Go To:   Previous Critical Virus Alerts

---

---

There is a new computer virus spreading rapidly through the Internet, called "W32/Bagle.J". It is being passed around through Email and depends on you opening the attached zip file with an attached password. Therefore, DO NOT open the attachment. Please delete the email message.

If you DO NOT OPEN THE ATTACHED FILE, you will not get the virus.

As of last night, The University's Email server has been updated to prohibit the sending of password-protected ZIP archives (while continuing to allow ZIP archives without passwords) to protect the University against this virus.

Following are two important points you should know:

1. NEVER send or open password-protected ZIP files, and
2. Any messages containing such files will be deleted by the mail servers.

Item 1 is particularly important to users that may have received the virus earlier yesterday (before updates were made to the server to protect against this virus) but did not yet open the attachment.

Following are signs that you have received the Email message with the virus:

1. The message-bodies are constructed with several parts, to effectively customize the email, to make it appear to be a legitimate warning notification. The details are as follows:
2. From : (address is spoofed/forged)
   Subject : E-mail account security warning, Notify about using the e-mail account, Warning about your e-mail account, Important notify about your e-mail account, Email account utilization warning, Notify about your e-mail account utilization, E-mail account disabling warning.
3. Greeting - Dear user of (user's domain) , Dear user of (user's domain) gateway e-mail server, Dear user of e-mail server "(user's domain) ", Hello user of (user's domain) e-mail server, Dear user of "(user's domain) " mailing system, Dear user, the management of (user's domain) mailing system wants to let you know that, (Where the user's domain is chosen from the To: address. For example the user's domain for user@mail.com would be "mail.com")
4. Main message body
   -Your e-mail account has been temporary disabled because of unauthorized access.
   -Our main mailing server will be temporary unavailable for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
   -Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.
   -We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
   -Our antivirus software has detected a large amount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.
5. Password information - (if received as a ZIP file)
   -For security reasons attached file is password protected.
    The password is "(five random numbers) ".
   -For security purposes the attached file is password protected.
    Password is "(five random numbers) ".
   -Attached file protected with the password for security reasons.
    Password is (five random numbers)
   -In order to read the attach you have to use the following password: (five random numbers)

---

You should be aware of the virus and the above clues in the event the attachment manages to get through or if you are using Outlook to receive Email from a server off campus. Laptop users should be particularly careful.

You are protected from this virus if you are running McAfee DAT file #4332 or greater. To check your DAT file version, right-click the Virus Shield in the System Tray and select "About ViruScan Enterprise..." from the shortcut menu. To update McAfee, right-click the Virus Shield icon and select "Update now..."

If you feel that you may have received the virus and need assistance to remove the virus, please call HELP at x4357.


For more information on this and other VIRUS ALERTS visit the McAfee website.
Be sure to review Recent Virus Threats and common Hoaxes - from McAfee.