• Latest Virus Alert
• Archived Virus Alerts 04/20/2004 - 08/30/2001
• Archived Virus Alerts prior to 08/30/2001
• Symantec AntiVirus Software
• Microsoft Security Alert

Updates Required Due to Daylight Savings Time (DST) Changes - between March 11 & April 1 as well as October 28 & November 4

For more information Click Here.

Microsoft Security Alert - August 17, 2006

The Department of Homeland security has released an advisory
recommending installation of the critical security patches contained in
the recently released Microsoft Security Bulletin MS06-040.

Most computers on campus that are running Windows XP are configured to automatically download patches from the Windows Update service as they become available.

ITS recommends that all computers be configured to receive and install
automatic updates and that these updates be applied immediately.

To help mitigate the impact of this issue firewall changes have been
made to the campus network.

For more information go to:

http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx

http://www.dhs.gov/interweb/assetlibrary/Advisory_MS_RPCSS_091003.PDF

If you have any questions concerning the bulletin, you may contact the
ITS Help Desk at 662-325-0631.

Email VirusAlert - September 23, 2005

A mass email worm has cropped up today and is rapidly spreading around
campus.

The virus tries to get users to visit an account verification website
and implies it is from an official source.

It concludes: "Sincerely,[Domain Name] Security Department"

Please ignore and delete any such email you receive.

For Further information: http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jn@mm.html

Virus/Fraud Alert - September 2, 2005

Virus/Fraud Alert

Over the recent days several variants of virus infected email attempting to exploit the Hurricane Katrina disaster have been appearing on the MSU campus. These phoney emails are meant to spread viruses or commit fraud.

Officials strongly recommend that users reference the Federal Emergency Management Agency (FEMA) web site for a list of legitimate charities to donate to their charity of choice.

http://www.fema.gov

The National Cyber Security Alliance advisory about online scams and viruses in the wake of the tragedy is available at:

http://www.staysafeonline.info/

One campaign tries to trick innocent computer users into visiting a bogus
website which tries to infect their PCs with malware.

The email pretends to be a breaking news report.

Subject lines used in the malicious emails include, but are not limited to, the following:

Re: g8 Tropical storm flooded New Orleans.
Re: g7 80 percent of our city underwater.
Re: q1 Katrina killed as many as 80 people.

For further info:

http://www.sophos.com/virusinfo/articles/katrina.html

New Worm - Variant of the W32.Mytob worm called
W32.Mytob.EG@mm - June 13, 2005

Over the last few days several variants of the W32.Mytob worm has been
appearing on campus. These are mass-mailing worms with insidious social
engineering characteristics which are designed to get individuals to
open attachments containing the actual infections. All of them have
similar characteristics but the latest one is called W32.Mytob.EG@mm
which opens an IRC back door and lowers security settings on the
compromised computer. ITS is taking appropriate actions to mitigate the spread of the worm as well as the others. Until virus definition files are updated, the best thing to do is delete any emails of this type received and
regularly check for new virus definitions. For more information go to the URL http://www.symantec.com/avcenter/venc/data/w32.mytob.eg@mm.html.
You can also get information on the other variants of this rather
insidious worm.

In general the email characteristics of these worms are:

Uses its own SMTP engine to send itself to the email addresses that it
finds. The email has the following characteristics:

From:
One of the following

admin administrator info mail register service support webmaster

Note: The worm may also spoof a From address from one of the addresses
found on the compromised computer.

Subject:
One of the following:

*DETECTED* Online Rser Violation Email Account Suspension Important
Notification Members Support Notice of account limitation Security
measures Warning Message: Your services near to be closed. You have
successfully updated your password Your Account is Suspended Your
Account is Suspended For Security Reasons Your new account password is
approved Your password has been successfully updated Your password has
been updated [random characters]

Message:
One of the following:

Dear user [username part of email],
You have successfully updated the password of your [domain part of
email] account.
If you did not authorize this change or if you need assistance with
your account, please contact [domain part of email] customer service at:
[spoofed email with same domain]
Thank you for using [domain part of email]!
The [domain part of email] Support Team
+++ Attachment: No Virus (Clean)
+++ [domain part of email] Antivirus - www.[domain part of email]

Dear user [username part of email],
It has come to our attention that your [domain part of email] User
Profile ( x ) records are out of date. For further details see the
attached document.
Thank you for using [domain part of email]!
The [domain part of email] Support Team
+++ Attachment: No Virus (Clean)
+++ [domain part of email] Antivirus - www.[domain part of email]

Dear [domain part of email] Member,
We have temporarily suspended your email account [email].
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of
address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of
subscription due to an internal error within our processors.
See the details to reactivate your [domain part of email] account.
Sincerely,The [domain part of email] Support Team
+++ Attachment: No Virus (Clean)
+++ [domain part of email] Antivirus - www.[domain part of email]

Dear [domain part of email] Member,
Your e-mail account was used to send a huge amount of unsolicited spam
messages during the recent week. If you could please take 5-10 minutes
out of your online experience and confirm the attached document so you
will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to
cancel your membership.
Virtually yours,
The [domain part of email] Support Team
+++ Attachment: No Virus found
+++ [domain part of email] Antivirus - www.[domain part of email]

Attachment:
One of the following:

accepted-password account-details account-info account-password
account-repotr approved-password document email-details email-password
important-details new-password password readme updated-password [random
name]

with one of the following as extension:

pif .scr .exe .bat .cmd

Note: The worm may also send a zip copy of itself. The zipped file will
have .doc, .htm, or .txt as the first extension name and .exe, .pif, or
scr as the second extension name.

New variant of the Beagle - W32.Beagle.AG@mm - July 20, 2004
Email characteristics are:

From: <spoofed>
Subject: Re_
Body:
If the attachment is a .zip file, then the body will contain one of the following messages:

foto3 and MP3
fotogalary and Music
fotoinfo
Lovely animals
Animals
Predators
The snake
Screen and Music

Attachment: (One of the following)
Cat
Cool_MP3
Dog
Doll
Fish
Garry
MP3
Music_MP3
New_MP3_Player

Attachment extension: (One of the following)
.exe
.scr
.com
.cpl
.zip

If you should receive one of these emails, please delete it. Do NOT
open the attachment.

The worm uses its own SMTP engine to send itself to the email addresses
that it finds. ITS is taking appropriate actions to mitigate
the spread of the worm. Until virus definition files are updated, the
best thing to do is delete any emails of this type received and
regularly check for new virus definitions. For more information go to
http://www.symantec.com/avcenter/venc/data/w32.beagle.ag@mm.html.