The W32.Beagle worm (virus) appeared in three new forms on Wednesday, March 3. Many UVM email readers have received false warnings about their email accounts, while others received brief messages enticing them to open a password-protected attachment. Ignore and delete these messages.
The messages themselves are different, but they all say one must open a
password-protected ZIP file to read the details. Please, don't do it. The
attachment contains the worm, and if you're using a Windows computer,
it will infect the computer if you open
it. Damage can be extensive and you could lose your work. An
infected computer immediately starts infecting other computers.
The "From" addresses are all forged, but some variants of the worm use
actual email addresses from the infected computer's address
books. CIT is stopping delivery of messages from some of the fake
forged address , but other versions of the messages are being
delivered. As of Wednesday afternoon, March 3, the
attachments are not being delivered, and are replaced with an
informational message:
message contained an attachment of a type that could carry a virus.
UVM's email gateway does not allow this type of attachment, and has
deleted the attachment.
UVM has decided to block certain well known executable file types at our
email gateway, to help reduce the risk of email viruses spreading on our
network. If you get this message, but want the attachment being sent to
you, we recommend you contact the sender and ask them to zip the file, or
have them use the UVM file transfer application at
https://www.uvm.edu/filetransfer/
to send the file to you.
This notification is being sent to you for informational purposes. To
keep nuisance factors and mail traffic under control, the original sender
of the message has NOT been notified -- you may want to let them know at
your discretion, if you feel the email you received is legitimate.
UVM Postmaster <postmaster@uvm.edu>
Infection from File-Sharing Programs like KazAa
The Beagle worms also spread through sharing networks like KaZaA and
LimeWire. It disguises itself as music, movie, or picture files;
when opened (when trying to listen to a song, for example), the worm
infects the computer.
Protect Your Computer
Please be sure that your computer is running UVM's site-licensed
Symantec Antivirus software, available from the UVM software download site.
For more information, see the Symantec
Web site.
Be sure your Windows computer is set up to apply all critical
updates from Microsoft. For details, go to the Windows Update site.
Transmitting Password-Protected ZIP Files
If you are one of the few people who have been emailing passworded
ZIP files, the recommended replacement is to use the UVM file transfer
Web application:
https://www.uvm.edu/filetransfer/
If you find that the file transfer application does not meet your
needs, please contact CIT via cit@uvm.edu.