|
|
 |
|
Issue
39 - March 2004
|
How
Can We Stop E-mail Viruses?
By
Henry Wong
|
|
|
In
the early days, as long as computer viruses were transferred
by floppy disks, they spread slowly. However, e-mail has changed
all that. Now you can exchange files much more quickly and
infecting your PC is as easy as clicking on an icon - or easier.
E-mail has become the biggest source of viruses. It is because
nowadays many viruses can spread themselves automatically
by sending virus-contained e-mail to every address in the
address book on the infected computer. Latest viruses even
pick up e-mail addresses from the victim's hard disk and insert
them in the sender field of the infected e-mail, and it is
therefore difficult to trace the origin of the sender.
Although
computer viruses spread everywhere, we could minimize the
chance of being infected by taking sufficient preventive measures.
The following provides some guidelines on preventing your
computers from being infected by viruses spreading through
e-mail:
-
Install
Anti-virus software
-
Always
run updated anti-virus software to protect all
your computers (including your office, home, and mobile
computers).
- Enable
the "scan email" or "internet download
scan" function.
- The anti-virus
software must be updated regularly to ensure that it can detect
all the viruses.
- If a
file is found to contain virus, you should delete it immediately.
- Apply
updates/patches on your Windows O/S and Internet software
-
You
should perform Windows Update as frequently as possible
in order to obtain and install the latest security patches
from Microsoft. You may need to restart your
computer to make the updates effective.
-
Make
sure that you are using the most up-to-date Internet
software (e.g. Internet Explorer, e-mail clients). More
recent versions of the software often offer enhanced
security protection.
-
- Be careful
on e-mail attachments
-
Never
open any attachment (even if it comes from a trustworthy
source) included with e-mail unless it had gone through
an anti-virus tool scan first.
-
Never
open e-mail attachments from unknown sources even though
the attachments have been scanned by the anti-virus
software. It is because the anti-virus software is most
effective on known virus and less and even ineffective
on unknown ones.
-
Take
care of attached office documents (e.g. files of MS
Word, MS Excel) that contain macros. Disable macro execution
in your MS Office software by default.
- Disable
scripts (e.g. JavaScript and ActiveX) on your e-mail clients
Nowadays many computer viruses come with e-mail containing scripts
(computer program codes) which, if activated, will infect your
machine as well as using your address book to propagate the virus
itself. In order to prevent your computer from getting infected
by computer virus via e-mail, you should tighten the security
configuration of your e-mail software (e.g. Outlook Express) to
prohibit scripts from running within e-mail.
- For example:
- Do not
send e-mail with scripts (e.g. ActiveX)
-
Think twice before following the instructions of a suspicious
e-mail
Sometimes you may receive an e-mail saying that:
"...
your machine has been infected ... you must delete file
xxx from your hard disk"
"... Your e-mail account has been temporarily disabled
because of unauthorized access. Our main mailing server
will be temporarily unavailable for next two days, to continue
receiving mail in these days you have to configure our free
auto-forwarding service ...
For more information see the attached file.
For security reasons the attached file is password protected.
The
password is ..."
Please
think before following any actions recommended by the e-mail.
For example you can:
-
Check
if the e-mail is a "hoax" (a Virus Hoax is an
untrue virus-related warning/alert started by malicious
individuals.) or "virus" against the virus lists
published at http://www.hkcert.org/valert/
-
Double
check with the claimed-sender. For example, if it said
it is from Microsoft, you should check with www.microsoft.com
-
-
Do
not panic when received a message claiming that you have sent
a virus-infected e-mail
You may have
experience in receiving an undeliverable e-mail notification or
virus alert message from an e-mail server (e.g. Mailer-Daemon)
saying that your e-mail sent to someone was rejected because it
contains a virus or an unsafe file. However, you
have never sent such an e-mail!
This kind
of e-mail is in fact related to the spreading of the massing-mailing
viruses/worms. The virus-infected e-mail was actually sent
by the virus itself from an infected computer automatically,
and the sender address was faked by the virus. If your e-mail
address was found in the infected computer, it could be picked
up by the virus to fake the sender address. As a standard
procedure, when a mail server detects an e-mail with a virus or
unsafe file, it will reject the mail and send an undeliverable
notification to the "sender", which could be your e-mail
address. That is why you received an undeliverable notification
for an email that you have never sent
When you receive
such an e-mail undeliverable notification or virus alert, you
can:
-
If you are sure that your computer has not
been infected by any virus, you may simply discard the
message.
-
If
the notification e-mail shows the full mail header of
the virus-infected e-mail, you can trace the mail header
to find out the source machine of the concerned e-mail.
Please visit the E-mail FAQ page at http://email.cityu.edu.hk/faq/undeliverable.htm
for more detailed information.
Finally, if
you are unsure, your can always seek advice from the CSC Help Desk.
|
|
|
|
|
|
|
|
|
|
|
[login required]