Someone out there is trying to convince people that the FBI is monitoring traffic on “illegal” websites.
But the Federal Bureau of Investigation is not sending the warning messages that many Duke community members have received; they are coming from a new virus computer experts are calling “sober-K.”
The virus-worm hybrid sends a message from an address at “fbi.gov,” warning the recipient that he has logged onto illicit websites. Between 3 a.m. last Monday and Thursday afternoon, the Office of Information Technology found about 100,000 copies of the message in Duke e-mail boxes—about 3 percent of total e-mail on the University system.
Although some students reported getting up to 100 messages a day, many received only a smattering of the spam.
Since the notes appear to be coming from the FBI, though, a couple has been enough for some students to react. Freshman Chris Burns said he immediately called the phone number listed in the e-mail. Much to his surprise, it was a real FBI line. “They said it was a hoax,” Burns said.
For the most part, the messages, while annoying, are harmless to computers. “As far as I can tell, there is no viral content,” said Chris Cramer, Duke’s information technology security officer. “It’s still a message that’s generated by the virus, but it’s not the virus itself.”
Cramer said something was stripping the dangerous part of the message out of the e-mails. “That’s very strange,” he noted.
Administrators have had difficulty pinpointing the source of the messages because most of them do no harm and therefore are not detected by anti-virus software.
As of Thursday, OIT had located about 15 to 20 computers in dorm rooms sending the message, but Cramer believed the true source might be beyond Duke’s scope. “We could be getting a lot of this mail from the outside world,” he said.
OIT has also noted a new variant of the “mydoom” virus on the Duke network.
Computer viruses require some kind of user action, such as clicking a link, to reproduce themselves. Worms, however, can propagate themselves without human intervention. Instead, they rely on a vulnerability in the operating system to spread.
Sober-K has only infected Windows operating systems, even though all e-mail users have gotten the messages. Cramer said computer users can protect their machines from worms by periodically running a Windows update, available online.
Officials reminded all Duke affiliates to run anti-virus software regularly and to download an updated version of McAfee’s anti-virus program from the OIT website. The software automatically updates when a computer is rebooted, Cramer said, but people who leave their computers on for long periods of time should click on the McAfee toolbar icon to ensure their protection is up to date.
Get The Chronicle straight to your inbox
Signup for our weekly newsletter. Cancel at any time.