Viruses
For the latest updates:
Symantec's Security Response - lists various threats, advisories, definitions, updates, and removal tools
Sasser worm spreading quickly
May 4, 2004: Computer security experts are dealing with at least four variants of a worm that is spreading quickly through Windows operating systems.
Known as SasserA, SasserB, SasserC and SasserD, the worm is targeting Windows 2000, Windows XP and Windows 2000 and 2003 servers. Other Windows systems, including Windows 95, 98 and ME, could be indirectly affected.
In a new, cunning twist by virus writers, an e-mail in wide circulation that purportedly offers a "fix" for the Sasser worm actually infects the user's computer with a different virulent worm, known as Netsky-AC.
(See the whole story at CNN)
Please direct any questions to our Help Desk (x2371).
"mydoom" virus
January 28, 2004: Once again, another computer virus is making its way through the Internet! Called "mydoom", this variant, with different subject lines which include "hi", "hello", "status error", "server report", "mail delivery system", and "mail transmission failed", infects Windows machines via its attachment and sends out hundreds of copies of itself seriously impacting networks.
It appears as though our campus virus protection is catching most, if not all, incoming emails that are infected with this virus. Do not be alarmed if you receive an e-mail message indicating that an e-mail intended for you has been quarantined. This simply means that an infected e-mail message was addressed to you but caught by our virus protection.
It is very important to use extreme caution before opening ANY email attachment - even from someone you know. When in doubt, contact the sender to verify the validity of the attachment BEFORE you open it.
Please direct any questions relating to this, or any virus, to our Help Desk (x2371).
Fall 2003
August 26, 2003: As mentioned in yesterday's campus email message - a number of resident students brought computers onto campus during move-in weekend that were infected with one or more computer viruses and/or worms. The viruses on these computers are designed to "flood" computer networks with extremely high volumes of unnecessary data "traffic" essentially rendering the network unusable. even from someone you know. When in doubt, contact the sender to verify the validity of the attachment BEFORE you open it. Please direct any questions relating to this, or any virus, to our Help Desk (x2371).
In order to preserve the integrity of the rest of our campus computer network and maintain acceptable levels of service for those areas that have not been infected, all resident halls have been disconnected from the campus network. This means that, at the present time, our resident students cannot access their email, campus servers or the Internet from their dorm rooms. These services are only available to resident students through the campus computer labs or off-campus dial-up Internet Service Providers.
Information Technology is in the process of visiting each dorm room in order to eradicate the viruses and enable the resident halls to once again access the campus computer network and the Internet. Although resident dorm rooms and halls will be brought back online as they are certified "virus free", with the large number of dorm rooms and computers that need to be checked, this process ,which takes approximate 20-30 minutes per computer, may take up to 3 weeks to complete.
Concurrently, Information Technology staff are continuing to visit all faculty and staff desktop computers and, if necessary, installing appropriate software upgrades to protect these computers from these latest viruses.
Regular updates will be provided to inform the campus on the progress of our eradication efforts. We appreciate your cooperation. Please contact the Help Desk (x2371) if you have any questions.
Fall 2003
August 25, 2003: With the arrival of our resident students over the weekend, several computer viruses have been introduced to the campus. Presently, only the resident halls have been affected and every effort is being made to confine the viruses and limit their impact to the rest of the university.
During the next several days, Information Technology staff will be visiting all faculty and staff desktop computers and, if necessary, installing appropriate software upgrades to protect the computers from these latest viruses. The upgrades will take approximately 20 minutes.
We appreciate your cooperation. Please contact the Help Desk (x2371) if you have any questions.
"SoBig Virus"
August 19, 2003: Another computer virus is making its way through the Internet! Called the "SoBig Virus", this variant infects Windows machines via e-mail and sends out dozens of copies of itself.
It appears as though our campus virus protection is catching most, if not all, incoming emails that are infected with this virus. Do not be alarmed if you receive an e-mail message indicating that an e-mail intended for you has been quarantined. This simply means that an infected e-mail message was addressed to you but caught by our virus protection.
Please direct any questions relating to this virus to our Help Desk (x2371).
"Mimail" masquerades as note from IT staff
July 5, 2003: A new Windows mass-mailing virus, "Minmail", began infecting systems on Friday. This virus, which disguises itself as a file sent by a network administrator, attempts to mass e-mail itself, potentially clogging mail servers or slowing down networks.
The e-mail that carries the virus has "your account" in the subject line, and the body reads, "Hello there, I would like to inform you about important information regarding your e-mail address. This e-mail address will be expiring. Please read attachment for details." It is then signed "Best regards, Administrator", with the large number of dorm rooms and computers that need to be checked, this proce, this variant infects Windows machines via e-mail and sends out dozens of copies of it; and contains an attachment labeled "message.zip" that carries the malicious code.
MU's email servers are quarantining the attachment, so your office machine should be safe. If you do get one of these virus messages here or at home simply delete it. If you open the message, do not open the attachment. If you have already opened the attachment of one of these messages, call the Help Desk (x2371) for assistance.
Ignore Outlook message
January 24, 2003: Please ignore the following solicitation in any email you receive:
The above message is added to the end of all emails from anyone who responds to this solicitation. This virus-like upgrade Please contact the Help Desk (x2371) if you have responded to this solicitation. We will have a technician contact you to schedule a time to have it removed from your computer.
Thank you for your cooperation.
