Attack of the worms: summer e-mail viruses clog university networks - Update

University Business, Sept, 2003

It's not pollen in the late summer air that made network administrators sick; it's the flood of e-mail-borne computer viruses that has spread through university and commercial networks with surprising ferocity in recent weeks.

Like most e-mail viruses, the latest incarnations--which are known by names such as Blaster, Nachi, and Sobig.F--propagate by infiltrating a PC's e-mail address book and sending copies of themselves to the names on the list.

What they do next varies according to the virus. Blaster, for example, was scheduled to execute a Denial of Service (DoS) attack on Microsoft's patch site on August 15, using remotely controlled, infected hosts. Fortunately, the attack was averted. Nachi, at first glance, appeared to be a "good" worm designed to remove Blaster from infected computers and patch a security hole in the Windows OS. It crippled corporate networks for hours, and installed its own security hole that experts say could be compromised later.

Sobig.F, which earned distinction as the fastest spreading e-mail virus ever, apparently did not cause any file damage, but it did attach itself to address books and turn infected computers into "spare machines." In the process, it dramatically slowed computers and networks, causing some, such as those of the University of Wisconsin-Madison, to shut down systems to delete the worm.

Bennet George, Web manager at Mississippi State University, told reporters that the virus attack caused an "e-mail storm" that disrupted thousands of faculty, staff, and students. "Many campus users are reporting receiving enough e-mail to constitute a distraction from work," George said at the height of the attack. "I am receiving about 1,000 messages per hour, myself." And then there is Doug Sharp, assistant vice chancellor for Information and Instructional Technologies at Purdue University Calumet, who warned PC users to be wary of e-mail from unknown senders. "If you receive a suspicious e-mail, delete it immediately and empty your trash. Do not open it," he said. "If you do open an e-mail, but are suspicious of an attachment, do not open the attachment. Delete the file."