Campus Vulnerability Scanner Updated to Identify Recent Infections

The campus vulnerability scanner will be updated on November 18, 2004, to identify computers infected with the Bofra and Korgo viruses. Computers will not be permitted to connect to the campus network if they are infected with Bofra or Korgo. While we strive to keep the campus vulnerability scanners updated, the updates may not be able to keep up with the rapid release rate of new virus variants. You are advised to apply anti-virus updates as they are made available by your anti-virus vendor.

Bofra: This mass-mailing worm has several variants and is also referred to as W32.MyDoom.ah@MM and Win32.Bofra. An infected email message may refer to a Paypal account transaction or solicit a visit to a Web camera. The worm may attempt to connect an infected computer to an IRC network.

Korgo: This worm also has several variants and is also known as Padabot. The worm spreads by seeking and infecting vulnerable network computers. The worm may attempt to connect an infected computer to an IRC network.

The campus vulnerability scanners have been updated to identify these viruses via two mechanisms.

?\tThe infection scan that occurs during Disauth Web authentication will direct the user of the infected computer to a reference page with links for removing the infection. The infection must be removed in order to successfully authenticate.

?\tThe selfscan site (http://selfscan.ucdavis.edu) will direct the user of the infected computer to a warning page and links for removing the infection.

For further information about these two viruses, please see:

Bofra (aka W32/MyDoom.ah) References: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOFRA.A http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631

Bofra Automated Removal Tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra@mm.removal.tool.html

Korgo References: http://securityresponse.symantec.com/avcenter/venc/data/w32. korgo.a.html http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126115

Korgo Automated Removal Tool: http://vil.nai.com/vil/averttools.asp#stinger

If you have any questions regarding the vulnerability scanner updates, please contact security@ucdavis.edu.