Internet providers fight off infection
Date: January 28, 2004
Source: Rapid City Journal
By Dan Daly
RAPID CITY - A flurry of e-mail messages, many with an innocent looking "Hi" in the subject line, turned out to be not so innocent. The e-mails harbored an electronic virus that clogged mailboxes and frustrated Internet users around the world.
In the Black Hills, however, local Internet service providers managed for the most part to keep the virus from worming its way into customers' mailboxes.
Such a worm — a computer program that propagates by getting inside your e-mail system and mailing copies of itself to everyone in your address book, then sending itself to everyone in their address books — can spread with amazing speed.
The virus, dubbed "Novarg" or "Mydoom," was a mass-mail virus that apparently started sometime Monday in the United States. By Tuesday morning, it seemed to be everywhere.
Internet security company Symantec Corp. described the Novarg virus on its Web site Tuesday as a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr or .zip. Symantec described it as a category 4, or severe, virus on a scale of 5 categories.
According to The Associated Press, it was the largest viruslike outbreak in months. Some corporate networks were clogged with infected traffic within hours of the worm's appearance, and operators of many systems voluntarily shut down their e-mail systems.
In addition to sending out tainted e-mail, the program appears to open a back door so hackers can take over the computer later.
Symantec said the worm appeared to contain a program that collects usernames and passwords and distributes them to strangers.
At Black Hills FiberCom in Rapid City, technicians started filtering the various versions of the e-mail about 6:30 p.m., according to Randy Foudray, Internet services manager.
"We had somebody here baby sitting it until 3 a.m.," he said, adding, "I let him sleep in this morning."
Foudray said only two FiberCom customers reported being infected by the virus. He said the system didn't slow down and that there was no apparent fallout. Which is good, he said, "because there were some nasty payloads in this one."
According to Symantec, the Novarg virus appears to create a back door in infected computers that could later allow hackers to enter your computer and use it as a proxy to gain access to networks.
At E-Net Information Services, a Rapid City ISP, the Novarg threat has been minimal, according to E-Net's Justin England. For one thing, E-Net does not have servers that run the Windows operating system. Novarg has been partial to Windows.
Also, he said E-Net has an effective virus filter that blocks offending e-mails before they get to customers' mailboxes. He said about 10,000 attempts to infiltrate E-Net accounts were blocked on Monday and Tuesday.
He said the company offers the service free to customers. "It's as much in our interest as it is the customers' to stop it, because it keeps our tech-support calls down. Viruses are one pain-in-the-butt thing to deal with," he said.
Teresa Enstad of RapidNet, a firm that handles about 50,000 e-mail accounts for 19 ISPs across South Dakota, including RapidNet, said the virus seemed to change its identity as it propagated. In one of its trickier versions, it appeared as a compressed zip file. People are more tempted to unzip such a file to see what's inside.
For a fee, RapidNet offers an e-mail virus scanner to its subscribers, Enstad said. It stops the viruses before they arrive at the server. She said that type of ISP-based filter can be quicker than Norton or McAfee anti-virus programs because they are updated more often as new virus strains are detected.
Midcontinent Communications posted a virus warning on its Web site on Tuesday morning. Company vice president Tom Simmons said Novarg didn't seem to be slowing the company's cable-Internet system as of Tuesday afternoon.
"I know our customer-service guys have been watching it very carefully," Simmons said. He said the staff had been calling customers whose computers had been infected to help them clean their computers.
"One of the good things in all this is that customers are a little bit smarter about opening up e-mails that look suspicious," he said.
^macro[showdigestcomments;^uri;Internet providers fight off infection]