Virus violates e-mail account
February 5, 2004
Last Tuesday Paul Crittenden came to work at Simpson anddiscovered an e-mail box overflowing with virus-infectedattachments. A virus called W32/Mydoom@MM made its way toSimpson.
“Basically, I looked on the server to see how many e-mails wentout and the processes to delete the outgoing contaminated virus,”said Crittenden, computer system administrator information systems.”Net INS, our Internet provider, found a few infected computers oncampus. We took them off the network and cleaned them up.”
According to McAfee Security’s online Web site, W32/Mydoom@MM isa high-outbreak risk mass-mailing worm flooding e-mail servers.When downloaded, the worm takes e-mail addresses from the infectedmachine. This e-mail generation engine is similar to thetechnologies used to generate addresses for spam e-mailcampaigns.
W32/Mydoom@MM generates e-mails with a spoofed “From” field, soincoming messages may appear to be from people you know.Furthermore, the subject line and message body are both randomlygenerated by the worm.
To curb the problem, the Information Services Department blockede-mails with the file attachments ending in .exe, .cmd, .vbs, .pif,.scr., .bat. etc. This is only a temporary solution for theproblem, and a potential hazard for people who hope to receiveexecutable files.
For infected computers there is a link available throughInformation Services to get rid of the virus and a CD for thosepeople unable to access the Internet.
“I think my computer is infected,” said freshman CourtneyAckerson. “It’s screwing up my Internet, but I’ll get in touch withInformation Services.”