Joy Hughes Addresses New Virus Affecting George Mason Computers

Posted: August 21, 2003 at 1:00 am, Last Updated: November 30, -0001 at 12:00 am

Editor’s note: A virus known as “sobig.f” has infected many computers at George Mason. Joy Hughes, vice president for information technology, answers some of the most popular questions about the virus.

What does this virus do?

It spreads itself by looking for a Microsoft Outlook email address book. If such an address book is found on your machine, the virus composes a message to people in your address book in which it usually imbeds a copy of the virus.

The virus also “spoofs” addresses from your address book. This means that in the “from” line of the messages will be the address of one of the people in your address book. People who receive the message then send replies to the person they think sent them the message. The person whose address was spoofed doesn’t understand why he or she is getting these replies. Another outcome of spoofing is that the forged message often contains a virus, so it will be rejected by the university’s virus shield on the e-mail server. When the infected message gets rejected, a message is sent to the supposed author, who once again is confused since he never sent the virus infected message in the first place. His or her address was stolen from your address book and then spoofed.

How did this virus get into the university in the first place given that we have a virus shield on the university’s email server?

A few of the infections were due to the fact that the virus was released early on Tuesday, Aug. 19, and there was a short time lag of a few hours before the vendor of the virus shield became aware of the virus and was able to develop and distribute an update. Between noon and 5 p.m. on Aug 19, the virus shield on the university email server had successfully stopped in excess of 10,000 copies of this virus from entering the university. For the most part, however, machines got infected because their email does not go through the university’s email server. A few academic units have chosen to handle email in a different way. This makes them vulnerable to a virus like this one.

How can you protect yourself from a virus like this one?

Be very wary of opening attachments that you were not expecting and update your anti-virus software every day.

How can you fix your computer if it is infected?

TrendMicro has a publicly available “system cleaner” that people can use to rid their systems of viruses like this one. The utility can be found by clicking here.

Write to at