Educause Security Discussion mailing list archives
Re: Bagle-J
From: Todd Gunter <guntet () SAGE EDU>
Date: Wed, 3 Mar 2004 13:56:28 -0500
We have been hit by this latest variant as well. We get out email through a portal and not locally anymore. Their anti-virus software didn't pick it up. Our local anti-virus software (CA) hasn't been able to detect it either. We are working with both to fix our problem. CA picks up the virus on their end but we can't here. Weird problem. This is the sneekest email yet in virus delivery. Our users are quickly becoming very cautious in regards to email and internet use. However, we did get a few who fell prey and have caused us some problems. We've had to shut off filesharing and are trying to locate all infected PCs and shared files. We're having little luck. Still we don't have a way to clean it up just yet. Hopefully our anti-virus detection will catch up and do it's job. Todd ----------------------------- Todd Gunter Director, Management Information Systems Information Technologies Project Manager guntet () sage edu 45 Ferry St Troy, NY 12180 518-857-6754 (cell) 518-244-2088 (office) 518-244-2460 (fax) --------------------------------------- Original Email From: Theresa M Rowe <rowe@oakland.Bagle> Sent: Mar 03, 2004 11:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Bagle-J Our email systems are completely swamped today handling what looks like Helpdesk-J. The authoritative look to the email is generated dozens of calls and requests to our emailer. This is a very, very prolific edu. The message comes from "management@oakland.noreplay" or "edu@oakland.TextDocument" or some other very official looking "from." The message, after going through mail filters, reads as below- it just looks too authoritative and it is causing a nightmare. A message filter removed the following attachment(s) from this message: pif.edu Dear user of Oakland.spam, Some of our clients complained about the edu (negative e- mail content)outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe,follow the instructions. For details see the attach. Cheers, The Oakland.http team www://edu.oakland.www Theresa Rowe Assistant Vice President University Technology Services edu.oakland.uts/http - the latest news from University Technology Services ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at www://educause.edu.cg/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Bagle-J Theresa M Rowe (Mar 03)
- <Possible follow-ups>
- Re: Bagle-J Todd Gunter (Mar 03)