Contact: Sandy Senti, Executive Director, Technology Strategy and Support
Stanford's e-mail service restored following shutdown
Stanford's e-mail service was restored Thursday night after a nine-hour shutdown that came in response to a major e-mail virus attack.
Stanford network administrators disabled all outgoing e-mail services on Thursday, June 5, at 12:30 p.m. due to a large volume of e-mail messages infected with the Bugbear.B virus some of which contained personal and confidential information from infected users' systems. Information Technology Systems and Services (ITSS) restored outbound e-mail service Thursday night to most of its 35,000 network users.
The Bugbear.B virus replicates itself by attaching a copy of the virus to randomly selected messages from the user's e-mail application, and then e-mailing those messages to other addresses in the user's address book. Stanford community members received e-mail messages from people they didn't know -- some dated years ago containing attachments which spread the virus.
The virus takes advantage of a security hole in older, unpatched versions of Internet Explorer or Outlook on Windows-based computers. Even computers running current patches for Internet Explorer are vulnerable if the user double-clicks on an infected attachment and opens it. Mac and UNIX computers are not susceptible to the virus, which also disables anti-virus and personal firewall software, installs a backdoor program which allows remote users to view files and manipulate processes on infected computers, and includes a keystroke logger which can record passwords and other confidential information.
It was the virus' behaviors and the risk of compromising confidential information that prompted the decision to disable Stanford's outgoing e-mail service on Thursday.
"We didn't want to run the risk of sending confidential information outside our network," said Sandra Senti, executive director, Technology Strategy and Support. ITSS administrators intercepted several e-mails that contained sensitive and confidential information.
Network administrators restored most outbound e-mail service at approximately 9 p.m. on Thursday, after installing filters that identify and delete any message carrying the Bugbear.B virus.
The majority of campus e-mail users regained the ability to send messages at that time. However, approximately 25 percent of Stanford's 35,000 e-mail users, including some at the Medical Center, rely on other local or departmental servers to send e-mail. In order to contain the spread of the virus, those servers will remain disabled until appropriate safeguards can be installed. Users of those auxiliary servers must reconfigure their e-mail programs to use the central outbound e-mail service for the time being.
The extra load from these additional users together with problems caused by other off-campus servers which are also dealing with Bugbear may cause e-mail delivery to be slower than usual, officials said. ITSS administrators have installed three additional servers to handle the extra traffic, which seems to be helping, Senti said.
ITSS will re-evaluate the risk level for local and departmental servers early next week, she added. "We're looking at long-range options that will help us address these kinds of issues in the future."
ITSS has a website at http://www.stanford.edu/group/itss-ccs/security/bugbear.html that contains current information on Bugbear.B, including links to more technical detail on the virus, and what users should do if they suspect their computers are infected.