Cornell Home Page Computing at Cornell Security

Security Alert: MyDoom.AZ Windows E-mail Virus - attachments block lifted (2/21/05)

As announced in our previous alert, on Friday, February 18, 2005, a new e-mail virus that could infect Windows computers appeared on campus. This virus has now been identified as MyDoom.AZ.

* Updated Symantec AntiVirus Definitions

The virus definitions for Symantec AntiVirus (SAV) have been updated to detect this virus. You should launch SAV and ensure that the Virus Definition File is version 2/20/2005 rev.7 or later.

If you don't have the current definitions, you can run LiveUpdate to download them from Symantec. They can also be retrieved locally from:

* Blocking of e-mail attachments lifted

The Sophos/PureMessage virus filters on the CIT central mail servers have been updated and are successfully blocking messages that have the virus-laden attachment. As a consequence, we are no longer blocking delivery and transmission of e-mail with attachments that have suspect file names.

* How to detect and remove the virus

Once you have determined that your SAV virus definitions are current, you can scan your computer for e-mail messages that included the virus-laden attachment. SAV will quarantine any copies of the attachment.

If you inadvertently opened the attachment and so infected your system, Symantec's web page about this virus includes a link to an updated version of their MyDoom removal tool that can clean out the infection:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.az@mm.html

People working on departmental networks should, as always, consult with local technical support personnel for assistance with updating their software and cleaning up any virus infections.

Thank you for your attention to this message. We hope it has proven useful.

Cornell Information Technologies
IT Security Office

If you need help and don't have access to local technical support personnel for assistance, please contact the CIT Contact Center (HelpDesk) by calling 255-8990, by sending e-mail to helpdesk@cornell.edu, or by visiting 119 CCC. The Contact Center is open Monday-Friday from 8:00 a.m. to 5:00 p.m., with extended phone hours Monday-Thursday from 5:00 p.m. to 8:00 p.m. during the academic year. If the Contact Center is closed and your problem is urgent, contact the Network Operations Center at 255-9900.

You can receive messages like this via e-mail by subscribing to the CIT-Alert-L mailing list, which is used to distribute announcements about significant disruptions or threats to the campus computing and telecommunications environment. Visit the CIT-Alert-L subscription page.


Computing at Cornell Homepage CUinfo CIT Contact List Send Us Feedback

Last modified: June 04, 2007