Tony Skalski, microcomputer systems administrator for Information and Instructional Technologies (IIT), said All it took was one computer, one person getting it on Friday afternoon. Within a few hours, a few thousand people could have had it. IIT Help desk Coordinator Tron Compton-Engle said the virus is the worst we've ever seen, in terms of impact, on campus.
According to the IIT, the version of klez hitting St. Olaf is officially called W32.Klez.E@mm. Compton-Engle said the worm spreads itself through the vulnerabilities of two Microsoft programs: Outlook and Outlook Express. Klez manipulates any e-mail addresses found within the system, both in the address book and other text documents, and forges messages both to and from them. Therefore, Compton-Engle said, If you get a message from Joe Smith, Joe Smith doesn't necessarily have a virus.
The virus uses all parts of the e-mail including the subject, the body and the attachments to infect a computer. Once opened in Outlook or Outlook Express, the attachment automatically launches klez.
The active klez virus has numerous consequences, the most damaging of which is known as the payload a military term referencing the part of a missile or torpedo that carries the explosive charge. The klez payload poses a substantial threat, transpiring on the sixth of every odd numbered month excluding January and July. On the sixth, the worm attempts to overwrite a variety of files, including all Microsoft Office documents and popular .mp3 audio files, and replace their contents with zeroes.
If it happens to be the sixth of January or July, the worm also attempts to overwrite all files, including key system files, effectively crippling the computer all together.
Although the virus does not infect Macintosh computers, they are capable of passing the worm, Skalski said. Similarly, campus e-mail programs, such as Emissary and Telnet, will not automatically activate the virus but can transmit it.
Often times, the virus is recognizable because of its random subjects. Early on in the outbreak, a questionable e-mail was widely distributed under the name of Associate Dean of Students Steve McKelvey. The subject of the returned e-mails, according to McKelvey, promised pornography in the attachments.
In response, McKelvey received numerous emails from fellow professors who were chastising him for sending pornography to people on campus.
It took me awhile to figure out what had happened, he said.
Before he recognized the widespread nature of the virus, McKelvey was apprehensive about the ramifications of such email. I was concerned, given the nature of my job, he said.
Overall, the virus affected all St. Olaf community members, but has had few lasting results.
Political Science Professor Sheri Breen often requests that her students submit assignments via e-mail attachment. Surprisingly, she said, I didn't have much problem in terms of students communicating with me. She said her mailbox was jammed with virus-infected messages, but she recognized and deleted them. Overall, Breen said, I feel like I came out fine. It was more of a nuisance than anything else.
Richard Brown, computer science director, said that his department does not use Windows operating systems, so it did not affect any programming or coursework.
Compton-Engle said that some students had contacted the IIT to report problems. However, he said, it is difficult to gauge the full impact of the virus because he has no idea how many people aren't contacting [the IIT].
The biggest problem facing the IIT deals with the repair directions from most major anti-virus manufacturers. They've been inadequate, Compton-Engle said. To solve the problem, the IIT wrote their own directions on how to clean out the systems for the serious cases.
The occurrence of infected e-mails appears to be diminishing. Although he did not have the statistics compiled, Compton-Engle said, based on his own e-mail inbox, it is definitely starting to calm down.
Compton-Engle and Skalski suggest that students avoid using Outlook and Outlook Express, and switch to safer alternatives, such as Netscape Messenger.
Those with infected systems should visit the IIT website at http://www.stolaf.edu/services/iit/ the site contains information on how to clean personal computers. Students can also contact the IIT help desk at ext. 3830. The help desk is open Monday thru Friday, 8 a.m. to 5 p.m. and Sunday thru Thursday evenings from 6:30 to 10:30 p.m.