ProIncLink
Email Virus Prevention

Home
Related Links
Email Virus Prevention
Hoaxes-FBI Response
Email Hoaxes-FBI Response
Emergency Information
Addtional Services

How To Prevent the Spread of Email Viruses


To all: (*** PLEASE DO NOT FORWARD THIS EMAIL TO ANYONE. PERIOD. SEE THE EXPLANATION BELOW ***)

Note: I apologize in advance for what may seem to be a strident tone to this e-mail. It is just that I'm quite annoyed with the virus that is floating around and sending messages that *appear* to be from me or from others (when they are not). I don't recall sending out any e-mails with attachments (for probably the past year, at least). So, If you get an e-mail that *appears* to be from me, and it has an attachment it is NOT actually "from" me. See below for the reasons.

As some of you were just told in an e-mail to you, there IS a virus still floating around out there. It is known as "klez". This one is perhaps the most devious one that I know.

Executive Summary: Attachments are generally "EVIL" do not send or receive them. Period. Forwarding messages via the "Forward" option may be easy, but is not very nice to anyone whose name is anywhere in the e-mail. I understand that you probably didn't realize this, but now you do. Read on for more information.

Here is some pertinent info regarding the virus called "klez" that is floating around these days. (Some information was retrieved from www.symantec.com, the makers of the Norton Anti-Virus software.)

1. It automatically generates e-mails from the computer with the virus. The e-mails have an attachment that when clicked, will immediately infect the computer reading the e-mail.
2. The e-mails are addressed in such a way as to appear to the recipient like they are coming from someone else (that is, they don't look like they are coming from the person with the virus). This was obviously done to make it more difficult to point out the person who has the virus and who is unknowingly sending out more copies of the virus as attachments. The virus-laden e-mails *appear* to be coming from someone you probably know and trust, increasing the likelihood that you will open up the attachment and get infected yourself.
3. The virus has several assorted e-mail messages (maybe between 5 and 10) that it sends out. Some of them have just a title and the virus attachment, some have a title, a bogus message, and the virus attachment. One of the virus-laden messages I read actually correctly identified the virus type that was being sent, and then went on to say that it's attachment was a program to *remove* the virus. It actually is an attachment that INSTALLS the virus. VERY DEVIOUS. DON'T FALL FOR THIS! It actually said that it needed to simulate a virus attack to make your computer resistant to the virus (I guess that it wanted me to think that it was something like the "chickenpox/smallpox" effect - give the patient a small dose of something bad (like chickenpox) to cause the body (or computer in this case) to generate a resistance to the large dose (like smallpox)). This is absolutely not how to battle computer viruses. It gave this explanation as a pretext for telling me to simply ignore any warning messages from my any anti-virus software. That would obviously be very dumb.
4. The virus gets the addresses to send "to" from the computer with the virus (the "host" computer). The Symantec website seems to think that the virus gets the destination addresses from the "host's" address book. I personally am not totally convinced of this. I think that the virus may get the list of addresses to send "to" from e-mails that were received or sent by the "host" computer after it has been infected. As mentioned in point #2 above, the virus "fakes" the source (i.e. "from") address for the virus-infected e-mails it sends out. I believe that it gets the list of fake "from" addresses by the same method as it gets the "to" addresses. For example, suppose user "A" gets the virus by opening up an attachment with the virus. User "A" is not yet aware that he has a virus (due to outdated/non-existent virus scan software). Subsequently, user "A" sends out an e-mail to users "B", "C", "D", and "E". Now the virus starts sending out e-mails with virus attachments. It may send an e-mail to user "D". When user "D" looks at the e-mail it may look like it's from user "B" (when it's actually from user "A"). If user "D" figures out it is a virus, he will probably yell at user "B" (who never sent the message). User "A" still does not know he has the virus. His computer may send out another virus email to user "C". When user "C" looks at the message, it may look like it is from user "E". Since user "A" obviously knows both users "C" and "E" personally, it is likely that user "C" also knows user "E" as well. User "C" says to himself "Well I know "E", he wouldn't send me anything bad. I'll go ahead and open it". Now user "C" has the virus. Now his computer will start sending out the virus, just like user "A"s computer. Meanwhile, user "A" (and now user "C") is still oblivious to the mayhem his computer is causing. If users "A" or "C" ever figure out that they have the virus, they probably won't be able to figure out where they got it or who they sent it to.

