News Archive of Virus Alerts

2006 Virus Alerts

• W32/Mytob.IJ@MM virus (10/25/06)
• Severe Threat From Windows MetaFile (WMF) Exploit (01/03/06)

2005 Virus Alerts

• Zotob Worm Infects Unpatched Windows 2000 Machines, Slows Networks (8/17/05)
• A few Mytob-infected messages got into U-M mailboxes; Filters now in place (5/16/05)
• A few MyDoom.bb-infected messages got into UMICH mailboxes; Filters now in place. (2/17/05)

2004 Virus Alerts

• Bagle.bb and Bagle.bd spread rapidy, but U-M virus filters are now stopping them. (10/29/04)
• Bugbear.B variant causes problems locally; protect yourselves manually by following the directions at this link. (6/21/04)
• Bagle.z forges "Sender" field, attaches infected file. (4/27/04)
• Witty worm attacks users of BlackIce firewall v.3.6.ccf, causing data loss and network load. (3/20/04)
• Bagle.J fills mailboxes with spurious e-mail account warnings. (3/2/04)
• MyDoom virus sends mail with a forged "From" address, random "Subject" line, and randomly named infected attachment. (1/27/04)

2003 Virus Alerts

• Mimail virus attempts to fool PayPal users into revealing their credit card and PayPal info. (11/15/03)
• Swen virus sends what appear to be Microsoft updates. Do not be fooled. (9/22/03)
• Sobig.F virus spreads rapidly; bombards e-mail boxes. (8/19/03)
• Nachi exploits Microsoft vulnerability; Update Windows to prevent infection. (8/18/03)
• Protect yourself against the Lovsan worm by updating Windows and using antivirus software. (8/12/03)
• Sobig.E virus spreads, somewhat. (6/25/03)
• Sobig.C virus floods email world-wide. Sobig forges the "From" field; message text is "Please see the attached file." (6/3/03)
• Forged Spam presents problems; confuses victims. (3/31/03)

2002 Virus Alerts

• Braid virus is rare world-wide, but all too common here at U-M. The message text includes "Product Name: [Windows Version]." (11/13/02)
• BugBear virus spreads rapidly worldwide. The virus attaches text that it finds on the infected computer, and uses it as the body of the email. (10/4/02)
• Frethem.L virus makes a splash, then fizzles. The subject line of email carrying this virus is "Re: Your password!" (7/15/02)
• JDBGMGR hoax is just a minor variant of the SULFNBK hoax. The mail warns that a harmless file (jdbgmgr.exe), which is actually part of Windows, is infected. (6/9/02)
• Klez virus family forges the "From" field of email, so the virus appears to come from someone other than the real victim. Including from your postmaster. (4/21/02)
• Gibe virus pretends to be email from Microsoft. (3/14/02)
• Myparty virus appears at U-M; vendor supplies interim fix quickly. This mass-emailing worm has a Subject of "new photos from my party!" and requires user assistance to infect. (1/27/02)

2001 Virus Alerts

• Goner virus is released and detected quickly by antivirus companies. It has a subject of "Hi" and an attachment named "gone.scr." The writers of this virus have been apprehended and face a 3 to 5 year prison term. (12/4/01)
• BadTrans.B virus has been spreading via email since 24 November 2001; it appears to be an "empty" email. The address of the sender almost always begins with an underscore. (11/28/01)
• VBS/VBSWG.AF (also knows as "Antrax") is yet another ethical transgression: Antivirus company gives a trivial virus, properly named "VBS/VBSWG.AF," the much more incendiary name of "Antrax" instead. (10/17/01)
• Vote virus is announced by a less than ethical marketroid even though probably never will make it "In The Wild," and an email storm is set off. Why? Because the virus writer sleazeball linked it to the World Trade Center. (9/25/01)
• Nimda worm gets lucky. Mostly a threat to system administrators, it seems. (9/18/01)
• SirCam virus gets lucky. This one emails itself, plus copies of files in your "My Documents" folder, to addresses in your addressbook. (7/22/01)
• CodeRed worm seems to have gotten lucky. Also known as "Code Red" or "Bady," it's not considered a threat to most end users, but is causing problems for sysadmins who haven't patched their IIS servers. (7/19/01)
• Naked worm makes headlines, and is detected by most antivirus products if the current definitions are in place. For U-M folks, the 4126 SuperDAT, announced earlier this afternoon, covers it. (3/6/01)
• VBS/VBSWG.J@MM worm (also called "VBS/SST," "AnnaKournikova," "Here you have, ;o)," and "Hi: Check This!") makes waves, but is no real threat at U-M. (2/12/01)

2000 Virus Alerts

• VBS/NewLove worm makes headlines and is nasty if successful, but is not expected to be nearly as significant a threat as VBS/LoveLetter.A or W97M/Melissa.A. Nonetheless, we already have drivers. (5/19/00)
• VBS/LoveLetter virus gets sent widely; vendors quickly provide a fix. The message subject is usually "I LOVE YOU." (5/4/00)
• "911" worm exists and has a nasty payload, but is not expected to be a problem for almost anyone. (4/4/0)
• APSTrojan.qa (aka "Hey, you") AOL Password Stealing Trojan seems to be making more than its share of trouble. (2/14/00)

1999 Virus Alerts

• BubbleBoy worm was judged "Low Threat" by NAI, but their marketroids went and told the press about it anyway. Mistake: now a bazillion folks are worried about a non-issue. Right now, anyway. Enough said; this doesn't deserve its own web page to discuss. (11/10/99)
• ExploreZip worm is making all sorts of waves in the media, but we haven't had reports of it at U-M. (6/10/99)
• CIH virus (also known as "Chernobyl virus") is real, nasty, and triggers on April 26th. (4/24/99)
• Melissa.A virus spreads fast, but can be controlled. (3/27/99)
• Ska.A virus and its dropper, HAPPY99.EXE have gotten a lot of email "press" lately, and as such we get a fair amount of questions about whether or not it is a hoax. We provide instructions for how to be rid of it. (3/8/99)

virus.busters@umich.edu

ITCS | University of Michigan
Copyright © 1996-2005 The Regents of The University of Michigan

visits since this site was redesigned 5/21/04

This page last updated September 10, 2007