NC STATE RESNET NEWSLETTER - September 2003
Visit us any time at http://www.ncsu.edu/resnet

=================================
CURRENT WINDOWS SECURITY THREATS
=================================
---------------------
RPC VULNERABILITY
---------------------
On July 16th Microsoft announced a massive security hole in all versions
of Windows. Technical details of the security hole is that it is a buffer
overflow vulnerability in Windows Remote Procedure Call (RPC)
implementation.

There are currently at least three exploits on campus taking advantage of
this vulnerability to infect computers; Trojan.Stealther.B,
W32.Blaster.Worm, and W32.Welchia.Worm.

Common symptoms that indicate your computer may be infected include:
-Any Microsoft Office Applications (Word, Excel, etc.) may not allow cut
and paste actions.
-Co! mputer may reboot for no reason. There may be a DCOM error or warning
message prior to reboot.
-Systems that are infected may display erratic behavior, including but not
limited to, output of applications not being displayed, run but then
disappear, or not run at all.

For more information about this vulnerability, as well as information on
cleaning up your computer, please see:
http://www.ncsu.edu/itd/security/news/msrpc.html

You can see network logs showing computers probably infected with Welchia at:
http://www.ncsu.edu/itd/security/logs/welchia/
The owners of comptuers that stay in the list too long will receive
warnings to clean their computer or lose network access. To see if your
computer is in the list you will first need to know your IP address.
Instructions on finding your IP address can be found at:
http://www.ncsu.edu/resnet/pages/faq/faq.php

--------------------------
SOBIG MASS MAILER WORM
--------------------------
This worm causes an infected computer to send out large quantities of
email. The "to" and "from" address of the emails will be taken from any
email address found on the infected computer, including email address
books and cached web pages.

The subject of the email will be one of the following:
-Re: Details
-Re: Approved
-Re: Re: My details
-Re: Thank you!
-Re: That movie
-Re: Wicked screensaver
-Re: Your application
-Thank you!
-Your details

The body of the email will be short, containing only "See the attached
file for details" or "Please see the attached file for details."

Attached to the document will be a file with extension .scr or .pif.

If you receive an email like those described above, DO NOT open the email
or the attachment. Simply delete the message, even if it appears to come
from someone you know.

More information about the Sobig mass mai! ler worm, as well as a removal
tool for computers already infected, can be found at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

You can protect your computer by installing anti-virus software. NC State
provides Symantec AntiVirus free of charge. For details, please see the
article titled "Protect Your Computer From Viruses" later on in this
newsletter.

==============================
KEEPING YOUR COMPUTER SECURE
==============================
It is always important to have the latest updates for your operating
system. This will help keep your computer more secure and trouble-free.

Periodically, Microsoft releases updates for all Windows operating
systems. To update your computer, go to:
http://windowsupdate.microsoft.com

If you have a Macintosh computer with OS 9 or OS X then you can run
Software Update (located under the Apple menu or in System Preferences).

For more information and detailed instructions, go to:
http://oit.ncsu.edu/resnet/updates

====================================
PROTECT YOUR COMPUTER FROM VIRUSES
====================================
All ResNet customers are required to run an up-to-date anti-virus software
package on their computer if one is available from NC State for the
operating system being run.

If you do not have anti-virus software, or do not have up-to-date virus
definition files (ideally updated at least every week), please be aware
that NC State provides Symantec AntiVirus *FREE* for all currently
registered students, as well as faculty and staff.

One advantage of the Symantec AntiVirus software available from NC State
is that if you run the "managed" version (which ResNet staff highly
recommend), your computer gets virus definitions automatically (and on at
least a weekly basis) without your having to worry about it.

For more information ! about Symantec AntiVirus and to download a copy for
your computer, go to:
http://www.ncsu.edu/antivirus/

*** Please note: always uninstall any existing anti-virus software on your
computer before installing new anti-virus software. ***

===========
COPYRIGHT
===========
There has been a lot of talk in the news lateley about the Recording
Industry Association of America (RIAA) filing lawsuits against users of
peer-to-peer (p2p) file sharing applications such as KaZaA. While NC State
has not yet been subpoenaed for information about its students who use
these programs, it is not outside the realm of possibility. Last year
ResNet received over 700 reports of copyright infringement from the RIAA,
Motion Picture Association, and other similar agencies. 564 complaints
were traced back to unique individuals. Overall, approximately 8.5% of NC
State ResNet users were *CAUGHT* and cited with policy violations for
distributing copyrighted material.

Because there are some legitimate uses of p2p applications, NC State has
opted NOT to ban their use outright. Please remember that you are
obligated to follow NC State University Policy, which, of course,
prohibits using University resources, such as ResNet, for illegal
purposes.

More information about copyright and p2p applications can be found at:
http://oit.ncsu.edu/resnet/p2p

===================
CUSTOM HOST NAMES
===================
Easy-to-remember host names are available from ResNet. This allows users
to find your personal computer through a custom name that you sign up
for. For example, if your custom host name (a.k.a. cname) is "packfan" then
you can access your computer from somewhere else by the name
packfan.rh.ncsu.edu. If you are running a web server, your site can be
accessed by going to http://packfan.rh.ncsu.edu. Interested in signing up
or learning more about this s! ervice? Go to:
http://www.ncsu.edu/resnet/pages/cname_signup/cname_signup.php

---------------------------------------------------------------------------
Disclaimer: This email was sent to all current ResNet subscribers in
accordance with the ResNet Terms and Conditions for Service. If you have
any problems with your ResNet connection, email us at resnet@ncsu.edu or
call at 515-HELP (4357).
---------------------------------------------------------------------------