Brian's Waste of Time

Tue, 27 Jan 2004

Things To Know About Email Viruses

(provided so that I can email this link to people -- feel free to do the same)

Information for Users

Email viruses spread via email. They contain their own email server (this is actually very easy to do) and use this to send out copies of themselves. The email is sent directly from the infected computer to the mail server of the recipient -- it does not go through your company's, or ISP's, mail server like the email you normally send. It does not use the same application you use (Outlook, Outlook Express, Lotus Notes, Hotmail, Yahoo Mail, etc) to send the emails.

When a computer is infected the virus looks at all of the emails in the address book and received email on the infected computer. It then picks email addresses from the address book and received emails to send a copies of itself to. The tricky part is that it also picks email addesses form these to list as the "from" address for the messages it is sending.

This means that an infected computer will send out emails that appear to be from virtually anyone the owner of the machine has ever received an email from, or sent an email to.

If you receive a message saying that an email you sent could not be delivered, or was blocked, because it contained a virus chances are that you didn't send the email. Someone you have communicated with in the past has been infected -- not you.

This does not let you off the hook completely. You have a responsibility to avoid getting your computer infected:

  1. The first line of defense is to install a good virus scanner. I like Kaspersky but pretty much all of them work great.
  2. The second part is to keep the virus definitions updated. Having a scanner installed which came with the computer two years ago but has never had the virus definitions updated is almost as bad as not having a scanner. Just double click on the anti-virus icon at the bottom right of your screen and look for the option to get new virus definitions.
  3. Do not open attachements that seem odd. If you were not expecting it, don't open it. If the rest of the email is garbled, or doesn't read like a normal message from the sender, don't open it. If in doubt, email the sender back and ask about it.

Information for Systems People

Please block outbound SMTP (tcp port 25) connections at the firewall from any machines other than your mail servers.

Please filter outbound email for viruses as well as inbound email.

1 writebacks [/tech] permanent link