404-727-7777).

“The local support community here at Emory,” Cattier said, “really has acted heroically these last 10 days to get these systems up and patched.”