ITS has requested that the UNMC campus be alerted to a new and highly contagious e-mail worm. This worm has the ability to spoof, or forge, the “From:” field in e-mail messages particularly those who use Outlook and Outlook Express.
Additionally, the virus can use a fabricated from address, by taking the name before the “@” sign of one address, and the domain name after the “@” sign of another address. (ie. name1@domain1.com + name2@domain2.com = name1@domain2.com) Once infected, the virus spreads by e-mailing itself to addresses found on the local system.
You can recognize the virus by several subject and attachment names such as: SCAM alert, My eBay ads, hmm, Hi, Hello, Announcement, Bad News, Call for Information, Click on This!, Daily Email Reminder, etc. It is also common for the attachment name to contain a double-extension (ie. .doc.pif). This worm looks to make use of vulnerabilities in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2).
ITS suggests anyone receiving suspicious e-mail messages or e-mail from someone they do not recognize, simply delete the message without opening the message or any attachments. Also, ITS recommends updating to the very latest definition files (currently 4.0.6226). According to Network Associates, Inc, the latest definition file will catch and disinfect this virus.
ITS also would like to notify the UNMC campus that there have been several appearances of the “KLEZ” virus on campus. If your virus definition files are up to date, this virus also will be disinfected. If anyone has any questions about this or any virus, call the UNMC ITS Customer Support Services Helpdesk at 559-7700.