Common Viruses Seen At WOU
Bagle and Netsky variants continue to appear
Update:Someone is still releasing variants of Netsky, even though the original creator has been arrested. Even though the rivalry between the makers of Bagle and Netsky seems to have slowed down or ceased, both viruses continue to appear in new variants. There are now too many to describe here, but since PureMessage seems to be catching them all, they are not a serious threat to WOU users. See the links to the right for information on new variants. The latest tactic is not to include a virus attachment at all, but instead to try to trick the user into clicking a link in the message, which will then use security holes in Internet Explorer to download and run the virus. Several viruses now use this tactic; never click a link in a message unless you were expecting it, even if it seems to come from someone you know. Remember that From: addresses are easy to fake, and links don't always go to where they claim to go.
This virus spreads by email, using the by now usual address spoofing and zipped attachment strategies. It is notable only because it tries to take advantage of the holiday season to trick recipients. It tries to guess the nationality of the recipient based on their email address and will send out its messages in the appropriate language. The English version has the subject line "Merry Christmas!" and includes the text "Happy Hollydays". If your email program is capable of displaying colors and images, the message body appears in holiday colors and includes a small animated graphic. Within the message body it is signed with the same name on the From: address. Attached is a zipped file with an innocent-looking name such as "postcard.index.gif5627.zip", which is actually the virus.
Remember, WOU University Computing Services will never send you a program by email and ask you to run it. If you see anything like this that looks like it is from us, even from one of us that you know personally, it is a trick. However, new virus variants have been appearing at a rapid rate, so don't trust the virus scanner completely. The antivirus program on your machine should stop you from opening a virus file even if the email scanner hasn't been updated to detect it yet, but there's still no substitute for common sense.
World-Wide Virus Information
University Computing Services 503-838-8154 | or e-mail: firstname.lastname@example.org