Computer security, 08-06-01

UCSC Currents online

August 6, 2001

CATS: Computer security is everyone's business

By Louise Donahue

CATS wants to protect campus computers, but it can't do it alone.

That's the message Communications and Technology Services (CATS) wants to get across to the campus community in the wake of the recent Code Red worm and SirCAM virus scares.

While the SirCam virus infected individual Windows computers, the Code Red worm targeted Microsoft web servers, such as those handling the UCSC web site.

The Code Red worm affected a number of systems at UCSC when it first appeared in mid-July, including the campus web server. System administrators were encouraged to install a patch available from Microsoft to thwart attacks. CATS and system administrators worked together to get the patches installed on infected systems. As a result of these efforts, when the Code Red worm reappeared on July 31, there was little evidence of it at UCSC, aside from a brief interruption in the web server, according to Janine Roeth of CATS.

The SirCAM virus has been widely seen at UCSC. This virus, spread through e-mail messages, tricks people by using familiar e-mail addresses. Its greeting is some variation of:
"Hi!
How are you?
I send this file in order to have your advice.
See you later.
Thanks."

The virus spreads further when the enclosed attachment is opened. Those receiving such an e-mail should delete it without opening the attachment.

"The Code Red worm and SirCAM virus reinforce that computer security is everyone's responsibility," says Roeth. Having lots of security-conscious people watching for signs of trouble and using good security practices is a powerful resource for protecting systems and networks, she said.

A number of system administrators at UCSC monitor sites that cover security vulnerabilities and apply vendor software fixes. The UCSC Security Team at CATS works with system administrators when high-risk activity or vulnerabilities are identified. However, there are lots of computers that do not get the same attention. All servers should be properly managed. If not, they risk destruction of systems, loss of data, or breach of confidentiality.

Every e-mail user is also part of effective computer security. Most viruses are transmitted from one computer to another via e-mail. For this reason, CATS advises users to open only virus-free attachments. Since viruses are now attempting to look like they came from someone familiar, users should always scan attachments with up-to-date anti-viral software. If users are at all in doubt, they should delete the attachments without opening them.

There are many excellent web sites to help systems administrators and e-mail users stay on top of good computer security practices, including:

For systems administrators:

A security portal with lots of information about system vulnerabilities is http://www.securityfocus.com/

Carnegie Mellon's Computer Emergency Response Team Coordination Center: http://www.cert.org/

The U.S. Department of Energy Computer Incident Advisory Center: http://www.ciac.org/ciac/

For e-mail users:

McAfee's Virus Information Library
Symantec's Anti-Virus Research Center:

UCSC has a site-license for Network Associates Total Virus Defense.

If members of the campus community are still suspicious of possible viruses or other security matters, CATS encourages them to send information to abuse@cats.ucsc.edu or security@cats.ucsc.edu.

Information about Code Red worm:
http://www.cert.org/advisories/CA-2001-19.html
http://www.cert.org/advisories/CA-2001-23.html

Information about SirCAM virus:
http://vil.nai.com/vil/dispVirus.asp?virus_k=99141
http://www.cert.org/advisories/CA-2001-22.html
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html


	August 6, 2001 CATS: Computer security is everyone's business By Louise Donahue CATS wants to protect campus computers, but it can't do it alone. That's the message Communications and Technology Services (CATS) wants to get across to the campus community in the wake of the recent Code Red worm and SirCAM virus scares. While the SirCam virus infected individual Windows computers, the Code Red worm targeted Microsoft web servers, such as those handling the UCSC web site. The Code Red worm affected a number of systems at UCSC when it first appeared in mid-July, including the campus web server. System administrators were encouraged to install a patch available from Microsoft to thwart attacks. CATS and system administrators worked together to get the patches installed on infected systems. As a result of these efforts, when the Code Red worm reappeared on July 31, there was little evidence of it at UCSC, aside from a brief interruption in the web server, according to Janine Roeth of CATS. The SirCAM virus has been widely seen at UCSC. This virus, spread through e-mail messages, tricks people by using familiar e-mail addresses. Its greeting is some variation of: "Hi! How are you? I send this file in order to have your advice. See you later. Thanks." The virus spreads further when the enclosed attachment is opened. Those receiving such an e-mail should delete it without opening the attachment. "The Code Red worm and SirCAM virus reinforce that computer security is everyone's responsibility," says Roeth. Having lots of security-conscious people watching for signs of trouble and using good security practices is a powerful resource for protecting systems and networks, she said. A number of system administrators at UCSC monitor sites that cover security vulnerabilities and apply vendor software fixes. The UCSC Security Team at CATS works with system administrators when high-risk activity or vulnerabilities are identified. However, there are lots of computers that do not get the same attention. All servers should be properly managed. If not, they risk destruction of systems, loss of data, or breach of confidentiality. Every e-mail user is also part of effective computer security. Most viruses are transmitted from one computer to another via e-mail. For this reason, CATS advises users to open only virus-free attachments. Since viruses are now attempting to look like they came from someone familiar, users should always scan attachments with up-to-date anti-viral software. If users are at all in doubt, they should delete the attachments without opening them. There are many excellent web sites to help systems administrators and e-mail users stay on top of good computer security practices, including: For systems administrators: A security portal with lots of information about system vulnerabilities is http://www.securityfocus.com/ Carnegie Mellon's Computer Emergency Response Team Coordination Center: http://www.cert.org/ The U.S. Department of Energy Computer Incident Advisory Center: http://www.ciac.org/ciac/ For e-mail users: McAfee's Virus Information Library Symantec's Anti-Virus Research Center: UCSC has a site-license for Network Associates Total Virus Defense. If members of the campus community are still suspicious of possible viruses or other security matters, CATS encourages them to send information to abuse@cats.ucsc.edu or security@cats.ucsc.edu. Information about Code Red worm: http://www.cert.org/advisories/CA-2001-19.html http://www.cert.org/advisories/CA-2001-23.html Information about SirCAM virus: http://vil.nai.com/vil/dispVirus.asp?virus_k=99141 http://www.cert.org/advisories/CA-2001-22.html http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html