As you might have heard, Missouri State came under attack yesterday. Apparently, though our crack news staff here in Springfield reported on the subject, a lot of people are still confused about what happened, which is essentially that… we came under attack.
From what I understand, someone tried to brute force the campus, which resulted in the same effects as a DoS attack. They were attempting to exploit a vulnerability in older versions of Symantec AntiVirus, of which there were only about 400 on campus (older versions, that is; we’ve got 5000+ computers, most of which are PCs with Symantec AV on them). Once one of those approximately 400 were compromised, a back door virus was installed that presumably allowed access for whomever the attacker was…
Which doesn’t really make sense. The best way to set up a back door exploit is quietly so you can use it over time to find what you actually want. There’s no way to draw more attention than by taking all our damned bandwidth, and guess what? Yeah, we realized it. Networking and MoreNET (our internet service provider) did a fantastic job and got us sufficiently locked down. In the meantime, I’ve spent the last two days updating antivirus clients for the core administration offices. (As did we all in User Support; it’s been a very busy two days.) I also finished the newsletter I’ve been working on for the last couple of weeks, which is quite pretty. It’s already online in PDF, but I should probably wait to link it until we’ve gone to print.
Got there at 7:20 this morning. Shawn and Britt came over to watch a movie tonight, which was awesomely good times, but I’m growing rather tired. Horizontalness, here I come.