January 28, 2004

E-Fungus Among Us

Print More

Cornell Information Technologies (CIT) sent a campus-wide e-mail alert yesterday warning computer users that the Novarg e-mail virus, which began flooding corporate mailboxes on Monday, has been located on Cornell’s network.

The virus appears as an attachment in an e-mail with a .zip, .exe, .pif, or .scr file suffix. Once opened, the virus renders computers vulnerable to hackers seeking to retrieve sensitive information stored within. Novarg then distributes itself to e-mail addresses stored within the infected machine. The virus has been spreading at a breakneck pace for the last two days through massive corporate e-mail lists, according to the Associated Press. Novarg is also programmed to initiate a denial-of-service attack against the website of software developer SCO Group.

While CIT’s new mail servers are equipped with software capable of blocking the virus, there are several leaks through which Novarg has trickled into the University’s network, according to Steven Schuster, director of Information Technology security.

“We haven’t had to worry so much because our antivirus stuff has done an exceptionally good job,” Schuster said. “[Still], there is a small chance e-mail may be directed around antivirus software.”

One of the potential gaps in Cornell’s electronic defense lies in mail servers other than the central CIT servers which route most student mail. Separate servers exist for the computer science department, the School of Hotel Administration and the Johnson Graduate School of Management. These servers may not be adequately protected from the Novarg attack.

Additionally, infected mail routed through one of CIT’s post offices runs a slight risk of getting into students’ computers.

“There is a small chance e-mail may be directed around antivirus software, a very small chance,” Schuster said. “And that will be closed up tomorrow or the next day.”

Students who believe their computers may have become infected with the virus should visit the Symantec Corp. website and follow the removal instructions posted there, Schuster advised. The CIT help desk will also be available to walk users through the process.

Archived article by Jeff Sickelco