Contact Us Ambrose A-Z St. Ambrose Homepage Search Our Site menu bar

Bishop LogoInformation Technology
 

 

  


Email Virus Q & A

 

Why does the email I am getting to help support the Tsunami include an attachment?
The latest email virus claims to help Tsunami victims so beware.
The worm appears with the subject line: "Tsunami donation! Please help!" and invites recipients to open an attachment called "tsunami.exe" -- which, if opened, will forward the virus to other Internet users.
 St. Ambrose University has virus software implemented in order to protect users from opening such executable files from Outlook.

Link to article.

What are these emails I am getting that seem to be coming from SAU via; management, administration, staff, noreply, or support?
        These are actually emails from the virus W32.Beagle.J@mm.  You may also see in the contents of the message that the file is password protected but the email does not contain any attachments.  This is because Symantec Norton Anti-virus removes the attachment from the virus and deletes the message. 

Example of spoofed Beagle email.

Why am I getting an email from IT support staff that says: "Please follow the instructions in the attached file in order to keep your computer safe. "
         This is because someone has an infected computer that has your email address in their address book.  You do not have to worry about infection because IT runs continous Norton protection.  Just trash the email.

Example of Latest Email Spoof Email MyDoom.  More information.

Why do I get an email bounced back to me indicating that I have sent an email, even though I have not sent any emails to that person? 
       This happens normally because a virus was in one of your email attachments that you opened.  When an attachment that contains a virus is usually opened it goes through your Address Book and sends an email with an attachment to someone in your Address Book, without your knowledge. 
       The virus usually makes a claim on all the addresses in the Address Book of the computer it invades, it then replicates itself in messages to all the addresses it has claimed from the address book.

Why am I getting emails bounced back to me from people I did not send email to?
       If you did not send any emails and you received a bounced back email, what you are seeing is the result of Sobig or similar viruses. These viruses may be infecting the pc's of your friends or people you know, and these people happen to have your email address in their address book. What this virus does on their machine, is that it tries to spread itself by sending itself to many other users using their address book.  It also forges a "From:" address using a random address from the infected system's address book (which may be your email address!). So others get email sent to them with your name on it (but you did not send it, your "friends" infected system sent the mail out). So that is why other systems then reject the mail and bounce it back to you with the above messages. That is what you are seeing.

How can I safe guard myself from these email viruses?
        DO NOT OPEN an e-mail attachment unless you know who sent it. Even then, it's not totally safe, as a sneaky virus that has infected a friend's computer can access the e-mail address book, send a message to everyone, and attach itself. To be completely safe, scan the attachment with your anti-virus software BEFORE you open it.
        If you receive a suspicious message, delete it immediately from your Inbox. When you delete a message, however, it's still on your system. Go into the Deleted Mail folder and delete the message again to permanently remove it.

Do I manually have to scan or remove viruses from my work computer?
       Actually, here at Ambrose we run Norton Anti-virus which runs actively so it catches the virus before it ever gets to your machine.  You will get an email stating that Norton has cleaned/removed a virus from a message. 

Why do I get the "new mail" notification and nothing is showing up in my inbox?
        At Ambrose we also implemented a spam filter.  When a message comes into Ambrose it scans the message subject for specific key words or phrases.  If one of the key words or phrases trigger the spam filter it removes the message from your inbox before you can even see the spam, this is why you hear the "new mail" notification sound.
        This same procedure happens when you get a message attached with a virus.

Here are links to the latest Email Worms that are doing just as described above:

W32.Netsky.Z@mm
W32.Beagle.AG@mm
W32.MyDoom.Q@mm
 

 

 
St. Ambrose University 518 West Locust Street, Davenport, IA 52803
563/333-6000 or 800/383-2627
Published by: Information Technology, Copyright, All rights reserved.