What to do:
1. Personally, I do not open up any e-mail attachments from ANYONE (unless I know for a fact (via a prior telephone call - only) that the person intends to send me the file (and there has to be a REALLY GOOD reason why they couldn't simply cut-and-paste the contents of the attachment into the body of the e-mail message as plain text). I must know FOR AN ABSOLUTE FACT, that the person sending the attachment PERSONALLY WROTE the attachment himself/herself. (Basically, I do not accept attachments).
2. Never forward e-mail with attachments. JUST DON'T DO IT. PERIOD.
3. NEVER, EVER trust anything FROM ANYONE that alerts you to the presence of a virus and then gives you software (or even a website) as a solution. The attachment (or website) will most likely INSTALL the virus, and not remove it. As I pointed out above, I got one of these messages (with a virus attachment, not a "virus remover").
4. If you want to check for the presence of a virus or remove one, the ONLY INTELLIGENT way (that I know) is to get the proper software (or update file) from the vendor DIRECTLY. DO NOT RELY ON AN ADDRESS FROM AN EMAIL. DO YOUR OWN HOMEWORK AND GET THE ADDRESS YOURSELF. For the virus that is floating around now (the "klez" virus), I went directly to my vendor's website and downloaded a file that checked out my computer. I followed the directions on the website EXACTLY. If you want a website, look at the box that contains your virus scan software (for example, Norton Anti-Virus, McAfee Virus Scan, etc.) and get the official website from the box and get your updates from that website yourself. Most virus scan software has an automatic update feature built in which will automatically go to the official website and install the latest update to the virus scan software, so that it fully aware of the latest viruses that are out there. Frequently, there is a time limit to the free updates that you receive from the vendor. You may only get free upgrades for a year, and then you will need to pay. I get the updates at least once a month, just to keep current.
5. If at all possible, DO NOT GIVE OUT YOUR WORK E-MAIL ADDRESS TO ANYONE EXCEPT WORK-RELATED PEOPLE - USE YOUR PERSONAL ADDRESS FOR FRIENDS. The reason for this is that viruses like the one going around now "fake" the "from" address. If anyone you know has the virus and also sends you e-mails at work, you are "in the loop" as soon as your friend sends you a message. Now, your friend will unknowingly be sending out virus-laden emails that *appear* to be coming from you. JUST IMAGINE HOW PROFESSIONALLY EMBARRASSING it would be if you (or your boss) got an irate call from someone who said that you sent them a virus (even though the "from" address (yours) was a fake, and the e-mail didn't actually come from you). NOT A CAREER-ENHANCING EVENT, to say the least. If your only e-mail address is a work address, you should probably get a free hotmail address for personal use (see www.hotmail.com). If you can access the Internet from work, you can get at your hotmail account by going to www.hotmail.com.
6: America Online (AOL) users: You can use the "parental controls" feature to block your address from sending or receiving e-mails with attachments. This is probably a very good idea (at least until the virus is gone - which may be "never"). You can always turn off this blocking temporarily (if you absolutely must get an attachment). I believe that this will reject the entire e-mail, not just the attachment. I also believe that the sender will get an immediate message (if he is an AOL user) that tells him that the address will not accept e-mails with attachments. I assume that non-AOL senders will probably get a return e-mail from AOL that states the same thing, although I have not verified this. I have the AOL version 6.0 software. Here are the instructions for making this change for version 6.0. Other versions are probably similar.
a: Sign on to your main screen name (the one you originally set up).
b: From the "help" menu (at the top of the AOL window) click "Parental Controls".
c: A form will pop up. Click on the "Set Parental Controls" option.
d: Another form will pop up. Near the bottom of the form, you will see something that says "E-mail control" with a little square to the left. Click on the little square.
e. Another form will pop up. Near the top it says "Set Mail Controls For:". There is a box below that which can be changed to all of your screen names. This process should probably be repeated for each of your screen names.
f: The third line below the screen name box says "Customize Mail Controls for this Screen Name", and has a selection circle to the left. Click in the circle and then click on the words to the left that say "Pictures and Files".
g: The contents of the form will change. Click in the selection circle to the left of the line that says "Block this screen name from sending and receiving mail with pictures and files".
