‘Microsoft’ Virus Hits Campus

A new computer “worm” disguised as an e-mail from Microsoft left a trail of infection across the College this week.

The virus, which emerged on May 18 and was programmed by its creator to expire and stop spreading on May 31, causes no serious damage. However, it is responsible for thousands of infectious e-mails to students that are falsely labelled as originating from “support@microsoft.com.”

Director of Residential Computing Kevin S. Davis ’98 said the Harvard University Arts and Sciences Computer Services (HASCS) has been keeping track of the worm, but there have been no reports that the virus causes any harm to computers it infects.

“After the worm was released on May 18, the Harvard anti-virus server was updated with the latest anti-virus definitions, and students and staff could access updated anti-virus software for their protection,” Davis said.

The worm, known as “W32/Palyh-A” sends e-mails with a variety of subject lines.

The worm copies itself to the Windows folder, takes any e-mail addresses it finds on the hard disk and then sends itself out to those e-mail addresses.

Representatives from anti-virus companies think the worm managed to spread primarily because the e-mail message appeared to originate from Microsoft. The attached virus was also a “.PIF” file—an unfamiliar file extension that may have caught the curiosity of computer users and tempted them to open the attachment.

Various House and organization e-mail lists were flooded this week with concerned messages from students who said they were surprised to get the unsolicited e-mail from an apparent Microsoft address. Cabot House resident Marsha Philitas ’04 wrote to Cabot House open e-mail list to warn her peers that the message was a hoax that contained a virus.

“My computer did not get infected with the virus as I had found about it from another e-mail list, and so when I got the e-mail, I instantly deleted it,” said Philitas. “One of my friends got infected, and so I’ve told other people to be wary of it.”

The Harvard network has been flooded by viruses in the past, most recently with the Klez worm that swept across the College’s computers early last year.

Davis said that students and staff should be cautious about the e-mail messages they receive.

“Other than using the latest anti-virus software, students should always install the latest security updates from Microsoft and Apple,” he said. “This is a very easy protection measure…for instance in Windows XP, you can automatically download and install critical security updates from Microsoft.”

Davis said the HASCS website maintains a section about viruses with tips on guarding against infection, and what to do if one gets infected.

The virus e-mail has an attachment with names like “approved.pif,” “movie28.pif,” or “application.pif” that contains the Palyh worm. The files act like normal executable files, and they infect the host machine when opened.

—Staff writer Samuel M. Kabue can be reached at kabue@fas.harvard.edu.