Instructional Technology Support

		Security and Virus Alerts
		ITS Home \| Computer Labs \| Student Support \| Faculty Support \| E-mail Login \| BB Login

Immediate Threats

W32.Mydoom.F: Feb. 20, 2004
Mydoom.F began replicating itself on tens of thousands of home and business computers. Like other viruses, it spreads by tricking PC users into opening a viral e-mail attachment. It then e-mails a copy of itself to all e-mail contacts found on the PC, and opens a back door to receive more hacker commands. But MyDoom.F does something viruses have not done since 1999: It begins systematically deleting files. The virus deletes Microsoft Word documents, Excel spread sheets and Access database files, along with digital images and movies. It appears to target files that typically represent extensive cumulative work.

Netsky.B Worm: Feb. 18, 2004
Security experts have warned of a new mass mailer worm, W32/Netsky.b@MM, or Netsky.b. Antivirus software vendor McAfee's Anti-Virus Emergency Response Team (Avert) said the worm is infecting PCs at a rate of 40 to 50 an hour. It is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for folder names containing "Share" or "Sharing," and then copies itself to those folders. The subject, body, and email attachment differ. The subject lines vary but include "unknown," "fake, "stolen," "warning," "hello" and “what does it mean?” The message body can contain a number of different texts, all of which are generic. Examples include "I found this document about you," "something is going wrong," "I have your password" and "that is bad".

W32/Mydoom@MM: Jan. 26, 2004
The "Mydoom" mass-mailing worm has been creating large volumes of spoofed e-mail and bounceback traffic on the Internet. This worm infects Windows computers if the attachment (which is randomly named) is opened. Many users have been confused by the messages, because it appears that they have sent the original e-mail that is bounced back.This worm infects Windows, not Mac or Linux systems, and it installs resgitry entries and files that spawn a proxy service which listens at a port between 3127-3198. This service can also download other files, because it installs a backdoor and a mailer engine that begins to forge e-mail from other address book entries on your computer. Of particular concern for students is that this worm is also being spread on the KazAa P2P network, so it is possible to get the worm by connecting to a KaZAa file-sharing network and downloading an infected file.

Xombe: Jan. 9, 2004
A new Trojan horse program is spreading via spam e-mail which masquerads as a Windows XP software update from Microsoft. The program, known as Xombe or Dloader-L, arrives as an executable attachment in spam e-mail messages appearently from windowsupdate@microsoft.com and installs itself when users open the attachment.

Virus Warnings

Most emailings that are propagated for the purpose of warning people about potential catastrophic viruses are hoaxes. These hoax emails can sometimes be almost as bad as an actual virus, taking up valuable email server space and causing undo stress. If a warning is not from a legitimate source, you should not forward it to anyone. For more information on virus hoaxes, visit the Symantec virus hoax page.

ITS recommends that the NSU Faculty, Staff, and Students to maintain current anti-virus software on their personally-owned computers. Two of the many anti-virus software options on the market are McAfee VirusScan (PC) / Virex (Mac) and Symantec Norton Antivirus. The software can be purchased and downloaded online, or purchased at many area computer stores. After you have installed anti-virus software, it is important that you keep the anti-virus software up-to-date and that you perform frequent virus scans of your computer. If your virus definitions are not updated, your antivirus software will not catch these newer viruses.

You are also strongly encouraged to keep your computer updated with the latest security patches. It is good system maintenance practice to have your computer check for updates regularly, and to apply any patches labeled "critical." In order to make sure that your computer does not get infected or re-infected, you must apply the patches.

For Windows computers, the patch is available via the normal Windows Update process at:
http://windowsupdate.microsoft.com

For Macs, Apple's Software Update service provides Security Updates for Mac OS X.

If your personal computer on campus and the computers connected through the dial-up network at Nicholls is found to be infected with a virus or has a major unpatched vulnerability, Computer Services at Nicholls will disable your network access to prevent the virus from spreading. To have your network access re-enabled, you will have to prove that appropriate patches have been installed and that current anti-virus software has been installed and has removed the virus.

Nicholls provides Anti-Virus and Security Recommendations & Requirements for Personally Owned Computers on campus, which includes links to information on how to protect your computer from viruses and vulnerabilities. We will also post alerts on this page when major virus and security vulnerabilities threaten the campus. For expanded information on current virus and security threats, see the following resources: