On January 1, the Welchia/Nachia worm, which ate into Syracuse University’s network and brought Internet response time to a halt, died.

CMS officials are thankful, but Deb Nosky, a project manager of information technology communications for Computing and Media Services, is still wary of another infestation that could bring the network to its knees once again.

‘We still want students to keep updating their antivirus programs,’ Nosky said. ‘Just because this worm is gone doesn’t mean another one won’t pop up tomorrow.’

And the first step to another infestation is already in progress.

The Xombe e-mail has begun circulation through in-boxes nationwide, claiming to be sent from windowsupdate@microsoft.com and containing a critical patch for Microsoft programs. After a user downloads the program, the Xombe virus creates a vulnerability in his or her computer’s security.

‘It opens the door for a later attack,’ said Deborah Beishline, a computer support analyst for CMS.

So far, CMS officials haven’t seen any signs of the Xombe virus on the SU network. Beishline hopes that students will avoid falling into the trap by using some computer savvy when checking their e-mail. She warns students not to open e-mails with attachments in unfamiliar formats.

‘Everyone knows what a .jpeg is,’ Beishline said. ‘It’s common sense not to open a file that ends in .exe or .b or .s. Don’t open them, just delete them.’

Another ‘red flag’ that should signal a hoax is that no antivirus software company sends out e-mails to alert their customers of new updates, Beishline said. This includes the three major antivirus software creators: Norton, McAfee and Microsoft.

With these tips in mind, CMS officials hope that students won’t expose ResNet to the Xombe virus which, Nosky said, has the potential to bring in a worm just as powerful as the one that hit campus this fall.

Also, the Xombe virus can’t damage a computer that has its antivirus program’s latest patch. It primarily targets people who haven’t patched their computers because they haven’t seen the need for a antivirus software.

In its approach, the Xombe virus is similar to the viruses circulating through students’ Instant Messenger profiles. Links saying ‘I can’t believe I found (username)’s picture here’ or ‘New Year’s Parrrty’ convince students to download a program, actually a virus, to view another user’s pictures. The viruses then erase the downloader’s profile and can cause damage to the hard drive.

But some students claim to be Internet-savvy enough not to fall into such traps.

‘I know not to open things from people I don’t know,’ said Matt Tisser. The undeclared freshman in The College of Arts and Sciences has never opened an infected file on his e-mail or Instant Messenger.

He also thinks that people in general are getting smarter about using the Internet.

‘I think people are starting to look out for it more.’

Published on January 14, 2004 at 12:00 pm