Campus Addresses Computer Virus

Campus Addresses Computer Virus

(By Danielle Hegsted, office of the vice president for Information Technology Services)

Mydoom, a new computer virus spreading by email and peer-to-peer file-sharing, is breaking records and wreaking havoc worldwide; Utah State University was hit as well, but measures are being taken to slow the virus' effects.

The virus seems to have three parts, according to McAfee's Web site. First, it creates a backdoor, where someone can gain control of a computer.

From now until Feb. 1, the virus is designed to mass mail itself to a host of email addresses.

"The virus relies on email addresses stored in known places on a computer," said Bob Bayn, associate director, Campus Network and Computer Services. "Most Utah State University computers have a lot of university email addresses. This results in many 'secondary infections,' where on-campus computers infect other on-campus computers."

Starting Feb. 1, the virus is programmed to perform Denial of Service (DOS) attacks to SCO.com.

Finally, after Feb. 12, the virus is designed to keep the back door open, and "listen for instructions from its new master," Bayn said. "This just shows how imperative it is to keep all our defenses up."

"Everyone needs to be cautious and careful," said Barbara White, vice president for Information Technology Services and chief information officer. "Make sure the emails you open are legitimate. It is easy to be fooled."

As of 5 p.m. Jan. 27, John Hanks, network systems specialist, said the email scanner had tagged more than 165,000 messages.

"Normal mail load is between 100,000 and 300,000 messages per day," he said. "This shows the relative severity of this particular attack."

Bayn said the virus often looks like it comes from a legitimate address, but, in fact, the address is always forged.

"The bottom line, or maybe the top line, is: don't click on attachments," said Bayn.

He said users should be especially wary of vague email messages and subject lines.

Kim Marshall, director of network and computing services, said users should also be aware that the virus can spread through peer-to-peer file sharing, such as music downloads from KaZaa, which is just "one more reason to be very wary of peer-to-peer sharing."

Bayn said Utah State is making headway in its fight against the virus. First, staff and students are conducting searches to find infected machines and vulnerable ports.

Some machines show evidence of being infected and then show evidence of being cleaned. Bayn said this is an indication of people using their virus protection correctly and downloading new DAT files quickly. He said the people who did this should be commended.

"We want to extend our thanks to those who keep their virus files up-to-date," he said. "Everyone who is conscientious about virus protection is helping the situation. Everyone who isn't is part of the problem. This should be a wakeup call to those who are not keeping their virus protection up-to-date."

For information on how to keep virus protection updated, contact your local network administrator or visit the Utah State Helpdesk at helpdesk.usu.edu or 435-797-4358.

The university also has a mail scanner, which is a machine that intercepts Utah State's email and scans it for spam and viruses. Once McAfee has identified a potential virus threat, Utah State's scanner will, in turn, remove any attachment that is recognized as a virus.

Miles Johnson, network systems specialist, said the university is taking other measures to protect itself and others. "[Incoming and outgoing] email to USU has been blocked at the borders," he said. "This means that email from off-campus and email to off-campus has been delayed so the email scanners can have a chance to look at it."