Residents Demand Answers at Council Meeting on Police Killing of Sayed Faisal


Bob Odenkirk Named Hasty Pudding Man of the Year


Harvard Kennedy School Dean Reverses Course, Will Name Ken Roth Fellow


Ex-Provost, Harvard Corporation Member Will Investigate Stanford President’s Scientific Misconduct Allegations


Harvard Medical School Drops Out of U.S. News Rankings

Virus Infects, Resends Personal E-mails


While checking her e-mail last week, Jody M. Kelman ’05 was surprised to find a message from her friend’s father in her inbox.

And Anna L. Dickerman ’05 found mysterious messages about road trips she wasn’t planning and with people she didn’t know.

“There was nothing juicy, but there was definitely personal information,” Dickerman said.

The errant e-mails, it now seems, were not due to careless senders but to a clever virus known as Bugbear which can cause confidential e-mails—and lethal attachments—to be dispersed around campus.

The virus spreads from an infected machine by selecting an e-mail address from an individual’s message history or address book. It then sends an e-mail to that address and attaches itself to the message, according to Kevin S. Davis ’98, coordinator of residential computing. The virus may also excerpt fragments from documents, including personal correspondence, found on the infected machine and place them in the body of the e-mail.

Bugbear caused a stir on campus last June, when it infected machines in University Hall and resulted in several Harvard students receiving e-mails containing confidential memos and information intended only for administrators.

“If an e-mail looks like it’s coming from someone you know, then of course you’ll want to open it. These virus writers try their best to make these viruses attractive,” Davis said. “It’s all social engineering.”

According to Davis, the Bugbear virus may trigger a variety of side effects, ranging from benign to harmful. Some versions of the virus steal sensitive data like passwords and credit card numbers from the infected machine.

“Anytime you have a computer virus, it’s a serious situation,” says Davis. “Even if an e-mail looks like it’s coming from someone you know, be careful.”

He advises students to check with the Harvard Arts and Sciences Computer Services (HASCS) Help Desk if they receive e-mails with suspicious-looking attachments. HASCS also recently launched a new program that scans e-mails for viruses before the e-mails are delivered to user inboxes. The program can be downloaded from the HASCS website.

While both Dickerman and Kelman said there was personal information in the virus-laden e-mails they received, the messages did not contain particularly sensitive information. Similarly, the infected e-mails sent from University Hall in June contained mostly innocuous information about scheduling and administrative tasks.

Kelman said she received two e-mails during the first week of reading period. “I have no idea where I got them,” she says. “One was from a friend’s dad, another was from a girl planning a road trip. When I tried to reply to the e-mails, the addresses didn’t seem to work.”

Dickerman said she received a total of four mysterious messages earlier this week.

“It was bizarre,” she said. “The e-mails arrived with sketchy-looking attachments, and some of them contained some personal information.”

Dickerman said she has stopped receiving Bugbear-infected e-mails. “I haven’t received any weird e-mails in the last few days. It looks like the voyeuristic fun and games are over,” she joked.

Want to keep up with breaking news? Subscribe to our email newsletter.