Another barrage of infected e-mails made its way into Northwestern’s network over the past several days, clogging student and faculty inboxes with confusing e-mails containing the “Novarg” worm.
Northwestern University Information Technology sealed off Internet ports across campus after Web users downloaded the worm, said Wendy Woodward, director of NUIT Technology Support Services.
She said Novarg has been more problematic than some previous worms.
“I myself was almost spoofed,” Woodward said.
The worm has been causing problems around the globe — clogging networks and personal inboxes alike. NUIT on Monday was catching 5,000 infected e-mails per hour, a rate higher than in past cases, Woodward said.
More than 100 NU computers have been infected, she said.
Still, the worm is not particularly dangerous, she said. Students can remove it by downloading Symantec’s virus remover program linked to HereAndNow.
Music sophomore Dave Ernst said at least 10 e-mails containing Novarg had made their way into his inbox as of Tuesday. Other students said they encountered a similar number of worm-infected e-mails.
“It was just gibberish, so I just deleted it automatically,” said Juanita Flores, a Weinberg junior. “Then I ran virus scan and that took care of the rest.”
Although Flores said she was not too concerned with the worm, she said others reacted differently.
“It’s kind of funny,” she said. “I’ve gotten e-mails from my (teaching assistants), my profs, who said they aren’t opening our e-mails because they’re scared.”
Novarg is the second mass-mailing worm to work its way into inboxes in less than two weeks. Unlike the “Bagle” worm that zoomed across networks early last week, Novarg often hides its payload behind an e-mail of random text, tricking users into thinking it’s safe.
“There are many people who saw this message and thought it was legit,” Woodward said.
This could be part of the reason why Novarg has been more problematic than worms in the past, Woodward said. She added that residential networking consultants, busy with midterms, have had a tougher time responding to the worm.
If installed Novarg tries to open a back door to hackers in the same way other worms do. Hackers often use the back door to convert an infected computer into a weapon for sending spam.
Woodward said NUIT was bringing the worm under control late Tuesday. Many students whose computers contracted the worm were warned by NUIT to remove the virus. Those who didn’t remove Novarg had their Internet access cut off.
“If we see that they are actively spewing spam or mass mail,” Woodward said, “then we will have to turn them off.”
How to debug your computer:
1. Download the FxNovarg.exe file online at securityresponse.symantec.com/avcenter/FxNovarg.exe.
2. Save the file to desktop and close all running programs.
3. Disconnect computer from the network and the Internet. If running Windows Me or XP, disable System Restore.
4. Double click the FxNovarg.exe file. Click start and allow the tool to run.
5. Restart computer.
6. Run tool again to be certain. If necessary re-enable System Restore.
7. Run Symantec LiveUpdate to update virus definitions.
