Worm slithers into Columbia PCs

Wednesday, January 28, 2004 | 12:00 a.m. CST; updated 3:26 a.m. CDT, Monday, July 7, 2008

The Novarg computer e-mail virus that started Monday has slithered its way into Columbia.

In an e-mail inbox this worm appears as an attachment to a message with familiar words such as “hi,” “test” and “status” in the subject box. A worm is a virus that replicates itself among networked computers by sending infected e-mails.

Once opened, the worm spreads through networks by automatic e-mail distribution. Using “spoofed” e-mail addresses (those already in a personal computer’s address book), Novarg disguises itself in e-mails that appear to be sent from known addresses. It can further infect PCs running numerous Microsoft operating systems by opening portals to specific information, making passwords and personal files publicly available.

“This particular worm hit my mailbox five times just this morning,” said Steve Donofrio, help-desk attendant for the nonprofit Columbia Online Information Network. Fortunately for Donofrio, his anti-virus software was able to remove the worm, also called “MyDoom,” and he did not experience any problems.

Although Donofrio said he is not worried about COIN at the network level, he said the long-term damages are not yet known.

“This is very prolific for having been found yesterday,” he said.

Columbia Computer Center, which sells computers and offers technical support, saw Novarg wriggle its way into several customer’s computers as of Tuesday morning.

“It goes through in a detrimental way. I just started getting machines in this morning,” said Sam Napier, who has been a technician for 12 years.

Napier said Novarg’s threat does not end with e-mail but extends to domains, which are groups of related Web pages.

“It avoids accounts that IT (information-technology) people would be monitoring,” Napier said. “It plays on the lack of knowledge from the average computer user.”

For MU, Novarg caused just over 10 calls Tuesday morning and afternoon.

Todd Krupa, communications officer for Information and Access Technology Services at MU, said this worm is less damaging than last year’s Blaster worm because at that time some new students had anti-virus software that was outdated or ineffective.

Krupa said about Novarg: “We are in pretty good shape as far as blocking (it) from the mail server.”

On Sunday, Novarg is programmed to launch another attack, a denial of service. Napier said this part of the worm means that any infected machine will automatically go to a designated Web site, simultaneously opening as many connections as possible.

“It’s kind of like having the Special Forces go after one person, and they know where they are,” Napier said.

The Web site programmed for the denial of service belongs to the SCO Group, a small software company in Utah that claims to have copyrights on Linux computer codes. SCO Group is suing IBM for making Linux codes publicly available.

A denial of service overloads not only that Web site but also potentially the Internet service provider that individual PCs use.

Krupa said the denial of service will not harm PCs beyond the annoyance of mass e-mails and busy servers.

Novarg serves as a reminder to PC users to keep anti-virus and operating system software up-to-date and practice smart computing.

While some anti-virus software updates automatically, Krupa said the best defense is manually getting updates before doing anything on your computer.

Although Novarg is programmed to stop spreading by Feb. 12, Napier said the threat isn’t over: “That is the date written into the code to stop propagating. But mutations will occur into different versions.”

Like what you see here? Become a member.

Show Me the Errors (What's this?)

Report corrections or additions here. Leave comments below here.

You must be logged in to participate in the Show Me the Errors contest.


Leave a comment

Speak up and join the conversation! Make sure to follow the guidelines outlined below and register with our site. You must be logged in to comment. (Our full comment policy is here.)

  • Don't use obscene, profane or vulgar language.
  • Don't use language that makes personal attacks on fellow commenters or discriminates based on race, religion, gender or ethnicity.
  • Use your real first and last name when registering on the website. It will be published with every comment. (Read why we ask for that here.)
  • Don’t solicit or promote businesses.

We are not able to monitor every comment that comes through. If you see something objectionable, please click the "Report comment" link.

You must be logged in to comment.

Forget your password?

Don't have an account? Register here.