A new internet virus spreading rapidly throughout the world may be propagating itself through a popular U.S. Department of Education (ED) listserve, posing a potential security risk to thousands of school systems and other education stakeholders who receive eMail transmissions via the department.

The "Bagle" or "Beagle" worm, which originated over the long holiday weekend, provided an unwelcome surprise for some educators who logged into their eMail in-boxes when school resumed Jan. 20.

The virus, which arrives in the form of an eMail with the subject line "hi" and the words "test, yep" in the body of the message, is packaged as an attachment. When the attachment is executed, it unleashes a nefarious worm that sends itself to every eMail address in the user's address book. CNN.com reported that the worm also has the capability to select a name at random from an infected address book, then spoof that name to dupe trusting recipients into opening the infected attachment.

eSchool News first discovered that ED may be propagating the virus early Tuesday morning when several editors received the bogus transmissions. The messages--more than 10 of which had been received by editors at press time--appeared as if they originated from Kirk Winters, a public information officer for the department who is responsible for sending out "ED News," a weekly internet newsletter delivered every Monday to thousands of subscribers to ED's eMail listserve.

Though it's unclear whether someone at ED actually opened the attachment, thereby permitting the spread of the worm, or whether it simply is spoofing Winters' eMail address in hopes of fooling unsuspecting educators, a department spokesman said he believes the agency's virus-detection software neutralized the worm automatically by removing it from infected messages before they reached recipients.

"We've checked with our information technology people, and our virus protection apparently stripped the virus from the message," wrote Public Affairs Specialist Jim Bradshaw in an eMail. "In other words, individuals may have gotten a virus message, but no virus."

eSchool News was unable to verify Bradshaw's claim before press time. But Bradshaw added that his department is assessing the situation and will contact its eMail subscribers with any information that may be necessary to keep the worm from spreading.

Fortunately for schools, security experts say the worm--which reportedly affects only machines running the Windows operating system--is far less serious than its two most recent predecessors, SoBig and Blaster, which bogged down and, in some cases, crippled internet servers worldwide last year.

Brian King, an internet security analyst for CERT, part of the Software Engineering Institute at Carnegie Mellon University in Pennsylvania, said computer users so far have reported only minor disruptions.