Sometime early Monday evening, the MyDoom email worm made its way into the University network by infecting the first few computers that received an email containing the worm in an attachment.
The MyDoom worm can infect a computer when the user downloads and opens the email attachment containing it. Once this happens, the worm sends emails to the addresses in the user’s inbox and outgoing mail, thus perpetuating the cycle.
The University’s email virus protection software, Sophos, notified Information Technology Services (ITS) that the worm was detected on the University server and directed ITS to get a patch that would prevent further infiltration of the virus.
Director of Technology Support Services Ganesan Ravishanker said that he had promptly downloaded the patch, but there still remained the problem of dealing with computers already infected.
“There was a small window when the virus was getting through our mail server,” Ravishanker said.
About twenty students’ computers were infected with the virus in addition to a few members of the faculty and staff as well as some lab computers, according to Ravishanker.
“I know there are at least three people that are disabled because of it,” said ITS Helpdesk consultant Ravvan Ceaba ’04.
Economics Professor Gil Skillman said his computer received the virus after he opened an email attachment containing the worm before the presence of the worm was reported to the campus.
“I got sent what looked to me like an email from a colleague,” Skillman said.
He said the worm had sent emails from his account to others, but that when his computer was disinfected he has had no additional problems.
The worm caused further trouble by overburdening and slowing the anti-virus software, causing delays in email service. This was particularly problematic for the machine responsible for processing all mail coming from outside the University.
These five machines are divided between students in classes of odd number years, students of even number years, faculty and staff, alumni, and all incoming email from outside the network.
Ravishanker said that the email delay problem was resolved by deactivating the anti-virus software on the server for incoming email so that the workload was shared between the other four computers.
“We were basically distributing the load to four machines,” Ravishanker said.
The worm is called a denial of service attack and works by bombarding a website with traffic in order to overwhelm it and effectively shut it down. Most denial of service attacks target Microsoft websites, but this worm targeted Linux, according to Vice President for Information Technology John Meerts.
“The problem with these viruses is that they never work quietly,” Meerts said.
The worm, if left unchecked, has the potential to delete files from the hard drives of infected computers, according to Ravishanker.
Both Meerts and Ravishanker agreed that MyDoom has caused far less damage than the MSBlaster virus, which plagued the campus for several weeks at the start of last semester. They said that part of the reason MyDoom has not caused as much trouble is because students were not returning from break with infected computers like when MSBlaster hit.
“This was a breeze compared to the MSBLaster,” Meerts said.
Ravishanker said that ITS plans to take steps in the near future to ensure that virus attacks will no longer cause disruptions to email service. He said that installing anti-virus software and downloading software updates are ways to prevent infection from MyDoom and future viruses.
“Never click on an attachment if you don’t know who it is from or what it is,” Ravishanker said.
Leave a Reply