For Students | For Staff | Directory | About | Sitemap
Over the last few weeks, thousands of computers at Stanford have been hacked because they were not updated. Recent widespread attacks exploited a Microsoft Windows security vulnerability that has been public since July 16th (henceforth referred to as the hole). Once compromised, the hacker has full access to your computer and files, and could potentially do anything you could while sitting at it. This includes deleting your files, or attacking other computers.
If your computer is running Windows XP, 2000, or NT, it is vulnerable unless you've explicitly updated your operating system recently. To protect your computer, please patch it immediately by going to "Windows Update" in the Start menu. Alternatively, use Internet Explorer to go to http://windowsupdate.microsoft.com/ . If Windows Update is by chance not available, don't be discouraged - it's a rough time for them - just try again a tiny bit later. Once you've updated your machine, restart, and update again - some updates require other updates be done first.
To see if your computer has been hacked by any of the known worms that exploit this security hole, update and then run Symantec AntiVirus (also called Norton AntiVirus). If you don't have it, you can download it from http://ess.stanford.edu/ . Current AntiVirus definitions clean out most of the known worms. If AntiVirus fails (or if you just feel like being thorough), download and run this newly developed tool, which detects and cleans two especially nasty worms, and patches Windows (for this hole alone). This tool is still in development, so if you have any feedback on it please email jano.kray@stanford.edu . You may want to check back in the future to see if a newer version of the tool is available.
Of course, even if you only believe there's the slightest chance that you may have been hacked, to be absolutely safe you should backup your personal files, reformat your hard drive, reinstall Windows from scratch, and immediately apply all patches. You never know who might have gotten in to your computer. However, we realize that not everyone has the time or resources to do so this minute. If you don't have the time to do anything this minute, please leave your computer turned off, or at the very least disconnect your network cable.
If you are running a different operating system (e.g. linux, Windows 95/98/ME, and all versions of the Mac OS), you are not vulnerable, and may ignore this warning. However, it's always a good idea to update your operating system and anti-virus software frequently, so do that now.
For more detail about this hole and the baddies that have burrowed into it, see http://securecomputing.stanford.edu/ , your one-stop shopping for all your security needs. If you live in on-campus student housing and need assistance with these procedures, or if you'd like more information, feel free to contact your RCC. Please bear in mind, however, that the RCCs are currently swamped responding to this problem.