|
ABOUT Email Spoofing Viruses
Q: Why do I keep getting returned email messages
and complaints from people that I am sending infected email messages that I
did not send???
A: The most common email viruses, and variants,
use random email addresses from an infected computer's address book in the FROM and
TO fields of messages the virus sends. Most likely the virus on
someone else's computer has found your email address in an address book and
used it in the FROM field as the virus replicates itself via email. The
messages look like they came from you, but they did not. This is called
email spoofing. The insecure
nature of email easily enables anyone to assume anyone else's email identity.
Not to worry, however. If your Purdue anti-virus software has not
complained about a virus on your computer, and you have not opened an email
attachment, chances are good that your computer
is not infected and you can tell people "it wasn't me who sent you that email
message, it was someone pretending to be me in a parallel universe". Or something like that.
An overview of email spoofing from CERT:
http://www.cert.org/tech_tips/email_spoofing.html
News articles explaining more about email spoofing:
http://reviews.cnet.com/4520-3513_7-5128949-1.html
http://antivirus.about.com/library/weekly/aa042502a.htm
ABOUT EMAIL VIRUSES
Email viruses, worms, and trojan horses are continuing
to spread throughout the Internet via email attachments. Additionally, a host
of Internet Hoaxes are wastefully spreading through email consuming network
and server resources. Email viruses range from being annoyances to being very destructive (wiping out all
files on a hard drive). There are precautions that can be taken to
minimize your chances of falling victim to these malicious programs. In
most cases, for these programs to activate, a user must save the program to a
local hard drive and deliberately execute it by clicking the program
file or clicking "Open" on a dialog box. Thus many email viruses are
entirely dependent upon a user to bring it to
life and initiate its destructive process. There are, however, some
viruses that attempt to launch themselves without first asking the user
using JavaScript
, which may be built into an email program. You should turn JavaScript features off
in your email client. Below are some ideas for getting out of harms way.
Anti-Virus Software
Purdue faculty, staff, and students can obtain anti-virus
software at no cost for home at the following web site,
http://www.itap.purdue.edu/security/download/
If you need anti-virus software installed on an
Education
/
Purdue-owned computer, please contact Education IT at,
http://support.education.purdue.edu/
Executable File Extensions
One of the best ways to protect yourself from the
majority of email viruses is to never send, click, open, save, or run EXECUTABLE
email attachments.
Executable File Extensions include:
.EXE
.COM .VBS .LNK .PIF
.SCR .BAT
Examples:
clickme.exe, iloveyou.jpg.pif, memo.doc.scr, newdean.bat, your_tenure.vbs
If you receive a file via email that ends with any of
these, delete the message without opening the attachment. Most people should never need to receive an
executable computer program via email. Executable programs typically come from
software manufacturers on CDROM or other media.
Unwitting betrayal
Be aware that even trusted friends and
associates may
fall victim to worms and viruses and send them to you unawares!!! The
best policy is never to send or receive executable attachments by email. And be VERY careful about opening any attachment at all or clicking a link, even if it originates
from mother dearest or best friend!
How to safely distribute documents
If you need to distribute documents, the best
practice is to use a web server to distribute files. Place the
document on a web server and send the URL (the web address) via email. This will
indicate to the user that:
(a) you consciously meant to distribute the file
(b) you yourself have found it to be harmless
(c) the file cannot be tampered with while in
transit
(d) it actually comes from you because it is
on your server
If you must send an email attachment
If you must send or receive documents via email, please
carefully ensure that all of the following are true:
- Know what you are distributing before you
distribute it via email. Make sure it is virus/spyware free (don't inadvertently victimize others for the sake
of a funny program or document, and don't desensitize your friends from
being cautious by sending frivolous executable attachments).
- Place a full description of the document you
are sending in the body of the message, including a description of the
content, file type, file size, and repeat of the file name. Don't just
attach a document and hit send without typing anything!
- If you are receiving an attachment, know
who the e-mail attachment is from before you click, save,
or run it. Maybe send the person email verifying that they meant to
send it, before opening that attachment.
- If you are receiving an attachment, be sure that you were
expecting the attachment
from a known and trusted user. Contact your friend before opening the attachment and ask, "Did
you really mean to send this to me?"
- Have current anti-virus software installed on your computer (contact Education IT for an update,
http://www.education.purdue.edu/support/).
- Have vital documents on your computer backed up.
We have encountered email borne programs that wiped every file off of a
users computer. If you are not
backing up, get a Zip/CD-RW drive and make regular backups of your data
files (not your program files which are already backed up on
original manufacturer installation disks).
- If you have
any doubt about an
attachment you have received, PLEASE
delete the email message/attachment and send email to the author telling
them that you suspect a virus.
- Never open an executable program attachment:
.EXE
.COM .VBS .LNK .PIF
.SCR .BAT
For Virus Alerts and
Internet Hoax Alerts from
various anti-virus companies see:
Summary:
Never save or run executable
attachments from email messages to your computer. Executable
attachments generally end with:
.EXE
.COM .VBS .LNK .PIF
.SCR .BAT
and are executable on Windows computers.
Any program that is executed on a Mac or
PC can potentially be destructive-- especially if it is shareware and
transmitted via the Internet.
Sometimes even trusted sources are victims of virus
attacks and unwittingly send them to others-- so it is important to never to
run a program that has been sent via email (unless you are 100% sure of
the outcome).
Most email viruses are dependent upon a user to bring it
to life and initiate its destructive process. Turn off auto-run features
in MS Outlook.
With a little bit of common sense and self-restraint, we
can make it through these attacks unscathed. Thank you and happy computing!!!
:-)
Created and maintained by
Purdue College of Education Information Technology Office
http://www.education.purdue.edu/edit
|
Robert Evans
Director, Office of IT
Managing Director, TRC
bob@purdue.edu
(765) 496-1819
Mike Eldridge
Coordinator of Distance
Education and User Services
eldridge@purdue.edu
(765) 49-40944
Christian Mattix
Database System Administrator
and e-Portfolio Coordinator
cmattix@purdue.edu
(765) 494-3416
Wesley Shoop
Site Specialist, User Services
shoopw@purdue.edu
(765) 49-42658
Alex Noguera
Site Specialist, User Services
anoguera@purdue.edu
(765) 49-42659
Teja Josyula
Webmaster,
edit@purdue.edu
(765) 49-67323
Brenda Hash
Clerk,
Technology Resources Center
trc@purdue.edu
(765) 49-45677
Karen Hearn
Clerk,
Technology Resources Center
trc@purdue.edu
(765) 49-45677
Yue Pan
Graduate Programmer,
Administrative Databases
ypan@purdue.edu
(765) 49-42658
IEducation IT Voice:
(765) 49-42658
TRC Voice:
(765) 49-45677
TRC Web Site:
 |
