Educause Security Discussion mailing list archives

Re: New Email Virus

From: Krizi Trivisani <krizi () GWU EDU>
Date: Fri, 31 Oct 2003 16:12:00 -0500

We had 100's of messages get through before we could update our email filters and get the latest anti-virus definitions 
updated.  Thankfully
our user community started calling the security team and helpdesk as soon as they started seeing the messages in their 
in-boxes.

About a dozen machines on campus have been hit by this virus so far. We are shutting off the ports for the machines we 
have identified as
infected.  For each machine that is infected, a remedy ticket is being created and is searchable in the summary by IP.

These machines will be offline and will need to be patched offline by a local administrator or LSP before they can have 
their ports turned
back on.

A mass email with the following text has been sent to the University community:
--------
A new email worm is making the rounds with the subject line "Re[2]: our private photos" followed by random text.  If 
you receive this message
we ask you to delete it and do not open the attachment contained in this message.

For more information about the worm:
http://helpdesk.gwu.edu/helpdesk/news/fall03/mimailc.worm.103103.html

Computers that have not applied the latest patches are also impacted and may be used to propagate the malicious code.  
Please ensure that you
have patched your computer and are running the latest anti-virus definitions.

For more information on securing your computer:
http://helpdesk.gwu.edu/helpdesk/security/index.html
---------

Happy worm fighting!
Krizi

Marty Hoag wrote:

    I'm told our e-mail virus scanners caught 140 of these
after we updated the McAfee DATs this morning. McAfee has
issued an emergency DAT, 4301 for this. Since we use McAfee
I'm not familiar with what the other vendors have done but
I see Symantec raised the threat to Category 3.   Marty

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

New Email Virus David Bruce (Oct 31)
- <Possible follow-ups>
- Re: New Email Virus Jim Bollinger (Oct 31)
- Re: New Email Virus Scott Bradner (Oct 31)
- Re: New Email Virus James Anzaldua (Oct 31)
- Re: New Email Virus Crawford, Charles D (Oct 31)
- Re: New Email Virus Marty Hoag (Oct 31)
- Re: New Email Virus Krizi Trivisani (Oct 31)