UC Berkeley News
Today's news & events
News by email
For the news media
Calendar of events
Top stories
Untitled Document
Web Feature

UC Berkeley Web Feature

New e-mail threat invades campus in-boxes

– A new worm or virus disguised as return-to-sender e-mail is making the rounds on campus, clogging in-boxes and putting system administrators on alert as they try to thwart it.

The suspect file is using the campus mailing list engine, according to Ann Dobson, computer operations manager for Central Computing Services. "It's creating a bogus 'From' address so it looks like returned mail from someone you know," Dobson said.

The virus or worm is contained in an attachment accompanying the bogus mail, which often carries a subject line similar to "Delivery Failure Notice." The attachment frequently appears to be a website address, ending with a ".com" suffix.

"The most important thing for everyone is DO NOT click on this attachment," Dobson warned. Instead, users receiving suspicious e-mails should simply delete the mail without attempting to open the attachment. Those who receive large numbers of dubious e-mail attachments might also be wise to alert their local network administrator.

Because the worm is traveling as routine e-mail, both PC and Mac users are potentially at risk, Dobson said. Systems administrators do not yet know what kind of damage the virus may cause to those who inadvertently open the attachment, beyond replicating itself and spreading to still more e-mail recipients.

CalMail and Socrates e-mail teams are scrambling to deflect the latest threat, in part by blocking potentially dangerous e-mails. (Such temporary measures may also inadvertently block some legitimate e-mail messages, Dobson noted; if you do not receive an expected message and attachment, check again with the sender.)

However, hundreds or thousands of copies of the virus are already in the mail system, lurking in in-boxes to snare unwary users. Basic safe computing practices – never click on an unexpected link or attachment, simply delete dubious messages – should sidestep the problem. Dobson, in fact, recommended playing it even safer by not opening ANY attachments, even expected or innocuous ones, in times of extreme virus activity.

Campus administrators also are awaiting an update to the antivirus software programs that run on campus mail servers, "but as usual, the worm generators are one step ahead of the antivirus creators," Dobson lamented. She advised that individual users also make sure they have installed the latest virus definitions on their client workstations.