OIT fights e-mail virus outbreak

University OIT services have largely contained the computer virus that broke out earlier this week. The bug, commonly known as the Bagle virus, was particularly deceptive because of its ability to reside in attachments to emails from users' own acquaintances.

The virus, which hit campus Tuesday afternoon, spread quickly via mass emails to students that appeared to be sent from University officials.

The OIT Help Desk received about 200 phone calls and 100 email queries related to the virus between Tuesday night and Wednesday afternoon, Director of OIT's Enterprise Infrastructure Services Dan Oberst said. During that same interval, OIT removed over 11,000 zip — or compressed — file attachments that were possible virus carriers.

In addition to large-scale emails to people in the user's address book, the Bagle virus causes a remote central site to send commands to the user's computer until March 25th. "This implies that the damage is unpredictable," said OIT Security Officer Anthony Scaturro.

OIT now has the anti-virus software and is deleting infected attachments. An attachment entitled DELETEDO.txt indicates that an infected attachment has been removed from an email.

Some contaminated emails appeared to have been sent from the email account of Lisa DePaul, the assistant director of housing. However, she explained Wednesday in an email to undergraduates that she did not, in fact, send the emails.

Scaturro said new virus writers are now able to forge senders' names so that the apparent sender is not the author of the email with the virus.

OIT personnel cautioned that hackers' increasing sophistication may continue to cause problems.

"The virus writers are getting very, very good at social engineering," Scaturro said, referring to techniques used by hackers to trick recipients into downloading viruses.

Most viruses are downloaded by computer users who think they have received a harmless email with an attachment from an acquaintance.

The particular virus afflicting the University is carried through zip attachments. But other viruses can be carried through different kinds of attachments, Scaturro said.

"Just looking at the email will not launch the virus," Oberst said. "The main danger is when you click on the attachment."

Get the best of the ‘Prince’ delivered straight to your inbox. Subscribe now »

OIT receives its anti-virus software from the Symantec Corporation, Scaturro said, and Symantec is constantly updating its software to destroy new viruses. The dangerous window of time starts with the appearance of the virus and ends when the new anti-virus program is downloaded.

"People have to be careful even when opening attachments from best friends," Scaturro said. He added that virus-laden emails are usually generic and can sometimes appear very official and authentic.

"The best defense for us is only to open an attachment if you know the sender and you know why you're getting the attachment," Scaturro said.

DePaul expressed concern that the virus might interfere with room draw procedures.

"It's just unfortunate that this happened at this time of year because I want students to take emails from me about room draw seriously, but at the same time they have to be wary [of emails that might contain viruses]," she said. However, she emphasized that she "would never send out anything with a zip file."

Users who have gotten the Bagle virus can download a program to remove it from their computers at www.symantec.com.