USU techno-folks battle ‘mydoom’ virus

Danielle Hegsted

Mydoom, a new computer virus spreading by e-mail and peer-to-peer file-sharing, is breaking records and wreaking havoc worldwide; Utah State University was hit as well, but officials say measures are being taken to slow the virus’ effects.

The virus seems to have four parts, according to McAfee’s Web site. First, it creates a backdoor, where someone can gain control of a computer. From now until Feb. 1, it is designed to mass-mail itself to a host of e-mail addresses.

“The virus relies on e-mail addresses stored in known places on a computer. Most USU computers have a lot of USU e-mail addresses,” said Bob Bayn, associate director for network and computing services.

This results in many “secondary infections”, where on-campus computers infect other on-campus computers. Then, starting Feb. 1, it is programmed to perform Denial of Service (DOS) attacks to SCO.com, which could overload services, Bayn said.

Finally, after Feb. 12, the virus is designed to keep the back door open, and “listen for instructions from its new master,” Bayn said. “This just shows how imperative it is to keep all our defenses up.”

“Everyone needs to be cautious and careful,” said Barbara White, vice president for Information Technology Services and Chief Information Officer. “Make sure the e-mails you open are legitimate. It is easy to be fooled.”

As of 5 p.m. on Tuesday, John Hanks, network systems specialist, said the e-mail scanner had tagged over 165,000 messages, showing the relative severity of this particular attack since the normal mail load is between 100,000 and 300,000 messages per day.

Bayn said the virus often looks like it comes from a legitimate address, but in fact “the address is always forged.”

“The bottom line, or maybe the top line, is: Don’t click on attachments,” Bayn said. He said users should be especially wary of vague e-mail messages and subject lines.

Kim Marshall, director of network and computing services, said users should also be aware the virus can spread through peer-to-peer file sharing, such as music downloads from KaZaa, which is just “one more reason to be very wary of peer-to-peer sharing.”

Bayn said USU is making headway in its fight against the virus. First, staff and students are conducting searches to find infected machines and vulnerable ports.

Some machines show evidence of being infected and then show evidence of being cleaned. Bayn said this is an indication of people using their virus protection correctly and downloading new DAT files quickly. He said the people who did this should be commended.

“We want to extend our thanks to those who keep their virus files up-to-date,” he said. Everyone who is conscientious about virus protection is helping the situation. Everyone who isn’t is part of the problem.”

Bayn said the new virus should be a wakeup call to those not keeping their virus protection up-to-date. For information on how to keep virus protection updated, students can contact their local network administrator or visit the USU Helpdesk at http://helpdesk.usu.edu or (435) 797-4358.

The university also has a traffic sniffing mail scanner, which is a machine that intercepts USU e-mail and scans it for spam and viruses. Once McAfee has identified a potential virus threat, USU’s scanner will in turn remove any attachment that is recognized as a virus.

Miles Johnson, network systems specialist, said the university is taking other measures to protect itself and others.

“[Incoming and outgoing] e-mail to USU has been blocked at the borders,” he said. This means that e-mail from off-campus and e-mail to off-campus has been delayed so e-mail scanners can have a chance to look at it.

-dhegsted@cc.usu.edu