University continues to combat global computer virus outbreak

Penn State has launched several preventative measures to ensure protection of the University community against the latest, and one of the most deadly, viruses now spreading across the Internet. The virus, known as W32.Novarg.A@mm (or My.Doom), is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr or .zip. If the attachment is opened, the virus infects the computer and quickly replicates and transmits itself throughout the network, bypassing security systems and consuming huge quantities of bandwidth.

The worm hit Penn State on Jan. 26, and within hours the University began filtering suspect e-mails on an average of six per second (the equivalent of 518,400 per day). To protect Penn State’s network, Information Technology Services (ITS) made a decision to filter e-mails with subject lines that are typically used in the infected messages. Subject lines that begin with the following words or phrases are currently being filtered: “Hi,” “Hello,” “Test,” “TEST,” “Status,” “STATUS,” “Error,” “Server Report” and “Mail Transaction Failed.”

Students, faculty and staff who have been sending mail with these subject lines have consequently been receiving an error message that reads: “This message may contain the W32.Novarg.A virus, please try a different subject line.” To remedy the error, computer users should refrain from using the subjects listed above, or alter them by adding a preceding word such as “Friendly Hello,” instead of “Hello,” in order to prevent the automatic filtering response.

To ensure the worm is not able to spread from computers that are already infected at Penn State, ITS also has been blocking network connections to machines that recently have contracted the virus in the University’s residence halls. Individuals who use these connections will be unable to access the University network until the problem is resolved. However they may use their Penn State Access Accounts at the campus student computer labs.

At this time, according to Steve Kellogg, director of Advanced Information Technologies at ITS, Penn State is continuing to filter suspect e-mails on an average of three per second each day. This volume is expected to drop somewhat at the end of this week when My.Doom “A” is scheduled to stop spreading worldwide. A variation of the worm (My.Doom “B”) will continue to circulate, he said, so Penn State’s filtering efforts will remain in place.

Kellogg said prevention is the easiest and least-expensive way to keep computers secure, especially since today’s worms and viruses are increasingly complex and capable of doing critical damage to both individual and large-scale systems.

“It’s essential that students, faculty and staff install virus-protection software and ensure that this software is configured to automatically install weekly updates or definitions,” he said. “Norton AntiVirus software is available at no cost to Penn State students, faculty and staff, and can be downloaded easily from the PAC-ITS CD or from http://its.psu.edu/virus.html on the Web. We recommend that if you haven’t installed and configured anti-virus software on your system, you do this immediately.”

Information Technology Services also recommends that students, faculty and staff scan their entire systems for “missed” viruses, now and biweekly. Virus definition files should be updated every week, or more often when a virus or worm is spreading through the community.

For assistance, contact the ITS Consulting and Support Help Desk at (814) 863-2494, (814) 863-1035 or (888) 778-4010 for those not at University Park. Anyone who receives an infected e-mail should forward it, with full headers showing so it can be traced, to virus@psu.edu. For more detailed instructions on reporting viruses, worms and other security concerns, visit ITS Security Operations and Services (SOS) on the Web at http://sos.its.psu.edu/