22 February 2005

Virus activity

PCs on campus under attack yet again

Several new variants of the MyDoom worm infected campus PCs on Thursday 17 February 2005 and the following days. The emails containing the malicious code as an attachment were particularly sophisticated and managed to fool a number of people around the campus into opening the attachments, infecting their PC and spreading the infection.

It took a few hours for the anti virus vendor used by the campus to provide an updated signature file for the eTrust antivirus software used to protect PCs here, so campus PCs were vulnerable until eTrust could strip the malicious code from the offending emails. With the variations of the original worm coming out over successive days, new signature files were being issued daily by the vendors in an attempt to keep up.

Staff (and students) need to be more vigilant about emails and seek reassurance from colleagues or the helpdesk before opening attachments to ANY uninvited emails.

There was no impact on Macintosh users, except having to deal with the slowdown of the campus email servers under the burden of the worm, and receipt of many emails with the malicious code attached. The comedu helpdesk staff lost a day or two dealing with the impact of the attack at the helpdesk's busiest time of the year.