INFORMATION SERVICES
January 2004
return
to Information Services
Announcements from the Bulletin, Today, Notification-L
01/30/04, Mydoom
The Mydoom worm/virus has been making headlines as it affects millions
of computers around the world. Macalester has fared pretty well against
it, though a couple dozen computers on campus are infected. Contact the
Help Desk at x6525 if you think you might be! All users are encouraged
to download and install the FREE Symantec Antivirus, at http://www.
macalester.edu/cit/safecomputing/. In the meantime, users will
continue to receive bogus e-mails from other infected machines and our
Internet "pipe" will continue to clog with thousands of messages from
infected computers world-wide. Senders may get messages kicked back
because of that but we know of no reason why messages would be lost.
[Bulletin]
01/30/04, FirstSearch Interlibrary Loan Change
Attention, members of the Macalester community who use
the ILL (Interlibrary Loan) link available in the library's FirstSearch
databases, e.g. Worldcat, Econlit, etc.! This link will become
unavailable starting February 2nd. Other methods to submit Interlibrary
Loan requests from FirstSearch databases will still be available such as
the SFX link and our web forms available from
http://www.macalester.edu/library/about/policies/interloan.html. If
you have any questions please contact Aaron Albertson (e-mail albertson@macalester.edu,
phone x6530) or the library reference desk (x6618). Thank you.
[Bulletin]
01/30/04, Help Our Switchboard!
If you are hosting an event that will be held on campus that would
involve outside guests, please notify Colleen Nelson, our switchboard
operator. Please call x6000 or e-mail nelsoncm@macalester.edu with:
what?, where?, when?, who?, & cost?. This would be a great help to
her, to your participants, and to you! [Bulletin]
01/28/04, Mydoom Virus Spreading
A growing number of Windows computers on campus (Macintosh computers are
not vulnerable to this virus) are being infected by the Mydoom virus.
All of the traffic generated by Mydoom is what is disrupting our
Internet connection. This is a very serious problem.
WHAT TO DO:
STEP (1)
You need to install the FREE Symantec Antivirus client. I recommend
uninstalling your current version before installing this one. Get it
here: http://www.macalester.edu/crash/software/restricted/pc/sav/8.
1/sav81.exe. Note: Restart your computer after the install, even if
it doesn't make you do so.
STEP (2)
You can get a FREE tool to scan and clean your computer here: http://www.macalester.edu/crash/software/pc/
antivirus_utilities/stinger.exe.
Computers discovered with the Mydoom virus are being unceremoniously
disconnected from the network. Don't let this happen to you! If your
network connection suddenly stops working, you'll need to call the Help
Desk, at x6525, to get reconnected.
STEP (3)
Be wary of attachments. Don't open any attachment with a .exe, .scr or
.pif extension. Other extensions may also be trouble, but these three
almost certainly indicate a virus. [Notification-L]
01/28/04, Internet Slowdowns & Incoming E-Mail Problems
As many of you have probably noticed, we have been having some Internet
connection/e-mail problems this afternoon. Our Internet connection has
been experiencing on and off slowdowns. In the meantime, our e-mail
server has not been properly processing incoming mail from off-campus.
These problems are due to complications of the Novarg virus which has
been bombarding servers world-wide over the last couple of days. [Ed.
note: see article from 1/27, below.] Our network staff is continuing to
work on the problems and will have them sorted out as soon as possible.
[Notification-L]
01/27/04, New Virus Makes Us All Collateral Damage
If your e-mail Inbox is anything like mine, you have a lot of strange
looking messages this morning. Subjects like "DELIVERY FAILURE: ..." or
"Delivery Status Notification..." are common. The messages state that
you sent an infected e-mail to the sender. But you probably have never
even heard of the sender! Go ahead and delete all of these messages.
To-do list for the impatient (Windows users only):
(1) Make sure you have Symantec Antivirus installed
with updated definitions. It is FREE for everyone at Mac and may be
downloaded here:
http://www.macalester.edu/cit/safecomputing/how_to_install.htm.
