Starting late last Friday, Feb.27, a contest between the writers of the e-mail worms Beagle, Bagle, MyDoom and NetSky has produced many mutant worm variations. Washington State University has been most impacted by the Beagle.I worm.
The Beagle.I worm poses a new problem for antivirus programs. The e-mail contains a randomly named executable file (i.e., .exe file) inside a .zip file. The embedded .exe file is password-protected with a random password and thus is not checked by antivirus programs and can be delivered to your mailbox. This worm also attempts to spread across file-sharing programs
such as Kazaa.
Many computer systems around the world, including some at WSU, are infected with these worms. When the worm sends out its spam it uses e-mail addresses from files found on the infected system. If the computer system has received e-mail from a valid WSU address, that address could be used, in turn, to disguise the source of the infected e-mail. This practice is called e-mail spoofing.
We are seeing a variant with the messages similar to this:
Dear user, the management of Wsu.edu mailing system wants to let you know that some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account.
Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
Pay attention on attached file.
Attached file protected with the password for security reasons. Password is 20506.
Kind regards,
The Wsu.edu team
How to protect yourself
What can you do to protect your computer from problems of this nature?
1) Ensure that your computer systems operating system is up to date with the latest fixes.
2) Ensure that your email client is patched with the latest security updates. There are generally available on the vendor’s web site.
3) Check the documentation for you email client on how to turn off the automatic execution of embedded email attachments.
4) Use an antivirus program. Keep the virus definitions up to date and turn on “real time” protection.
5) Do not open any attachments that you are not familiar with. Infected attachments can come from even your closest friend.
For Assistance, faculty or staff should contact the Technical Assistance Center (TAC) at 509-335-5396. Students should contact Student Computing Services (SCS).