Virus Warning is a Hoax
May 14, 2002: A few members of the University Community were victims of another round of email hoaxes yesterday. The current hoax is a very convincing warning, followed by a set of instructions for finding and removing the jdbgmgr.exe from your hard drive. Unfortunately, the jdbgmgr.exe file is legitimate and should not be removed.
If you have any problems or concerns, please call the Help Desk (x2371) for assistance.
Email Hoax
January 7, 2002: There has been a persistent email going around this week warning of a SULFNBK.EXE virus. This is a hoax, and this file should not be removed from your Windows system. If you receive this virus warning, simply erase the offending email. You may want to warn the sender of the hoax as well.
If you already erased the sulfnbk.exe file from your system, please refer to the MNorton web site for repair instructions.
If you have any problems or concerns, please call the Help Desk (x2371) for assistance.
"Goner" E-Mail Virus
December 5, 2001: Please be aware of another e-mail virus that is named "Goner" that hit the internet on December 4th. The program arrives in an e-mail message that says, "When I saw this screen saver, I immediately thought about you, "and, I am in a harry [sic], I promise you will love it!" The file attached to the message is named "Gone.scr."
Once installed, the Goner program looks for and deletes a number of programs, on the user's computer, including Internet security programs like ZoneAlarm. If the victim uses the Microsoft Outlook e-mail program, Goner sends itself to those in the e-mail address book.
As always, Information Technology urges all faculty, staff, and students to please use caution when opening unknown/unexpected e-mail.
If you have any problems or concerns, please call the Help Desk (x2371) for assistance.
Nimda Virus
September 20, 2001: Please be aware of another worm virus making its way around the Internet. The faculty/staff Outlook email server has been updated with the latest anti-virus definitions so you should not receive this particular virus through email.
However this virus, W32.Nimda.A, is a little different because it can infect computers that access infected Internet web pages. Users visiting an infected web site will be prompted to download an .eml (Outlook Express) email file which contains the virus. Virus definitions that will keep this virus from your computer are available through all the major anti-virus software companies.
Information Technology urges all faculty, staff and students to update their virus definitions and scan their hard drives.
Please contact the Help Desk x2371 if you need assistance with the proper procedure. Macintosh users are not affected by this virus.
"Here you have" virus attacks MU!
February 13, 2001: A new computer virus hit the Internet on February 12, and it reached our campus. Do not open any email message with the subject "Here you have, ;o)" simply delete it. As of 6:30 pm on Monday, February 12, complete email service to and from the Internet was resumed. Updated anti-virus protection was received from our vendor and our software is now successfully blocking any instances of this newest virus.
If you accidentally opened one of the emails with the subject "Here you have, ;o)" and with an attachment called "AnnaKournikova began infecting systems on Friday. This virus, which disguises itself as a file sent by a.jpg.vbs", then your system has been affected. We do not believe the virus has done significant damage; more information regarding cleanup will be available tomorrow morning.
Please take this opportunity to update your desktop anti-virus software since the new virus definitions are now available.
This virus apparently does not affect Mac's.
We thank you for your co-operation.
Worm-Infected Web Pages
July 5, 2000: Kaspersky Lab has warned users to be aware of a new worm that can penetrate users' PC as soon they visit an infected Web page. The worm, which is known as "Jer," is not as dangerous as the infamous Melissa or Chernobyl viruses, mainly because it has a number of bugs, which conspire to limit the worm's spread to Internet relay chat (IRC) channels, and not e-mail.
The infected Web site contains a script-program (the worm itself), which is automatically executed after a user opens an infected HTML page. At this stage, the user receives a warning from the system whether to accept this unknown script or not. This method exploits so-called "mind breaches." To avoid this annoying message, a user usually answers "yes," whereupon the worm is passed on to the user's PC.
Virus Capable of Erasing Files
May 19, 2000: There is a variation of the “LoveBug” virus that is making its rounds on the Internet. This new worm will actually overwrite files on the user’s disk drive. We have received and applied the latest virus definitions from our anti-virus provider.
All Internet email services have been resumed (this morning, as an added precaution, we disabled our email services with the Internet.)
However, use EXTREME caution before opening any attachment that has been forwarded to you. This particular virus selects a randomly generated name for the subject line so it is a bit more difficult to recognize. However, because it is forwarded the subject line will start with a ‘FW:’.
Please call our Help Desk at x2371 if you have any questions.
"I Love You" email
May 8, 2000: The Outlook email servers are running very slowly because of the massive ‘housekeeping’ effort made necessary by the “ILOVEYOU” worm virus and the its numerous variations. To improve responsiveness, the Outlook servers were reinitialized at 9a.m.
May 4, 2000: Information Technology has received and installed the necessary anti-virus definitions that will allow us to detect and remove the “ILOVEYOU” worm that gained world wide notoriety yesterday. We are currently running a very thorough scanning process on the Outlook server that will check the entire system, removing any parts of the ‘worm’ that may have already been inadvertently downloaded. This process is expected to run throughout the day and may impact the responsiveness of Outlook.
We are aware that “ILOVEYOU” has ‘mutated’ and is now appearing on the Internet with various subject lines. We believe the anti-virus software will be effective against these variations. However, we are prepared to immediately shutdown our off-campus email services if the anti-virus detection is ineffective.
Please give our Help Desk a call at x2371 if you think your personal computer may have been affected. We will send someone out to remove the virus. Do not try to remove it yourself.
A description of the virus may be found at http://vil.mcafee.com/dispVirus.asp?virus_k=98617.
Share your notes or comments