(2) Go to Start -> Programs -> Symantec Client Security
-> Symantec Antivirus Client. In the lower-right corner, you will see a
'Virus Definition File' date. It needs to be 1/26/2004 or later. If it
isn't, click the 'LiveUpdate' button to update your antivirus
definitions. If the 'LiveUpdate' button is grayed out, reinstall
Symantec Antivirus with step (1) above, then do this step again.
(3) Don't open strange attachments!
Read on to find out why you are collateral damage.
These messages are all generated by the latest e-mail virus going
around. Symantec calls it 'Novarg', and McAfee calls is 'MyDoom'. I
don't know where these guys get their naming scheme. Sophos has the
best info on it. See the Sophos link at the end of this e-mail.
An infected computer will send out messages, inserting random addresses
in the 'From' field. The 'random' addresses are picked out of the
infected computer's address book. If the address picked happens to be
yours, the message will appear to have come from you. That's why you're
getting the reply stating that you sent an infected e-mail.
So what does an infected computer do besides try to infect other
computers? The grand plan of the author of this virus is to create an
army of zombie computers to attack the Santa Cruz Operation's (SCO) Web
site. I am not making this up.
SCO is a company which has been ruffling a lot of feathers lately by
saying that anyone using Linux has to pay them, because Linux uses code
stolen from SCO. This is problematic because Linux is, and has always
been, FREE. SCO is suing IBM, Linus Torvalds (author of Linux), Novell
(SCO purchased its rights from Novell in 1995), and a bunch of others.
The opinion of most people not employed by SCO is that SCO's lawsuit is
a really asinine action. Not only is its validity in question, but the
timing is also: SCO waited until Linux was a multi-billion dollar industry
involving heavy-hitters such as Dell and IBM before asserting their alleged
rights.
Someone's expression of their disapproval was to write this 'MyDoom'
virus to attack SCO. All of the stress, bandwidth usage, wasted e-mail
space, wasted staff hours, and compromised systems are all just
collateral damage in this e-war between the author of MyDoom and SCO. I
would be happier without either of the combatants.
Sophos:
http://www.sophos.com/virusinfo/articles/mydoom.html.
Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html.
McAfee:
http://us.mcafee.com/virusInfo/default.asp?id=mydoom.
Read about the SCO/Linux mess here:
http://en.wikipedia.org/wiki/SCO_v._IBM_Linux_lawsuit and
http://www.opensource.org/sco-vs-ibm.html. [Notification-L]
01/21/04, Library Reception - January 27
It is a happy/sad time for the library: happy as we welcome Angi Faiks,
new team leader for collection management, and sad as we say farewell to
Dani Roach, who will leave Macalester at the end of the month. Please
join us from 3:30 to 5:00 PM Tuesday, January 27, in the Harmon Room at
DeWitt Wallace Library. [Bulletin]
01/16/04, Information Services Departments Closed Today
Staff from the Information Services departments (CIT, the DeWitt Wallace
Library and Media Services), will be attending our annual planning
retreat on Friday, January 16. The Library and Media Services will be
closed. The CIT Help Desk will be open normal hours for walk-in, phone
and e-mail service, and the College switchboard will be open at x6000.
(All Information Services will be completely closed in observance of
Martin Luther King Jr.'s birthday on Monday, January 19.) [Bulletin]
01/12/04, Blank E-Mails
On the afternoon of Saturday, January 10, the e-mail server experienced
a 'mail bombing' which rendered it unable to receive e-mail. A mail
bombing is when an e-mail system is attacked by being sent an
overwhelming amount of e-mail. As soon as we discovered the problem on
Saturday, we began taking steps to fix it.
But instead of autoresponding to senders that e-mail messages could not
be received, as normally happens, our e-mail server would "receive" the
message, but not deliver any content to the recipient. This is why
there are a lot of empty messages in many user's Inboxes this morning.
However, there also appear to be many extra blank messages that do not
correspond to real messages.
If you have blank messages in your mailbox, you should reply to the
sender, stating that you didn't receive the message, and that they
should re-send it.
Some users have received blank reports from the CARS system. These will
be automatically resent today.
We are contracting our mail server's support to find out why it
erroneously received messages without the body, instead of just
rejecting them as it should have. [Notification-L]
[return to Information Services ] [CIT homepage] [Library homepage] [Media Services homepage]