19 January 2004

W32/Bagle email virus

There is a new email virus on the loose infecting PCs across the campus.

Reports have been received from PC users across campus today of a new virus, W32/Bagle. This is a mass-mailing virus transmitted via email attachment. Anti-virus software on mail servers and email clients across campus needs to be updated to combat the infection. The virus mails itself to addresses harvested from the infected machine, and installs software that allows the infected computer to be controlled remotely.

Macintosh computers are not affected by the virus, but users may receive a number of the virus-infected emails.

The emails have the subject "Hi", and contain a .exe file (PC executble) as an attachment. The file name for the attachment varies, but all are about 20K in size. The sender's address has been stolen from the address book or other file on a previously infected computer, so it may appear valid. It is not.

DO NOT OPEN OR RUN THE EXECUTABLE. Any comedu staff who have run the attachment should shut down their machine immediately and call the comedu helpdesk. Infected computers will be disconnected from the network until the virus has been removed by TSU staff.

Emails suspected of containing the virus should be deleted without being opened.

Further details of the virus can be seen at http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100965.