• Home
• Vision, Mission and Values
• I&IT News
• Departments
• Organization
• Policies
• Learning Centeredness
• Forms
• Staff Information
• Our Team
  • Division directory
  • From the VP

 

Special Edition: German spam-virus

Many email users on campus have recently received SPAM messages in both English and German that direct the recipients to websites containing propaganda from German nationalistic groups. This spam is unusual because it is generated by a computer worm, or "email virus"   The release of this worm coincides with the 60th anniversary of the end of World War II.  This worm has been identified as a variant of the Sober virus first seen in October of 2003.  This new worm has been labeled the Sober.q or W32/Sober.q@MM.   The Sober.q uses its own SMTP engine to send spammed messages to email addresses found on the infected system. The hardest hit of the campus community seems to be users that receive mail from group email accounts that do not allow Spam Assassin rules to be adjusted.  Some users have received several hundred propaganda spam messages within a matter of hours. 

Some machines may be infected with the virus. Of the machines that we have had the opportunity to evaluate, it seems that the local virus protection and firewalls were turned off some time ago.  Upon investigation, we have found that machines that are infected with the Sober.p virus, released at the beginning of this month disable virus and firewall protections allowing the machines to become vulnerable to the Sober.q worm released this past weekend. The sober.p virus travels as an attachment in e-mails written in English and German. One of the most widely reported e-mails contains a message stating that the recipient has won free tickets to the 2006 World Cup in Germany. Once opened, the virus sends itself to e-mail addresses harvested from the infected machine.

The virus writers appear to have a form of remote control over Sober.p infected machines which gives them access to launch future spam and denial of service attacks.  The new Sober.q release takes advantage of this feature.  Other viruses may follow if infected machines are not cleaned. An obvious sign that your machine is possibly infected is the fact that your virus or firewall software has been inactivated or disabled without your knowledge.  Some users are receiving propaganda spam which may indicate that you are just a recipient of an infected email from an infected computer where your email address was captured. 

All users should immediately check to see if your virus software is active, up to date, and scanning daily for viruses. The latest virus definitions released from McAfee will be able to detect if your system is infected and clean it for you.  

Additional spam detection software can be downloaded to your system to add an extra layer of protection if the amount of spam you are receiving is bothersome.  Information about spam and spam detection options can be found on Cal Poly Pomona’s E-Help page. http://www.csupomona.edu/~ehelp/spam/index.html

If you feel your machine is infected please follow one of these options depending on your current level of technical knowledge or availability of technical support.

• Activate and update your virus settings.  Then run a complete virus scan on your computer.
• Clean your machine yourself using McAfee Stinger (see information below if you are using Windows XP)
• Contact your local tech for support and additional information.
• Contact the Help Desk (6776) for guidance.

You can use the McAfee product Stinger to remove this virus. Instructions for using Stinger can be found on eHelp.

 

I&IT Leadership

Debra Brum Interim Vice President, I&IT	dabrum@csupomona.edu 909 979-6300
Mauricio Calderon Interim Technical Director, CMS	macalderon@csupomona.edu 909 979-6388
Curtis Clark Campus Web Coordinator	jcclark@csupomona.edu 909 979-6371
Stephanie Doda Associate Vice President, I&IT	sndoda@csupomona.edu 909 979-6322
Peter Deutsch Director, I&IT Systems	pdeutsch@csupomona.edu 909 979-6419
Carol Heins-Gonzales Interim Director, I&IT Applications	cheins@csupomona.edu 909 979-6335
H’Sundiata Keita Director, I&IT Operations	hkeita@csupomona.edu 909 979-6427
David Levin Director, I&IT Learning	dslevin@csupomona.edu 909 979-6304
Denny Mosier Director, I&IT Support	dbmosier@csupomona.edu 909 979-6334

“I&IT Newsletter” is a publication of the Instructional & Information Technology (I&IT) division of California State Polytechnic University, Pomona, CA.

Send comments to Denny Mosier at (909) 979-6334 or dbmosier@csupomona.edu.