Mydoom worm infects UM Exchange

Thousands of Internet mail servers, including the University’s Exchange system, fell victim in late January to a fast-working, multi-threat computer virus designed to clog emailboxes, make PCs accessible to web-based evildoers and ultimately shutdown Microsoft’s website.

The Novarg or Mydoom worm, discovered Jan. 26, may be the reason why some users of Exchange or other systems experienced PC operating problems or inboxes overflowing with reply emails from unknown addresses.

“The most common method of contracting the virus is downloading an email attachment. This particular virus sent out different emails with varying subject lines and file extensions, so it was difficult to identify,” said Ismael Pimienta, network specialist for Information Technology.

A download by only one user of a system can make all users susceptible to “spoofed-sender emails”: reply messages from unknown users that jam inboxes. However, only those users who actually download the infected file make their computer susceptible to outside threats.

“Once your system is infected, it opens a port that allows others to come into your PC and modify files. And once that door is opened, they can do whatever they want,” Pimienta said.

It was discovered that the eventual goal of the new virus was to configure infected PCs to simultaneously attack Microsoft’s website on Feb. 1, in hopes that flooding the site with information would cause it to shutdown, at least temporarily.

Microsoft is offering $250,000 through their Antivirus Rewards Program to anyone with information that leads to the arrest and conviction of those responsible for launching the Mydoom worm.

Due to the fast-spreading nature of this worm and others like it, Telecommunications often disables the accounts of infected students in an effort to halt further infection.

“Students that are having problems or discover their account isn’t working can bring in their PC for us to fix, or come pick up a disk with programs that will get rid of the virus,” said Jade Bautista, Network Specialist for Telecommunications.

Popular antivirus programs like Norton have updated definitions to include protection against the Mydoom worm. However, new viruses infect large systems like Exchange on a regular basis, so caution when downloading is advised.

“Unfortunately, it really relies a lot on users and their practices. Just one person could start a chain of events that is very difficult to stop,” Pimienta said.

Students who believe that their computer may be infected can call Telecommunications at 305-284-6565 with questions.

Samantha Riepe can be contacted by uninfected users at sriepe@miami.edu.