New virus uses official NU e-mail address to trick students

March 2, 2004

Another computer virus hit Northwestern inboxes particularly hard starting Tuesday — this time with a sadistic twist. The virus’ sender was none other than an NU administration e-mail address.

Wendy Woodward, director of technology support services for Northwestern University Information Technology, said the virus — a variation of the infamous Beagle virus that spread in late January — adds unique characteristics to a now-familiar aggravation.

“By using the official Northwestern URL, these people are lending credibility to their tactics,” Woodward said. “I hadn’t seen that before.”

Other new gimmicks include the addition of unique numeric passwords and the “wording of e-mail, (which) is designed to scare you into action,” Woodward said.

E-mails containing the virus varied in exact wording, but all claimed to be from “the management of Northwestern.edu mailing system.” Most messages warned students that the mail server would be “temporary unavailable (sic) for the next two days” and claimed the attached .zip file was a “free auto-forwarding service.”

Students need to realize the university administration would never send out an attachment via bulkmail, Woodward said. All messages are included in the body of the text or as links.

Another version of the virus e-mail cautioned against an infection by “a proxy-relay trojan server.” The e-mail recommends downloading the anonymous file to “keep your computer safe.”

Bryan Macrie, a former Residential Networking Consultant, said this virus represents the future of computer corruption.

“These guys are going to get more complex,” the McCormick senior said. “It’s going to this complexity and deviousness. This definitely is going to be a problem for the long run.”

NUIT sent an e-mail to all students at about midnight today to notify possible receivers of the virus.

Woodward said in spite of the mass e-mail, it is impossible for IT to warn students every time a virus circulates campus.

“People need to be aware this is how the tricksters operate,” she said. “If you keep your virus protection up to date, you have the resources to check validity.”

John Hanauer said he received the virus but did not open the file.

“I knew it was fake, even thought it was persuasively written,” the McCormick freshman said.

If you have any questions about viruses, call NUIT at 847-491-HELP.