IT Security Bulletin - July 2004

Bagle Virus Outbreak in the University
============================

There were more than 100 known cases of computers infected by the
recent outbreak of the Bagle virus (with two variants) on the University
Network over the weekend of 14 July 2004.

As the virus spread by email, user education on opening attachments and
configuring email clients is one of many methods that can be used to
contain virus spread.

Regardless of the infection of University computers, the existence of
the virus on the Internet resulted in students and staff receiving dozens
of "spam/virus" emails from infected computers. These computers were
outside and well as within the University.

Reliance on antivirus software for protection in the early hours of an
outbreak is not feasible, because emails propagate in a much shorter
time than the time it takes to detect the virus, create a signature,
test the signature, distribute the signature and install it on
computers. Anti-virus software does provide excellent protection - once
it can identify (and hence act to isolate) the virus.

Anti-virus solution providers are working on possible improvements, for
example, allowing only pre-registered email applications to send email.
User education is still a key issue. Please highlight to users the
characteristics of virus emails, and remind them not to open attachments
from unsolicited emails or emails with "virus email" characteristics.

An article on email borne viruses is available at:
http://www.infodiv.unimelb.edu.au/it-security/ebist.html

Spam Act
=======
The Spam Act (Commonwealth Legislation) and its penalty provisions came
into effect in April 2004.

It covers the misuse of specific communication services, which are email,
Short messaging service (SMS) Multimedia message service (MMS), and
Instant Messaging (IM).

For more information on the Spam Act and compliance, please visit the
following website:
http://www.unimelb.edu.au/compliance/misc/lawupdate/spamInfoSummary.html

The Australian Communications Authority reports that the Spam Act is
having a positive effect on reducing spam:
http://www.theage.com.au/articles/2004/07/22/1090464779848.html

The Information Division has anti-spam measures for staff and now for students as well. When tuned, these measures also have an effect, but the issue of SPAM is still a major challenge.

Windows XP Service Pack 2
=====================
Microsoft is about to announce a service pack for Windows XP, the main
objective is to improve the security of the Windows XP operating system.

There will be major changes to the functioning of the operating system,
and it is anticipated that some services using specific components of
the operating system may not work properly.

IT staff and software developers affected are encouraged to be familiar
with the proposed changes that Windows XP Service Pack 2 will bring
about, so that users can be advised of any potential problems with
software application use.

More information is available at:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx

Virus Writers Exploring New Grounds
============================
Recently, "proof of concept" viruses have been publicised for computing
platforms other than the "traditional" personal computer.

These include a virus that affects Windows CE:
http://www.zdnet.com.au/news/security/0,2000061744,39153768,00.htm

Mobile phones:
http://www.zdnet.com.au/news/security/0,2000061744,39150876,00.htm

and 64 bit Windows computers:
http://www.zdnet.com.au/news/security/0,2000061744,39148968,00.htm