Penn State blue navy and white logo

University Continues to Combat Global Computer Virus Outbreak

By Heather Herzog and Debbie Ingram

The University has launched several preventative measures to ensure protection of the Penn State community against the latest, and one of the most deadly viruses, now spreading across the Internet. The virus, known as W32.Novarg.A@mm (or My.Doom), is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, ..pif, .scr, or .zip. If the attachment is opened, the virus infects the computer and quickly replicates and transmits itself throughout the network, bypassing security systems and consuming huge quantities of bandwidth. According to an article released by CNN last week (http://www.moneymag.com/2004/01/28/technology/mydoom_costs/), My.Doom has shut down networks worldwide and estimates for lost productivity and technical support expenses caused by the worm are over $100 million dollars.

The worm hit Penn State on January 26, 2004 and within hours the University began filtering suspect e-mails on an average of six per second (the equivalent of 518,400 per day). To protect Penn State's network, Information Technology Services (ITS) made a decision to filter e-mails with subject lines that are typically used in the infected messages. Subject lines that begin with the following words or phrases are currently being filtered: Hi, Hello, Test, TEST, Status, STATUS, Error, Server Report, and Mail Transaction Failed. Students, faculty and staff who have been sending mail with these subject lines have consequently been receiving an error message that reads: "This message may contain the W32.Novarg.A virus, please try a different subject line." To remedy the error, computer users should simply refrain from using the subjects listed above, or alter them by adding a preceding word such as "Friendly Hello," instead of "Hello," in order to prevent the automatic filtering response.

To ensure the worm is not able to spread from computers that are already infected at Penn State, ITS has also been blocking network connections to machines that have recently contracted the virus in the University's residence halls. Individuals who use these connections will be unable to access the University network until the problem is resolved, however they may still use their Penn State Access Accounts at the campus student computer labs.

At this time, according to Steve Kellogg, director of Advanced Information Technologies at ITS, Penn State is continuing to filter suspect e-mails on an average of 3 per second each day, however this volume is expected to drop somewhat at the end of this week when My.Doom "A" is scheduled to stop spreading world-wide. A variation of the worm (My.Doom "B") will continue to circulate, he adds, so Penn State's filtering efforts will remain in place.

Kellogg further urges that prevention is the easiest and least expensive way to keep computers secure, especially since today's worms and viruses are increasingly complex and capable of doing critical damage to both individual and large-scale systems. "It's essential that students, faculty and staff install virus-protection software and ensure that this software is configured to automatically install weekly updates or definitions," he stated. "Norton AntiVirus software is available at no cost to Penn State students, faculty, and staff, and can easily be downloaded from the PAC-ITS CD or from: http://its.psu.edu/virus.html on the Web. We recommend that if you haven't installed and configured anti-virus software on your system, you do this immediately.

Information Technology Services also recommends that students, faculty and staff scan their entire systems for "missed" viruses, now and biweekly. Virus definition files should be updated every week, or more often when a virus or worm is spreading through the community. For assistance, contact the ITS Consulting and Support Help Desk at: 863-2494 or 863-1035 (the toll-free number is 1-888-778-4010 for those not at University Park). If you receive an infected e-mail, please forward it, with full headers showing so it can be traced, to virus@psu.edu. For more detailed instructions on reporting viruses, worms and other security concerns, visit ITS Security Operations and Services (SOS) on the Web at: http://sos.its.psu.edu/

The Pennsylvania State University ©2004. All rights reserved.
Alternative Media - Nondiscrimination Statement
This site maintained by Consulting & Support Services, a unit of Information Technology Services.
Consulting and Support Services Staff Directory

For assistance please write to the or see our Help Sources.
Provide site feedback to the .

Last revised: Thursday, February 12, 2004.