2. Virus Epidemic Spreading
In the February 15th ITSS Digest we reported news about the installation
of software to detect and block viruses and worms contained within
incoming E-Mail. (Mail Gateways "Catch Bugs" and "Eat
Worms"!). The frequency of virus attacks is growing, and they
are getting more sophisticated, and often quite destructive.
The recent KLEZ family worm came to Stanford email gateways by
the thousands each day. In April, Stanford's incoming mail gateway
removed more than 36,000 of the KLEZ viruses; the outgoing mail
gateway removed about 3,000 (see the description of the virus below).
These infected messages could have damaged hundreds of computers
at Stanford, if not caught by the Gateway. And, while this most
recent virus made up a majority of those caught, they still only
accounted for 50% of the total viruses intercepted. For those interested,
there is a brief description of the virus below.
While the E-Mail gateway virus catcher has made a major improvement
in our protection to the Stanford community, it is also important
that each desktop also update their Norton anti virus software.
This can be done easily from the internet. Check with you local
desktop support person if you do not know how to do these updates,
or submit a request via HelpSU (http://helpsu.stanford.edu).
You may also call 5-8181 for assistance.
KLEZ family worm: - this worm spreads via the desktop address-book.
It then changes the outgoing email address in the FROM: field. It
obtains the email addresses by stealing addresses from the infected
user's address book. This causes a non-infected user to appear as
the person who has sent this worm's malicious email. It does this
to hide the real sender of the infected email. To make detection
harder, the subject, msg body and attachments are randomly selected
from the worm's list.
-Susan Feng (firstname.lastname@example.org),
[If, by chance, you do not have a virus detection
program installed, download Norton AntiVirus from the Essential
Stanford Software page. http://ess.stanford.edu.