Last week, students and staff got a surprise in their e-mail . .
. several surprises, in fact. A beagle virus attacked Saint Louis
University’s e-mail system on the evening of March 17.
“There are specific machines that have been infected, and our
staff has worked with the students to remove the virus from the
machine,” said Austin Winkleman, information security officer at
SLU’s Information Technology Services.
“If your system got infected, the virus will do two things,”
Winkleman said. “As a rule, viruses try to replicate, and this
virus is not at all different. It looks for an address book and
sends a message to those addresses. It will use some of these
addresses and misrepresent the sending address, making it look like
it comes from someone else.”
But the threat of the virus doesn’t stop there. “The second
thing it does is open a backdoor on the system, which means that in
the future, the person who wrote the virus can access your system.
It’s like a hook, and it can re-access your system.”
When students opened the e-mails that the virus sent, it seemed
that nothing was immediately happening to their computers. The
e-mail was blank and did not include text or attachments.
“In the virus,” Winkleman said, “it has the HTTP and the URL
address and a port number. The address will bring you to a
particular server … We blocked port 81 because the virus will try
and get this port.”
“It may start running on a computer, but the computer’s
antivirus might catch it,” Winkleman said. “We also blocked the
virus’ ability to access its main server, therefore blocking the
download of the malicious software.”
In other words, the virus’ support line has been cut off,
preventing it from further damaging student’s computers. ITS staff
discovered the virus on March 18.
“In the morning, we had several staff looking at the virus and
working to contain the damage and limit the effectiveness and
eliminate disruption,” Winkleman said.
“One of the ways viruses tend to appear is as an executable
attachment,” Winkleman said. “We are blocking those but not zip
files because people need to use them. If you get a zip file that
you are not expecting, don’t open it because it can be disguised as
an executable attachment.”
“We have a virus filter that all the e-mail goes to, and that
has been in place for a year and a half. We have been updating that
to keep away the viruses before you see them.”
If students are having problems with their computer due to this
virus, they are encouraged to contact ITS for help.
“We are doing more active scanning to look for infected systems.
Even though a system might not be sending a message, it may have a
backdoor port. And we will notify them of their vulnerability and
work with the system owner,” Winkleman said.
ITS has a Web page which can be accessed through the SLU Web
site, which holds information about past and current viruses in
SLU’s system.
“We are working on a web page of virus alerts. On the ITS Web
page, there is a link called virus information from Symantec,”
Winkleman said.
“ITS’s goal was to terminate a virus quickly by getting the word
out. It helps (for students) to go to an authoritative source.”
Winkleman strongly encourages that students keep their antivirus
current.
“If students have antiviruses,” Winkleman said, “they should
check the update frequently, at least once a day, because some of
these viruses spread very quickly. If you only check it once a week
you are very vulnerable. You have to have a profile of that virus
in your anti-virus in order to block it.”