The University e-mail system has been flooded with thousands of e-mails, and at least 35 computers have been infected with a “worm” — a program that copies itself from computer to computer — as the result of a contest among the creators of three of the invasive programs, Yale Information Security Officer Morrow Long said Tuesday.
The programmers behind the variations of the three worms, “Mydoom,” “Beagle” and “Netsky,” were engaged in a competition against one another that began in the middle of February, Long said. He said the virus-laden e-mails are probably arriving in such large numbers at Yale now because students are returning from spring break.
“I think a lot it has to do with students who are out of e-mail or out of touch and are just now reading their e-mails,” Long said.
Long said students may have also stopped updating their anti-virus software over the break, leaving them vulnerable to the worm.
Most of the infected e-mails that arrived at students’ mailboxes Monday contained the “Netsky.P” worm and were variations of the same basic type. Readers are told that a message was undeliverable and then told to click on a link to display the message. The worm infects users’ computers when they click on the link and begin downloading the attached file, Long said.
“It looks like it’s pointing to another message in your inbox,” Long said.
He said students can also spread the worm to their computers even without clicking on the link if they use an older version of the e-mail program Microsoft Outlook.
The virus scans infected computers’ hard drives to find e-mail addresses and then sends itself to those addresses with a spoofed “from” line, according to the Symantec Web site.
Student Computing determines which computers are infected by examining the e-mails that are sent out, University Student Computing manager Loriann Higashi said. She said Student Computing has been trying to contact affected students to either give them instructions on how to remove the virus or send a computing assistant to help them. Student Computing has also posted removal instructions on its Web site.
Higashi said about 75 people had e-mailed or called to ask about the worm as of Tuesday afternoon.
Long said one major difference between this round of attacks and previous ones is that the previous e-mails had arrived from outside of the University network. The e-mails that recently began showing up in students’ inboxes were sent from inside the network by infected students’ machines.
“Each one can send out an awful lot of mail,” Long said.
Information Technology Services has taken two steps to try to reduce the spread of the worm, Long said. He said ITS sent an e-mail to all students warning them about the worm and is also now blocking all e-mail messages with the subject line ” Mail Delivery (Failure.” Such a step is one the University takes seriously, Long said.
“We don’t normally like to do that because there’s a chance of deleting something useful,” Long said.
Aaron Zelinsky ’06 said he realized his computer was infected early today when he was told e-mails had been sent from his address. Zelinsky said he downloaded the new version of Norton Antivirus, which quarantined the infected files.
“Hopefully that’s stopping it from sending out more e-mails,” Zelinsky said.