h: Click on the "Summary" button at the bottom of the form.
i: The contents of the form will again change. Click the "Save" button at the bottom of the form.
j: If you have updated all of your screen names, click the "Close" button. If not, click the "Return to Mail Controls" button, and then start at step "e" above.
k: Close the various forms that were opened up. You are now done.
7: Do NOT give out your e-mail address to any website UNLESS YOU ABSOLUTELY MUST. Do NOT EVER use your own AOL screen name in any chat room. There are always "lurkers" (those who don't participate in discussions, but just observe the conversations). These "lurkers" may "harvest" the screen names and then use (or sell) the names for all sorts of uses you may not have intended. Whenever you expose your email address to anyone you don't personally know and trust, you risk (at least) getting on all sorts of e-mail broadcast lists for all sorts of unwanted (or obscene) sources. You can always get a free hotmail account if you need to give a real e-mail address to some website. This way, if the website sells your e-mail address (even if they promise not to), and you get all sorts of e-mail you don't want, at least it isn't "polluting" your main e-mail address with unwanted mail. It is just polluting your "junk" e-mail address. If your "junk" e-mail address is getting too popular with the "junk" mailers, you can always delete it and get another one.
8: If you feel that you *must" forward an e-mail (even though it has no attachment), do everyone the following courtesy:
a: Do NOT use the "Forward" button on your e-mail program.
b: Cut-and-paste the message into a new e-mail. Do NOT include the "gobbledygook" at the end (and possibly the beginning) of the message. This has the advantage of making the e-mail more printer-friendly for the recipient(s) and you are also not broadcasting the e-mail addresses (found in the "gobbledygook") of all the people who have received the message in the past. Unscrupulous people have been known to "harvest" e-mail addresses from "chain-mail" e-mails. I have even heard of programs that do this automatically. Remember, you have control of who you send a message to, but you do NOT have control of how a message gets forwarded after that (and remember, it has YOUR email address in the "gobbledygook").
c: Use the Blind Carbon Copy (BCC) option of your e-mail program. For AOL users, this means you use the "Copy To" box (and not the "Send To" box) for your addresses. Furthermore, you will need to put a left parenthesis, that is, "(", before the first name in the list and a right parenthesis, that is, ")", after the last name. This way, the recipient list is unavailable to each recipient (and therefore unavailable to anyone who they forward the message to). AOL will force you put something in the "Send To" box. To avoid exposing even one address, you can just put in a left parenthesis followed by a right parenthesis, that is, "( )". The message will show up on most e-mail readers as going to "Undisclosed Recipients". If you believe that your recipients ABSOLUTELY must know who you sent the message to, you can cut and paste the list into the body of the e-mail, along with a stern warning to not forward the message on but just cut-and-paste the message if necessary (without the recipient list). Tell them also to use their BCC option even when forwarding via cut-and-paste. Remember, under NO CIRCUMSTANCES should you include BOTH the Name and the e-mail address in any list. Non-AOL users will need to consult the "Help" screens for help on the BCC option. Try doing a search for "BCC".
9: Make sure that your anti-virus software is always running and is up-to-date. You should probably look through it's list of fixable viruses (see it's documentation for help with this) to make sure that the "klez" virus is on the list. It probably is some much longer name in the list, but it will contain the word "klez".

*** THE REASON I DO NOT WANT THIS MESSAGE FORWARDED (AT LEAST VIA THE "FORWARD" OPTION IN YOUR E-MAIL PROGRAM IS:
* As long as that virus is out there, I don't want my e-mail address ever to go to anyone with the virus. If you have read this email in it's entirety, you will know why. My e-mail address has been sent at least once to a person who has the virus. This guarantees that you (or others) will have gotten (or will get) emails with virus attachments that *appear* to be sent from me. Since you (the recipient of this message) do not know who has the virus, I would ask that you do me the courtesy of not forwarding this (via the "Forward" option). If you want to send this message on to others, PLEASE follow the suggestions I have given above (make a new message, cut-and-paste the contents, and use the BCC option for all recipients).

Enter supporting content here