An aggressive worm that attacked at least 39,000 computers worldwide this weekend brought Yale internet traffic to a halt early Saturday morning.
The FBI is currently searching for the source of the worm, which hit the Yale campus at approximately 12:30 a.m. Saturday. The virus, which has been referred to as “Sapphire,” “Slammer” and “SQ Hell,” attacked computers on the network running unpatched versions of Microsoft SQL Server or Microsoft Desktop Engine, or MSDE, systems. The majority of the Yale network was up and running again by approximately 5 p.m. Saturday afternoon, said Philip Long, director of Yale Information Technology Services.
Some campus computers remained off the network Sunday evening because of an unrelated problem in Branford College and on Old Campus. In both instances, computers — likely newer Macintosh or Linux machines — were broadcasting non-institutional IP addresses for other computers on the network. But Long said this problem was not directly caused by the worm.
Long said the problem, uncommon but not unprecedented, often occurs at the beginning of the semester when people have made changes to their computers. He said it is also possible that people affected by the worm changed something on their systems in an effort to remedy the situation.
“I think the reason that it was outstanding was that people were thinking it was a problem related to the worm,” Long said. “The worm issue, we’re confident, is done.”
Long said the worm did not seem to cause any data damage, but instead sends so much information out of infected machines that the server becomes too busy.
Yale Information Security Officer H. Morrow Long said 36 machines were infected by the worm. He said four or five were computers owned by students, and approximately 15 were located at the School of Medicine.
Philip Long said the SQL Server and MSDE systems are not usually found on students’ computers. But he said some students likely had MSDE on their computers without knowing it.
Joseph Paollilo, Yale’s director of data network operations, said his staff began working on the problem at approximately 1 a.m Saturday. To deal with the problem, ITS took isolated individual machines and took some pieces of the network offline in order to stop the worm and keep it from spreading, Paollilo said.
Paollilo said by 6:30 a.m. the core of the network was working again.
Paollilo said some parts of Yale, like University data centers and Science Hill, were unaffected, while other parts of campus — including some of the residential colleges — seemed to be proliferating the worm. As a result, ITS officers kept some parts of campus offline until mid-afternoon Saturday, he said.
Philip Long said the infected computers were removed from the network, and their owners or administrators were contacted.
Yale administrators said that the problem with the Microsoft software was originally announced by the company July 24, 2002. Yale publicized the problem and suggested that those running the system install the appropriate patch, Philip Long said.
“I also do see this as an important opportunity to remind the community of our collective responsibility for our machines,” Philip Long said. “What we can see here are the results of not doing so.”