A new computer virus discovered Monday is affecting numerous WiscMail accounts and has prompted the University of Wisconsin’s Division of Information Technology to divert worried callers to an informational page on its website.
W32.Novarg.A@mm, also known as “mydoom,” is a mass-mailing worm spread via e-mail. E-mail users who receive the virus will get an e-mail with one of the following as the subject line: “test,” “hi,” “hello,” “Mail Delivery System,” “Mail Transaction Failed,” “Server Report,” “Status” or “Error.” The virus may be delivered from a nonexistent address or from an address known to the sender and found in the infected computer’s address book. E-mails that contain the virus have an attachment that, when opened, sets up a backdoor in the user’s computer. This backdoor can then download and execute arbitrary files and opens up the computer to hacker attacks.
Computer experts warn that e-mail users must be cautious when opening e-mails, regardless of who the sender is.
“It’s important to realize that this virus will come from people you think you can trust,” said Derek McCarty, operations engineer at Berbee Information Networks in Madison. “The person who it’s from doesn’t even realize that they’re sending it.”
The number to DoIT’s help desk directs students to seek information on the DoIT website and follow the removal directions for the virus. According to the website, WiscMail techs have updated virus definitions on campus servers; however, the risk of the virus is still high, and DoIT encourages students to “double delete” any suspicious messages by first deleting the message and then emptying the trash. The website also encourages students to run antivirus software.
UW junior Jessica Heinz has received six e-mails with the virus in the past two days. Because the first virus-infected e-mail she received was from someone she knew, she tried opening it. Heinz said she immediately suspected something was wrong with the e-mail and ran her antivirus software. However, Heinz continues to receive infected messages from various e-mail addresses.
“Only one of the e-mails was from someone I knew. But I’ve also gotten some from random professors on campus who have a facstaff.wisc.edu address,” Heinz said.
McCarty said a removal tool for the virus has been developed, making it fairly easy to get rid of. A link to the removal tool can be found on DoIT’s website or by going to www.securityresponse.symantec.com. The virus only affects Windows operating systems.