ABOUT Email Spoofing Viruses
Q: Why do I keep getting returned email messages and complaints from
people that I am sending infected email messages that I did not send???
A: The most common email viruses, and variants, use random email addresses
from an infected computer's address book in the FROM and TO fields of messages the
virus sends. Most likely the virus on someone else's computer has found your
email address in an address book and used it in the FROM field as the virus replicates
itself via email. The messages look like they came from you, but they did
not. This is called email spoofing. The insecure nature of email easily
enables anyone to assume anyone else's email identity. Not to worry, however.
If your Purdue anti-virus software has not complained about a virus on your computer,
and you have not opened an email attachment, chances are good that your computer
is not infected and you can tell people "it wasn't me who sent you that email
message, it was someone pretending to be me in a parallel universe".
Or something like that.
An overview of email spoofing from CERT:
News articles explaining more about email spoofing:
ABOUT EMAIL VIRUSES
Email viruses, worms, and trojan horses are continuing to spread throughout the
Internet via email attachments. Additionally, a host of Internet Hoaxes are
wastefully spreading through email consuming network and server resources. Email
viruses range from being annoyances to being very destructive (wiping out all files
on a hard drive). There are precautions that can be taken to minimize your
chances of falling victim to these malicious programs. In most cases, for
these programs to activate, a user must save the program to a local hard drive and
deliberately execute it by clicking the program file or clicking "Open"
on a dialog box. Thus many email viruses are entirely dependent upon a user
to bring it to life and initiate its destructive process. There are, however,
some viruses that attempt to launch themselves without first asking the user
out of harms way.
Purdue faculty, staff, and students can obtain anti-virus software at no cost for
home at the following web site,
Secure Purdue Web Site
If you need anti-virus software installed on an Education / Purdue-owned computer,
please contact Education IT at,
Education IT Web Site
Taboo Executable File Extensions
One of the best ways to protect yourself from the majority of email viruses is to
never send, click, open, save, or run EXECUTABLE FILES from email messages or web
Executable files are simply computer programs. When you run a computer program,
it can potentially do ANYTHING to your computer and data. Never run a program
without first verifying that it is safe (feel free to ask your IT team for help).
Remember... if in doubt, don't!
Below is a list of Taboo File Extensions.
NEVER click / run / open any file that ends with one of
these from within an email message or web site:
.EXE .COM .VBS .LNK
.PIF .SCR .BAT .REG
(Tip: Print the list above and tape it to your monitor.)
If you receive an email with a file or link to a file
that ends with a taboo file extension, PLEASE DELETE the message without
opening the file. You should never need to receive an executable file via
Legitimate executable files (i.e. programs such as Microsoft Word) are distributed
by your IT team and come from well known software manufacturers on CDROM or other
media. Contact your IT team for help with installing any new programs on your
Purdue computer. Beware of greeting cards!!! Please do not send/receive
greeting cards using Purdue computer equipment. Viruses and malicious programs
often masquerade as greeting cards and in many cases it is impossible to tell the
difference between malicious and legitimate electronic greeting cards... especially
if you are handling any student data for the University.
Be aware that even trusted friends and associates may fall victim to worms
and viruses and send them to you unawares!!! The best policy is never to send
or receive executable attachments by email (including greeting cards).
And be VERY careful about opening any attachment at all or clicking a link, even
if it originates from your dear mother or best friend! Please do not send
or receive electronic greeting cards using Purdue computers... especially if you
are handling any student data for the University.
How to safely distribute documents
If you need to distribute documents (i.e. .doc, .pdf, .ppt, etc.), the best practice
is to use a web server to distribute files. Place
the document on a web server and send the URL (the web address) via email.
This will indicate to the user that:
(a) you consciously meant to distribute the file
(b) you yourself have found it to be harmless
(c) the file cannot be tampered with while in transit because the original document
resides on your web server
(d) it actually comes from you because it is on the official web server used by
If you must send an email attachment
If you must send or receive documents via email, please carefully ensure
that all of the following are true:
- Know what you are distributing before you distribute it via email.
Make sure it is virus/spyware free (don't inadvertently victimize others for the
sake of a funny program or document, and don't desensitize your friends from being
cautious by sending frivolous executable attachments).
- Place a full description of the document you are sending in the body of the message,
including a description of the content, file type, file size, and repeat of the
file name. Don't just attach a document and hit send without typing anything!
- If you are receiving an attachment, know who the e-mail attachment is from before
you click, save, or run it. Maybe send the person email verifying that they
meant to send it, before opening that attachment.
- If you are receiving an attachment, be sure that you were expecting the attachment
from a known and trusted user. Contact your friend before opening the
attachment and ask, "Did you really mean to send this to me?"
- Have current anti-virus software installed on your computer (contact Education
IT for an update, http://edit.education.purdue.edu/).
- Have vital documents on your computer backed up. We have encountered
email borne programs that wiped every file off of a users computer. If you
are not backing up, get a Zip/CD-RW drive and make regular backups of your data files
(not your program files which are already backed up on original manufacturer installation
- If you have any doubt about
an attachment you have received, PLEASE delete
the email message/attachment and send email to the author telling them that you
suspect a virus.
- Never open an executable program attachment:
.EXE .COM .VBS .LNK
.PIF .SCR .BAT
For Virus Alerts and Internet Hoax Alerts
various anti-virus companies see:
Never save or run executable attachments from email messages to your computer.
Executable attachments generally end with:
.EXE .COM .VBS
.LNK .PIF .SCR .BAT
and are executable on Windows computers.
Any program that is executed on a Mac or PC can potentially be destructive--
especially if it is shareware and transmitted via the Internet.
Sometimes even trusted sources are victims of virus attacks and unwittingly send
them to others-- so it is important to never to run a program that has been sent
via email (unless you are 100% sure of the outcome).
Most email viruses are dependent upon a user to bring it to life and initiate its
destructive process. Turn off auto-run features in MS Outlook.
With a little bit of common sense and self-restraint, we can make it through these
attacks unscathed. Thank you and happy computing!!! :-)
Created and maintained by
Purdue College of Education Information Technology Office