Computer viruses continue to plague e-mail

February 18, 2004

It seems as if every few days a new computer virus shows up in e-mailboxes. The problem is growing, taxing the resources of information technology professionals as they try to maintain a secure, virus-free network.

"By now, I think most people know the basic formula for these things," said Kathy Kimball, director of computer and network security in Information Technology Services (ITS) at Penn State. "The e-mail may appear to be from someone you know, but the message inside is poorly worded, or not in the usual style of e-mail from that sender. And there's an attachment included that you're urged to open."

In addition, several copies of the same e-mail, from different senders, typically arrive at the same time or within a short period of time. As usual, Kimball cautions people not to click on these unexpected attachments.

"I can't say it enough — even if the e-mail appears to come from someone you know, don't click on it unless you can confirm from that person that they sent it," Kimball said.

Prevention is the key to avoiding problems with e-mail viruses and worms.

"Everyone also should have virus protection software installed on their computers by now, and they should update the virus definitions today and weekly," Kimball said.

Norton AntiVirus software is available at no cost to Penn State students, faculty and staff, and can be downloaded easily from the PAC-ITS CD or from http://its.psu.edu/virus.html on the Web.

"That Web site also is a good resource for information about the known viruses," said Robin Anderson, associate director for marketing and communications in ITS. "It's wise to get into the habit of checking it often — even daily — to stay on top of what viruses may be out there."

A new virus began showing up in e-mailboxes at Penn State yesterday. This newest computer threat — W32.Beagle.B@mm — is a mass-mailing worm that opens a backdoor on TCP port 8866, giving the attacker access to the infected computer. The worm, which also is known by several other names including Bagle.B, uses its own SMTP engine to e-mail itself to other computers.

The subject line of these infected e-mails is "ID ... thanks" and the attachment typically is named .exe. Several of these e-mail messages appear to come from people known to the recipient, but they have not originated from the person listed in the "from" field.

"Somebody who's been infected has your e-mail address on their hard drive," said Kimball. "The virus looks for e-mail addresses in several places on local drives, and uses them in the sender field."

Another new virus alert was posted today (Feb. 18) for the W32.Netsky.B@mm virus, which has not reached most Penn State e-mailboxes yet.

"If people check the site regularly, they can see this type of 'advance warning' information so they're not surprised when they do finally see it in their in-box," Anderson said.

For assistance with infected computers, contact the ITS Consulting and Support Help Desk at (814) 863-2494, (814) 863-1035 or (888) 778-4010 for those not at University Park. Anyone who receives an infected e-mail should forward it, with full headers showing so it can be traced, to virus@psu.edu. For more detailed instructions on reporting viruses, worms and other security concerns, visit ITS Security Operations and Services (SOS) on the Web at http://sos.its.psu.edu/

(Media Contacts)

Last Updated March 20, 2009