|by Brad Weaver • January 27, 2004|
Story updated 9:50PM Tuesday Jan 27: see end of page for details
A new email virus called MyDoom (also called Novarg) has made its way to campus. Our email filters are now blocking this virus, but many copies have already been delivered. The messages may appear to come from someone you know, and have one of the following subject lines:
mail delivery system
mail transaction failed
[random collection of characters]
The text of the message may appear to be gibberish, or the message may say something like "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."
If you receive any of these messages, simply delete them. Do not click on the attached file, as this may infect your computer with the virus.
What Systems are Vulnerable
The MyDoom worm can infect computers running all versions of Microsoft Windows from version 95 on, including Windows 95, 98, Me, NT, 2000, and XP. The worm does not infect Macintosh computers,
What the Worm Does
If you opened the file attached the infected email message, you may have the MyDoom worm on your computer. If your computer is infected, it will send infected email messages to other people, and also install a "trojan horse" program on your computer that could allow hackers to access your computer remotely. It is also designed to spread via the KaZaa file sharing network.
Note that the worm itself does not damage files on your computer, but the trojan horse program could allow access to your system to someone who might do more damage. If your computer is infected with this worm, it is important to remove it as soon as possible.
We have installed a MyDoom check/removal program on the campus network. We strongly encourage everyone to test their system, as running the removal program will not harm your computer. To run the program:
If you need to check your home computer or are not connected to the Scholar server, you can download the removal program from the Sophos web site. Please see the link for the MyDoom Disinfection Utility at the end of this article.
The MyDoom removal program simply removes the worm from your system; it does not prevent reinfection. If you open an attachment in an infected email message, you will reinfect your computer and should run the removal program again.
Avoiding Email Viruses and Worms
You can avoid becoming infected with MyDoom, and most viruses that spread via email, simply by not opening the attached file. Note that almost all modern email worms spoof the "from address" so that they appear to come from someone you know (and presumably trust). If you did not request the sender to email you a file and are not sure what it is, then do not open the attachment until you verify the contents of the attachment with the sender.
For More Information and Assistance
If you have other questions about the MyDoom worm or need help removing the worm from your computer, please contact the Help Desk at x6400, or via email to email@example.com.
Additional Information Added 9:50PM Tuesday Jan 27
Computer Services continues to take steps to reduce the impact of the "MyDoom" internet worm. We have seen a number of computers on campus that are infected with this worm, and encourage everyone to review the steps above to check and, if necessary, disinfect your computer.
While we are blocking transmission of this virus through our mail server, we continue to receive thousands of infected messages from the Internet. This likely will cause some ongoing slowness of the mail server. We have taken the following steps to minimize this problem: