[ISN] Worm hits listserv; humor fills inboxes

From: InfoSec News (isn@private)
Date: Fri Sep 26 2003 - 01:24:09 PDT

  • Next message: InfoSec News: "[ISN] Technology Firm With Ties to Microsoft Fires Executive Over Criticism"

    Forwarded from: Richard Caasi <caasi@private>
    By Mer Eckstut
    September 25, 2003 
    According to one of the College's official listservs, Penn's ranking
    is dropping to 249 -- and University President Judith Rodin doesn't
    And Mr. T still pities the fool.
    These were just two of the messages that flooded inboxes across campus
    stemming from a virus outbreak that started Tuesday afternoon and
    lasted until the wee hours yesterday morning.
    The W32.Mimail.Amm worm was sent out to students on the
    college-fyi-out listserv, a tool administrators use to communicate
    with College of Arts and Sciences students, Tuesday afternoon at
    approximately 2:41 p.m.
    "It doesn't do a lot of damage," Information Security and Computing
    official Steve Strawser said. Mimail is a mass-mailing worm that hunts
    through a user's address book and randomly selects addresses. These
    addresses are then sent forged messages, which leads recipients to
    believe they are getting mail from their server's administrator.
    The occurrence of this worm was almost immediately followed by a
    college listserv malfunction.
    "It just kept coming and coming and coming," College junior Anne
    McGuire said, referring to the hordes of e-mails she received.
    Party announcements were sent out -- as were fictional news stories
    and e-mails insulting posters trying to get off the listserv.
    Dozens of e-mails from students asking to be removed from the
    college-fyi-out listserv were broadcast to the entire community, which
    spurred more people to request removal -- making the problem worse.
    While the listserv is usually restricted to posts from College
    administration, the worm found an internal address that had posting
    privileges, according to John Yates, information technology senior
    director at SAS Computing.
    By having the address with posting privileges in the original Mimail
    e-mail headers, any student who replied to the e-mail broadcast the
    message to the entire group, he explained.
    "I thought the whole thing was kind of funny," said College senior
    Denny Watson, who sent out several humorous e-mails. "It was a relaxer
    for the University."
    Ira Winston, IT executive director at SAS Computing, said that
    computing officials were alerted to the problem late Tuesday night,
    when the increased network traffic prompted the staff to be contacted
    at home.
    At approximately 4 a.m. yesterday morning, the flaw was fixed and
    students no longer had posting rights to the listserv, he explained.
    No final figures concerning the exact numbers of servers and users
    affected were available by press time. Yates estimated that there were
    over 100 student replies posted, and that over 95 of them occurred
    after midnight Wednesday morning.
    The fiasco prompted a wide range of student reactions.
    "At first I didn't realize what it was," College sophomore Robert
    Tennenbaum said.
    "I thought it was annoying," he added.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 26 2003 - 03:55:43 PDT