Worm hits listserv; humor fills inboxes

[InfoSec News <isn () c4i org>]

Forwarded from: Richard Caasi <caasi () gort ucsd edu>

http://www.dailypennsylvanian.com/vnews/display.v/ART/2003/09/25/3f7294af5eee7

By Mer Eckstut
September 25, 2003 

According to one of the College's official listservs, Penn's ranking
is dropping to 249 -- and University President Judith Rodin doesn't
care.

And Mr. T still pities the fool.

These were just two of the messages that flooded inboxes across campus
stemming from a virus outbreak that started Tuesday afternoon and
lasted until the wee hours yesterday morning.

The W32.Mimail.Amm worm was sent out to students on the
college-fyi-out listserv, a tool administrators use to communicate
with College of Arts and Sciences students, Tuesday afternoon at
approximately 2:41 p.m.

"It doesn't do a lot of damage," Information Security and Computing
official Steve Strawser said. Mimail is a mass-mailing worm that hunts
through a user's address book and randomly selects addresses. These
addresses are then sent forged messages, which leads recipients to
believe they are getting mail from their server's administrator.

The occurrence of this worm was almost immediately followed by a
college listserv malfunction.

"It just kept coming and coming and coming," College junior Anne
McGuire said, referring to the hordes of e-mails she received.

Party announcements were sent out -- as were fictional news stories
and e-mails insulting posters trying to get off the listserv.

Dozens of e-mails from students asking to be removed from the
college-fyi-out listserv were broadcast to the entire community, which
spurred more people to request removal -- making the problem worse.

While the listserv is usually restricted to posts from College
administration, the worm found an internal address that had posting
privileges, according to John Yates, information technology senior
director at SAS Computing.

By having the address with posting privileges in the original Mimail
e-mail headers, any student who replied to the e-mail broadcast the
message to the entire group, he explained.

"I thought the whole thing was kind of funny," said College senior
Denny Watson, who sent out several humorous e-mails. "It was a relaxer
for the University."

Ira Winston, IT executive director at SAS Computing, said that
computing officials were alerted to the problem late Tuesday night,
when the increased network traffic prompted the staff to be contacted
at home.

At approximately 4 a.m. yesterday morning, the flaw was fixed and
students no longer had posting rights to the listserv, he explained.

No final figures concerning the exact numbers of servers and users
affected were available by press time. Yates estimated that there were
over 100 student replies posted, and that over 95 of them occurred
after midnight Wednesday morning.

The fiasco prompted a wide range of student reactions.

"At first I didn't realize what it was," College sophomore Robert
Tennenbaum said.

"I thought it was annoying," he added.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.