Rotary District 9750 - Virus & Scam

Rotary District 9750 - Virus & Scam Guide
Page Updated: 23 Apr 2007 [Print This Page]

Including:

Latest alerts and hoaxes lists, from Sophos
Scams via e-mail and postal mail
Spoofing addresses did you really send those e-mails?
Spyware / Adware / Hijack your browser
Guides to avoiding or removing viruses
especially the importance of up-to-date anti-virus software, a firewall, and back-up
Stop the spread of hoaxes, don't be suckered

E-mail (and even normal mail) scams:

Money/Lottery scams: Rotary (and Apex, Lions and similar) circles have been particularly affected by this as the scamsters seem to harvest service club member's addresses, thinking they might be more disposed to provide assistance.
The usual scam is a request for assistance getting some fantastic sum of money out of Africa/Russia for some extraordinary reason, or a big win in a Spanish, Canadian, or similar, lottery - one that you did not know about (nor remember buying a ticket in). These are known to the authorities, but there is not much that can be done as the story, country and source of the message constantly change.
What should you do? