As if we don't have enough problems, I got this from my pre-med advisor this morning: From AMCAS (9/19/01) Yesterday, we sent a message to the medical schools to alert them to an internet Virus attack on the AAMC's IT infrastructure. The text of that message is below. The infrastructure team has been dealing aggressively with continued virus problems resulting from yesterday's attack. We evidently did not get all security holes patched or our patches were hacked. These are getting knocked out, but we are experiencing performance problems as a result. We will keep constituents posted on our progress in resolving all issues related to the virus attack. ************************************************* What: A new Code Red Worm variant (a self-replicating Internet virus that attacks Microsoft web servers) has spread widely onto AAMC's infrastructure - internally and at Exodus. When: We have tested the fix for the worm and will be implementing it today starting with our production infrastructure at Exodus. Implementation is beginning as I write this. We hope to have the external production servers "clean" by the end of the evening and returned to full operation. Internal web servers will take longer to "clean" and at least one (INET430 - internal Cold Fusion development) has been damaged sufficiently that it will have to reinstalled. Effects: The load and performance of Web application servers (running Microsoft IIS and Cold Fusion) will be very poor. Some constituents will lose their connections to these servers as we take them down to clean the worm and block its reestablishment. AMCAS (including DTU), CurrMIT, Find-a-Resident, NRMP, Cybercash and various survey software applications will be adversely affected. Other Information: See http://www.incidents.org/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From AMCAS (9/19/01) The battle with the red worm internet virus continues..... What: AAMC's offsite production NT web servers(hosted at Exodus) have been shutdown to prevent them from attacking other sites on the Internet. We have received complaints from other organizations of our sites attacking their sites..creating potential legal liability for the Association. Our attempts to clean the Nimda Worm have met with limited success. Effects: AMCAS, CurrMIT, Find-a-Resident, NRMP, Epayment and various survey software applications will be unavailable to constituents during this outage. The main AAMC web site is unaffected by this Worm and will include messages to constituents regarding our condition. In addition, constituents that access the above applications directly should receive systems unavailability messages that briefly explain our situation. Other Information: We are working non-stop on implementing software that will actively protect our NT servers from this Worm and prevent them from attacking other sites. The full solution will, likely, require reinstalling NT and all software on all servers in production in Exodus (as well as many NT systems here).