March 17, 2004

E-mail Virus Infects Campus

Print More

A virus spread across Cornell’s computer network this past week, disabling programs on many computers and multiplying itself within the system. The virus, whose name is w32.Beagle.n@mm, has gone through 14 variations since anti-virus vendors first noticed it in late February. The ‘n’ variant was detected at Cornell on Monday.

The virus is spread through attachments coming from what look like official University e-mail addresses, such as [email protected] and [email protected]. The virus creators “make it try to look like it’s official so that you want to click on it,” said Steve Schuster, director of IT security at Cornell.

An e-mail was sent from Cornell Information Technologies on Monday morning, informing members of the Cornell community about the virus.

“Please be aware that there are currently viruses circulating via e-mail attachments using forged return addresses claiming to be from Cornell, ResNet, and other university entities,” the e-mail stated. The e-mail reminded students that “ResNet will not send any e-mails which include attachments.”

Infected e-mails have subject lines like “notify about using the e-mail account” and “e-mail warning,” according to Heather Shannon of Symantec, the anti-virus vendor used by Cornell. The attachments, which are stored in .zip, .rar, or .pif files, infect files with an .exe extension.

The text of the e-mail, warned Symantec, usually contains a variation of a warning telling recipients that their computers are infected with a virus and they should download the attachment to prevent future damage., which posted warnings about the virus soon after it was detected, stated that Beagle “attempts to spread through file-sharing networks, such as Kazaa and iMesh, by copying itself into folders that contain the string ‘shar’ in their names.”

When a virus is first released, on what is called ‘zero day,’ no anti-virus software exists to stop it.

“At ‘zero day’ everyone in the world is vulnerable to this kind of attack,” Schuster said. As soon as people are attacked, anti-virus vendors scramble to analyze the virus’ behavior, name it, and identify what kind of protection is needed to stop it. Although anti-virus companies like Symantec are able to create protection within a very short period of time, Schuster said, “there is a small window