Advertisement

Virus Mimics Harvard Server

A new virus that send messages under the guise of the Harvard e-mail server spread through computers across campus yesterday, forcing the temporary removal of about 56 people from the University’s network.

“I don’t think we’ve ever seen the kind of intensity in virus proliferation as we’re now seeing,” said Todd van Stolk-Riley ’06, a user assistant (UA) at Harvard Law School.

Kevin S. Davis ’98, the director of residential computing, said that 70 percent of the Faculty of Arts and Sciences’ Computer Services help desk work yesterday was related to the virus, which is called Bagle.J.

Davis said last night that system administrators put a block on all incoming e-mail with the Bagle.J signature and that students should begin seeing a decrease in the amount of virus-infected e-mails they are receiving.

Although the MyDoom and SkyNet Internet viruses have been spreading through University e-mail accounts like wildfire for weeks, the new virus, Bagle.J, sends what appear to be legitimate notes from system administrators at a Harvard.edu account.

Advertisement

Yesterday, the virus also began to appear to come from the Office of Career Services summer employment list-serve.

“This virus really isn’t new,” said Imran M. Saleh ’07, a UA. “It’s just another variant of the viruses we’ve been seeing.”

Davis said the virus is spreading so rapidly because “it’s smart enough to be able to customize itself for sites.”

“It tries to make it look customized for its site,” Davis said.

Van Stolk-Riley thought that Harvard was particularly vulnerable to Bagle.J because students’ computers are directly connected to the Internet via University servers.

Students have had a hard time distinguishing between malignant and benign e-mails, and many download the virus thinking it to be a safe attachment from the Harvard administration.

“I just got back from rehearsal [two nights ago] and downloaded it. I didn’t know what to except,” said Joseph N. Fasano ’04-’05. “Apparently everyone else figured out it was a virus. I don’t know what I was thinking.”

“I am apparently that stupid guy,” Fasano joked.

“These viruses do masquerade,” said Davis. “They do pretend to be people you know.”

Once a student downloads the virus, Davis said, a computer could send thousands of e-mails without the student’s knowledge.

After the e-mails are sent, it’s only a matter of time before someone new downloads the attachment and further spreads the virus, van Stolk-Riley said.

In an attempt to destroy the virus at its source, a students who reports having an infected computer is immediately removed from Harvard’s network.

“They lose network access until they file a reactivation request and update their software,” said Saleh. “Then you’re allowed back on the network if you’re virus free.”

Saleh said that of the 56 people removed yesterday, most were first-years.

But not only comparatively new students were caught off guard when they received these e-mails over the past few days.

Some of the most computer-savvy members of the Harvard community were initially fooled by this new variant, Davis said.

“This is making the folks who know what they’re doing pause and say, ‘Wait, is this real?’” said Davis.

Others instantly assumed that these e-mails were problematic.

“I immediately realized that it was a virus,” said van Stolk-Riley. “There is no Harvard.edu team. There is no policy where any of these people would have sent out an e-mail about this, so I was certain that this wasn’t anything from them.”

In addition to removing infected accounts from the network, Computer Services also posted a warning on its website and notified UAs via House e-mail lists.

Van Stolk-Riley said that while the UAs are making every attempt to prevent the virus from spreading, the nature of Bagle.J makes this task incredibly difficult.

“They are being sent from users outside and inside the network,” said van Stolk-Riley.

Harvard’s policy of not monitoring students’ e-mail also makes catching viruses difficult, although van Stolk-Riley said he thought that privacy was for the best.

Despite how easy it is to be infected, once a student has downloaded the virus, it is relatively easy to fix the problem.

“All you have to do is run Stinger, a McAfee virus program,” said Saleh.

But most students still schedule appointments with UAs when they realize their predicament, according to Saleh.

As a result, calls, requests and e-mails from students who mistakenly downloaded the virus continue to flood Computer Services and keep UAs busy.

Yesterday, Saleh came to the aid of two people who had downloaded the virus.

“You get to a point where it becomes aggravating, and then it becomes exhausting,” said Davis. “On a day like this, [fighting the virus] basically absorbs everything.”

Davis said that students should download attachments with caution, even when they appear to be from a safe source like FAS Computer Services.

“As a general rule, we will not send around attached files,” said Davis. “Currently, we don’t have any mechanism for doing an all-campus e-mail broadcast announcement.”

—Staff writer Claire G. Friedman can be reached at cfriedm@fas.harvard.edu.

Advertisement