Computer virus spreads on campus

The "Navidad" computer virus arrived at Princeton last week, just in time for the Christmas season. Since then, the virus has infected at least seven University students' computers and has appeared in e-mail inboxes across campus, CIT officials said yesterday.

The virus first struck in 1942 Hall on Tuesday when — within minutes — about 15 people received the e-mail with the virus-spreading file attached, Butler College residential computing consultant Forrest Collman '03 said.

One of the hall residents received the virus from a friend at Stanford and the virus spread itself from her inbox to the inboxes of her friends.

The virus' creator has not yet been identified, according to CIT official Kevin Graham.

The virus — which is classified as an e-mail worm — spreads as an attachment to e-mails from one inbox to another.

"The subject of the e-mail is 'Merry Christmas early,' " Collman said.

When the attachment, called navidad.exe, is downloaded, it disables the computer's ability to run executable — also called .exe — files in Windows so that no programs can be opened, Graham said.

"Basically, if it can affect an .exe file, that means it can affect everything," said residential computing consultant Micah Arbisser '01. "Almost any program file is an .exe file, so if .exe programs are disabled, then you can't use any software whatsoever."

As an added threat, if the infected computer uses Microsoft Outlook for e-mail, the virus checks for all messages in the user's inbox with attachments and forwards itself to the senders of those messages.

Consequently, the virus can spread very quickly, CIT officials said.

When the virus strikes, it also places a blue eye icon on the computer's taskbar. When the mouse pointer is over the icon, the virus displays a yellow dialogue box that says phrases in Spanish such as "Merry Christmas" and "We are watching you," said Phillip Immordino, a senior technical staff member for CIT.

Graham said the title of the virus makes e-mail users more likely to download it. "People will click on the attachment thinking they're downloading a game or a Christmas card, and then they've got a virus," Graham said.

Get the best of ‘the Prince’ delivered straight to your inbox. Subscribe now »

He also said e-mail users are more prone to download the attachment because it is sent from a familiar address. "It appears to be from someone they know, so there's less suspicion," he explained.

Melissa Magner '04 was one of the students who received the virus Tuesday. The worm prevented her computer from being able to launch programs and open files until it was repaired by Collman.

"I received it from a name I recognized, and I opened the file, thinking it was a stupid picture," Magner said. "I'll definitely be a lot more careful in the future."

Once the virus program is opened, the worm is very difficult to remove, Arbisser said.

According to Graham, students can download a program to fix the damage or they can contact CIT officials for assistance.

But the best way to protect a computer from the virus is by updating Norton Anti-Virus software, Immordino said. "On November 6, Norton Anti-Virus created a new definition to stop Navidad's attack, so you definitely want to update it," he said.