 |
Wednesday,
January 28, 2004 |
|
|
|
|
 |
 |
Malicious
worm spreads to campus
The
e-mail tricks computer users into opening an attachment
and then attacks their network.
By
Kristy Cubstead
Staff Reporter
An e-mail worm that looks like a normal error message
but actually contains a malicious program snarled computers
around the world on Tuesday, and was sent to inboxes here
on campus.
MessageLabs Inc., which scans e-mail for viruses, said
one in every 12 messages contained the worm, called “Mydoom”
or “Novarg.” Security experts described it as
the largest virus-like outbreak in months.
David Edmondson, assistant provost for information services,
confirmed that the worm had been sent to TCU inboxes,
but said he’d received few formal complaints. He
said the worm was sent mostly to non-TCU e-mail accounts.
The worm began spreading rapidly Monday during business
hours in the United States. By comparison, many previous
outbreaks had started during Asian business hours, allowing
antivirus vendors to develop defenses by the time U.S.
companies opened up shop.
Some corporate networks were clogged with infected traffic
within hours of the worm’s appearance, and operators
of many systems voluntarily shut down their e-mail systems.
Mikko Hypponen, manager of anti-virus research at F-Secure
Corp. in Finland, estimated that 200,000 to 300,000 computers
were hit worldwide.
James Stark, an employee at the Information Commons, said
the worm could come with subject lines of “error,”
“hello,” “mail delivery system,” “mail
transaction failed,” “server report,” “status”
or a collection of characters.
Unlike other mass-mailing worms, Mydoom does not attempt
to trick victims by promising nude pictures of celebrities
or mimicking personal notes. Instead, one of its messages
reads: “The message contains Unicode characters and
has been sent as a binary attachment.”
The worm infects computers using Microsoft Corp.’s
Windows operating systems, though other computers were
affected by network slowdowns and a flood of bogus messages.
Unlike other mass-mailing worms, Mydoom does not attempt
to trick victims by promising nude pictures of celebrities
or mimicking personal notes. Instead, one of its messages
reads: “The message contains Unicode characters and
has been sent as a binary attachment.”
Junior Russ Mensik almost fell for it Monday night when
he received an e-mail on his TCU account with a subject
line of “Undeliverable: Hi.”
Mensik opened the e-mail, from System Administrator, which
read “your message did not reach some or all of the
intended recipients.” Mensik was not infected by
the worm because he did not click on the attachment.
In addition to sending out tainted e-mail, the program
appears to open up a back door so hackers can take over
the computer later.
There are 3,100 students living on-campus, and as of Tuesday,
1,600 had not downloaded the free Norton AntiVirus software,
Edmondson said.
He urged students to download the program and use TCU
e-mail accounts, which is scanned for viruses. He also
said that students should not open e-mail from unknown
senders, and to delete e-mail that looks suspicious.
Symantec said the worm appeared to contain a program that
collect usernames and passwords and distribute them to
strangers. Network Associates did not find that program.
The worm also appeared to infect folders open to users
of the Kazaa file-sharing network. Remote users who download
those files and run them could be infected.
Microsoft offers a patch for its Outlook e-mail software
to warn users before they open such attachments or prevent
them from opening them altogether. Antivirus software
also stops infection.
The Associated Press contributed to this report. |
|
|
|
|
|
|
