When Elisabeth Johnson checked her e-mail Tuesday afternoon, she didn’t open any of her ten new messages from the university. With subject lines like ‘Weee’, ‘Hokki’, and ‘Ello’, the junior international relations and psychology major immediately knew that they were sent through a worm.

‘It’s annoying, but you can pretty much tell that it is not something you would want to open,’ Johnson said.

Two different e-mail worms filled SU students’ in-boxes Tuesday, and while both are annoying for students like Johnson, one poses as an e-mail from Computing and Media Services administrators and could potentially trick students into opening its attachment.

‘CMS would never send a student attachments,’ said Deborah Nosky, CMS manager IT Communications and Professional Development.

The worm, called the Bagle worm, poses as an e-mail from management@syr.edu, support@syr.edu, staff@syr.edu or administration@syr.edu. It cautions the user that his or her e-mail account has been sending large volumes of spam and viruses or that the e-mail account has been disabled because of proper use.

The messages adds that the user should click on the attached file for more details or download antivirus protection. Some e-mails include a five-digit password to open the attachment. The e-mail ends with a greeting such as ‘cheers’ or ‘kind regards’ and is signed ‘The Syr.edu Team.’

‘The spammers are good,’ Nosky said. ‘I can guarantee that if you were at Boston College, it would says ‘Cheers, BC.edu’ at the end.’

Despite its neutral message, Nosky trusts that students are intelligent enough to see through its poor grammar and generic format.

‘This looks a little bit more legitimate, but the reality is that you wouldn’t open attachments that are suspicious,’ Nosky said.

She added that the worm won’t affect SU’s network unless a lot of students click on the attachment.

Once embedded in a student’s computer, the worm deletes files that keep the computer secure, according to the Networks Associates website.

The worm had an additional two hours opportunity to move through the system because TrendMicro, the company that updates the virus filter on OrangeMail, didn’t have an application prepared to remove the Bagle attachment.

But the more popular virus in students e-mail – like the one Johnson received – was cleaned by the filter, Nosky said, making them benign to students’ computers.

‘I got about 10 e-mails,’ Jessica Lipsett, a freshman biology major. She, like Johnson, didn’t open the e-mails because they looked suspicious.

‘These viruses are just so fast now,’ Nosky said. ‘Millions of people had gotten it in that hour.’

Nosky said, though, virus and worm messages are becoming more common, which makes students more wary of them.

‘It really is an everyday occurrence,’ Nosky said.

Published on March 2, 2004 at 12:00 pm