This morning Symantec reported an outbreak of the W32.Imsolk.B@mm virus. This is a virus that has been seen transmitted through email. Once a user clicks on the infected link, the virus replicates itself by emailing all contacts in the address book. Therefore, it may appear that the email is coming from a legitimate person. Please be very aware of any email links you click and that they have come from a legitimate source for a legitimate purpose.
The IT Security and Policy Office has directed all Symantec Endpoint Protected machines to update their virus definitions which will provide protection from this threat. Unfortunately there is a lag time because of the way Symantec updates definitions which will leave a window of time that machines are unprotected. In addition, not all machines on campus have Symantec Endpoint Protection, and therefore may not be protected.
IT Security and Policy Office requests all IT personnel/contacts to update machines with latest Symantec Endpoint Protection software available on Tigerware. As a user if you do not know what version of Symantec is installed on your machine, please contact your IT personnel/contact.
The announcement from Symantec can be found here:
Symantec Security Response has observed a global mass mailer worm spreading and affecting hundreds of thousands of computers worldwide. This appears to be a new attack – likely originating from a botnet – however, it is similar to the classic old school mass-mailing viruses like Nimda <http://www.symantec.com/security_response/writeup.jsp?docid=2001-091816-3508-99> , Melissa <http://www.symantec.com/security_response/writeup.jsp?docid=2000-122113-1425-99> and the Anna Kournikova virus from 2001.
The new, malicious computer worm spreads using a socially engineered email attack. The threat arrives in the form of a standard email that directs the recipient to click on a link embedded in the email. This link points to a malicious program file that is disguised as a PDF file, hosted on the internet. When the user clicks on this link, their computer downloads and launches the malicious file.
Symantec customers are protected from W32.Imsolk.B@mm <http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-090922-4703-99> both today and in the future using updates, as well as the products and services outlined in the tabs below.