|
Email Virus Safety Precautions
Taboo File Extensions
|
Q: Why do I keep getting returned email messages and complaints from people that I am sending infected email messages that I did not send???
A: The most common email viruses, and variants, use random email addresses from an infected computer's address book in the FROM and TO fields of messages the virus sends. Most likely the virus on someone else's computer has found your email address in an address book and used it in the FROM field as the virus replicates itself via email. The messages look like they came from you, but they did not. This is called email spoofing. The insecure nature of email easily enables anyone to assume anyone else's email identity. Not to worry, however. If your Purdue anti-virus software has not complained about a virus on your computer, and you have not opened an email attachment, chances are good that your computer is not infected and you can tell people "it wasn't me who sent you that email message, it was someone pretending to be me in a parallel universe". Or something like that.
An overview of email spoofing from CERT:
http://www.cert.org/tech_tips/email_spoofing.htmlNews articles explaining more about email spoofing:
http://reviews.cnet.com/4520-3513_7-5128949-1.html
http://antivirus.about.com/library/weekly/aa042502a.htm
ABOUT EMAIL VIRUSES
Email viruses, worms, and trojan horses are continuing to spread throughout the Internet via email attachments. Additionally, a host of Internet Hoaxes are wastefully spreading through email consuming network and server resources. Email viruses range from being annoyances to being very destructive (wiping out all files on a hard drive). There are precautions that can be taken to minimize your chances of falling victim to these malicious programs. In most cases, for these programs to activate, a user must save the program to a local hard drive and deliberately execute it by clicking the program file or clicking "Open" on a dialog box. Thus many email viruses are entirely dependent upon a user to bring it to life and initiate its destructive process. There are, however, some viruses that attempt to launch themselves without first asking the user using JavaScript , which may be built into an email program. You should turn JavaScript features off in your email client. Below are some ideas for getting out of harms way.
Anti-Virus Software
Purdue faculty, staff, and students can obtain anti-virus software at no cost for home at the following web site,
Secure Purdue Web Site
http://www.purdue.edu/securepurdue
If you need anti-virus software installed on an Education / Purdue-owned computer, please contact Education IT at,
Education IT Web Site
http://edit.education.purdue.edu
Taboo Executable File Extensions
One of the best ways to protect yourself from the majority of email viruses is to never send, click, open, save, or run EXECUTABLE FILES from email messages or web sites.
Executable files are simply computer programs. When you run a computer program, it can potentially do ANYTHING to your computer and data. Never run a program without first verifying that it is safe (feel free to ask your IT team for help). Remember... if in doubt, don't!
Below is a list of Taboo File Extensions. NEVER click / run / open any file that ends with one of these from within an email message or web site:
NEVER CLICK:
.EXE .COM .VBS .LNK
.PIF .SCR .BAT .REG
(Tip: Print the list above and tape it to your monitor.)
Examples:
e-card.exe
http://website.web/e-card.exe
click-me.exe
i-love-you.jpg.pif
tenure-memo.doc.scr
new-dean-announced.bat
my-homework.vbs
antivirus.exe
elvis-found-alive.comIf you receive an email with a file or link to a file that ends with a taboo file extension, PLEASE DELETE the message without opening the file. You should never need to receive an executable file via email.
Legitimate executable files (i.e. programs such as Microsoft Word) are distributed by your IT team and come from well known software manufacturers on CDROM or other media. Contact your IT team for help with installing any new programs on your Purdue computer. Beware of greeting cards!!! Please do not send/receive greeting cards using Purdue computer equipment. Viruses and malicious programs often masquerade as greeting cards and in many cases it is impossible to tell the difference between malicious and legitimate electronic greeting cards... especially if you are handling any student data for the University.
Unwitting betrayal
Be aware that even trusted friends and associates may fall victim to worms and viruses and send them to you unawares!!! The best policy is never to send or receive executable attachments by email (including greeting cards). And be VERY careful about opening any attachment at all or clicking a link, even if it originates from your dear mother or best friend! Please do not send or receive electronic greeting cards using Purdue computers... especially if you are handling any student data for the University.
How to safely distribute documents
If you need to distribute documents (i.e. .doc, .pdf, .ppt, etc.), the best practice is to use a web server to distribute files. Place the document on a web server and send the URL (the web address) via email. This will indicate to the user that:
(a) you consciously meant to distribute the file
(b) you yourself have found it to be harmless
(c) the file cannot be tampered with while in transit because the original document resides on your web server
(d) it actually comes from you because it is on the official web server used by your department
If you must send an email attachment
If you must send or receive documents via email, please carefully ensure that all of the following are true:
- Know what you are distributing before you distribute it via email. Make sure it is virus/spyware free (don't inadvertently victimize others for the sake of a funny program or document, and don't desensitize your friends from being cautious by sending frivolous executable attachments).
- Place a full description of the document you are sending in the body of the message, including a description of the content, file type, file size, and repeat of the file name. Don't just attach a document and hit send without typing anything!
- If you are receiving an attachment, know who the e-mail attachment is from before you click, save, or run it. Maybe send the person email verifying that they meant to send it, before opening that attachment.
- If you are receiving an attachment, be sure that you were expecting the attachment from a known and trusted user. Contact your friend before opening the attachment and ask, "Did you really mean to send this to me?"
- Have current anti-virus software installed on your computer (contact Education IT for an update, http://edit.education.purdue.edu/).
- Have vital documents on your computer backed up. We have encountered email borne programs that wiped every file off of a users computer. If you are not backing up, get a Zip/CD-RW drive and make regular backups of your data files (not your program files which are already backed up on original manufacturer installation disks).
- If you have any doubt about an attachment you have received, PLEASE delete the email message/attachment and send email to the author telling them that you suspect a virus.
- Never open an executable program attachment:
.EXE .COM .VBS .LNK .PIF .SCR .BAT
For Virus Alerts and Internet Hoax Alerts
from
various anti-virus companies see:
- Hoax
- Virus
Summary:
Never save or run executable attachments from email messages to your computer. Executable attachments generally end with:
.EXE .COM .VBS .LNK .PIF .SCR .BAT
and are executable on Windows computers.
Any program that is executed on a Mac or PC can potentially be destructive-- especially if it is shareware and transmitted via the Internet.
Sometimes even trusted sources are victims of virus attacks and unwittingly send them to others-- so it is important to never to run a program that has been sent via email (unless you are 100% sure of the outcome).
Most email viruses are dependent upon a user to bring it to life and initiate its destructive process. Turn off auto-run features in MS Outlook.
With a little bit of common sense and self-restraint, we can make it through these attacks unscathed. Thank you and happy computing!!! :-)
Created and maintained by
Purdue College of Education Information Technology Office
http://edit.education.purdue.edu