A virus contained in an email titled “new photos from my party” penetrated the Boston University network and quickly spread Sunday night after being sent to a BU undergraduate student listserv, according to BU Director of Consulting Services for Information Technology Jim Stone.
The virus, an attachment to the email, searches the victim’s hard drive and emails a copy of the email with the virus to every address in the victim’s computer, Stone said. He said the virus could be harmful to computers with Windows NT, Windows 2000 and Windows XP by creating a “backdoor” by which other people could access and alter those machines’ files from a remote computer.
According to the Symantec website, the body of the email reads “my party … it was absolutely amazing! I have attached my web page with new photos! If you can please make color printouts of my photos. Thanks!” The virus was activated when the attachment was opened, according to the website.
Stone said the virus hit the BU system at approximately 10 p.m. Sunday night and was recognized by BU system administrators within 10 minutes. The virus had copied 10,000 times within one hour of reaching the BU network, he said.
Stone said the “myparty” email is defined as both a “Trojan horse” and a “worm.” According to the Symantec website, a “worm” quickly circulates a virus to many different computers, in this case through email. A “Trojan horse” allows a backdoor, or secret route, into a computer, allowing a hacker to access a computer’s files from another computer. Stone said for that reason, a “Trojan horse” has the potential to be dangerous, though it does not automatically delete files from a computer as some viruses do.
Stone said “myparty” was a new virus, and thus was able to penetrate BU’s network without immediate detection from the BU network’s anti-virus systems and software.
“If it’s a well-known virus, it will not get through the network,” he said. “This was a brand new one, so it snuck in.”
He said the virus could not be detected Sunday night by Norton or McAfee virus protection programs because the virus was so new. Both programs released virus protection updates to deal with the “myparty” virus early today, according to Stone. He suggested people use the available updates to prevent infection.
According to the Symantec website, “myparty” is coded to infect computers between January 25 and 29, 2002. The website also says computers with keyboards set to Russian will not be affected by the virus.
Stone said Sunday night’s virus was detected because BU’s system alerts administrators to any unusual network activity.
“We have procedures built into our systems that will detect unusual activity, so the viruses call attention to themselves,” Stone said. “When you have a virus moving as fast as the one [Sunday] night, you can easily tell what’s going on. It was clear to us what was going on, so it was only a matter of how fast we could stop it.”
At last count, 15,000 copies of the virus were contained on the BU network.
“As the administrators of the computer systems we do the best we can to contain a virus,” Stone said. “In most cases, some number of viruses or copies get through before our mechanisms can work.”
Stone said this was the first time “in a bit” that the network had been infected by a major and fast-moving virus like “myparty.”
“It’s definitely not common, but we were on it in 10 minutes,” he said. “Every time it happens, I’d like to think we’re a little better at containing it.”
Stone said he does not think the virus was originated or intended for BU, though it was emailed to an undergraduate student listserv. He said the virus probably got the listserv email address off of a computer it had infected, sending the email to many BU undergraduates.
“I doubt it was intended for the University,” Stone said. “It is nearly impossible to target a virus solely to a particular group.”
This is an account occasionally used by the Daily Free Press editors to post archived posts from previous iterations of the site or otherwise for special circumstance publications. See authorship info on the byline at the top of the page.
