The Office of Technology Services (OTS) was notified early Monday of a computer virus, dubbed ?Sober? or ?Sophon? circulating the Internet. The virus, which affects Windows-based machines only, is spread via attachments to e-mails claiming to contain a patch from Microsoft.
At this time, all ?@towson.edu? e-mail addresses have been blocked from the virus, making the messages relatively harmless. However, other e-mail providers (e.g., Hotmail, Yahoo, Comcast) may not provide protection. Do not open the attachment and delete the e-mail.
Most messages are written in German or English. The subject lines read, ?Microsoft Alarm: Bitte Lessen!? or ?Microsoft Alert: Please Read!?
The English version of the e-mail?s body reads:
?New MyDoom Virus Variant Detected!
A new variant of the W32.Mydoom (W32.Novarg) worm spread rapidly through the Internet.
Anti-virus vendor Central Command claims that 1 in 45 e-mails contains the MyDoom virus.
The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 13468.
Protection:
Please download this digitally signed attachment.
This Update includes the functionality of previously released patches.
+++
+++ One Microsoft Way, Redmond, Washington 98052
+++ Restricted Rights at 48 CFR 52.227-19 com?
The attachment is usually either a .EXE or .ZIP file with varying names, such as ?sys-patch,? ?MS-UD,? ?MS-Security,? ?Patch,? ?Update,? or ?MS-Q.?
Off-campus users should install the latest McAfee AntiVirus update, available at {http://www.towson.edu/ots/faculty/downloads/virus.asp}, before logging into the campus network.
For more detailed information on the virus, go to {http://vil.nai.com/vil/content/v_101081.htm}.
If you have additional questions or think your computer may be infected, please contact the OTS Help Center, x4-5151 or {helpcenter@towson.edu}.
