Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bagle-J

From: Todd Gunter <guntet () SAGE EDU>
Date: Wed, 3 Mar 2004 13:56:28 -0500
We have been hit by this latest variant as well.  We get out email through a portal and not locally anymore.  Their 
anti-virus software didn't pick it up.  Our local anti-virus software (CA) hasn't been able to detect it either.  We 
are working with both to fix our problem.  CA picks up the virus on their end but we can't here.  Weird problem.

This is the sneekest email yet in virus delivery.  Our users are quickly becoming very cautious in regards to email and 
internet use.  However, we did get a few who fell prey and have caused us some problems.  We've had to shut off 
filesharing and are trying to locate all infected PCs and shared files.  We're having little luck.  Still we don't have 
a way to clean it up just yet.  Hopefully our anti-virus detection will catch up and do it's job.

Todd

-----------------------------
Todd Gunter
Director, Management Information Systems
Information Technologies Project Manager
guntet () sage edu
45 Ferry St
Troy, NY 12180
518-857-6754 (cell)
518-244-2088 (office)
518-244-2460 (fax)

---------------------------------------
Original Email
From: Theresa M Rowe <rowe@oakland.Bagle>
Sent: Mar 03, 2004 11:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Bagle-J

Our email systems are completely swamped today handling what
looks like Helpdesk-J.  The authoritative look to the email is
generated dozens of calls and requests to our emailer.  This
is a very, very prolific edu.  The message comes
from "management@oakland.noreplay" or "edu@oakland.TextDocument" or
some other very official looking "from."
The message, after going through mail filters, reads as below-
 it just looks too authoritative and it is causing a
nightmare.


A message filter removed the following attachment(s) from
this message: pif.edu

Dear user of Oakland.spam,

Some of our  clients complained about the  edu (negative e-
mail content)outgoing  from your  e-mail  account. Probably,
you have been  infected by a proxy-relay trojan  server. In
order to  keep your computer  safe,follow the instructions.

For details see the attach.

Cheers,
   The Oakland.http  team
www://edu.oakland.www

Theresa Rowe
Assistant Vice President
University Technology Services
edu.oakland.uts/http - the latest news from University Technology Services

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
www://educause.edu.cg/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: