New WebShield Fishes for Incoming Web Worms

Posted: July 12, 2002 at 1:00 am, Last Updated: November 30, -0001 at 12:00 am

By Fran Rensbarger

The Information Technology Unit (ITU) recently installed hardware and software, known as WebShield, that scans all incoming e-mail messages for hidden viruses, worms, and Trojan Horses–all types of infectious and usually harmful computer messages. When a virus or other harmful element is found, the message is rejected and the sender is notified.

“As a result, we now know that in a typical day more than 1,000 messages arrive on our campuses carrying hidden viruses,” says Joy Hughes, vice president of information technology and chief information officer. She says the vast majority of these viruses are a variation of the Klez worm, which can wipe out your hard drive and any mapped network drives.

In most cases, a person who has the Klez virus on their computer may not know it, says Tracy Holt, manager of enterprise messaging in ITU. “The Klez searches for the address book and propagates itself from there. It also attaches itself to legitimate messages.” Some versions of Klez are e-mails that have a blank message, catchy rhyming lines, or a subject line such as “long time no see.” The virus is buried in the attachment.

While university computers have anti-virus software, this desktop software prevents infection if the infected attachment is opened, but is not able to keep the message with the virus out of the inbox, says Holt. WebShield screens out the virus before it gets to the inbox. But WebShield can’t screen out messages sent within the George Mason network–yet.

Another benefit of WebShield is that it lists the source address, so the university may be able to trace the source of viruses. “Most likely sources are unsuspecting people who open an attachment, either on purpose or using software that automatically opens attachments, or who don’t adequately screen for viruses at home,” says Holt. “The problem is home systems not running anti-virus software or not keeping virus definitions up to date.”

Most software can be configured to automatically look for new virus definitions on a regular basis. The university has a site license for Norton Anti-Virus, which is available to faculty and staff both on the ITU web site and for a nominal fee from the Patriot Computer Store. Faculty and staff should also double check that they are running Norton Anti-Virus and that it is set to update regularly. If you find a new virus, forward it to

Write to at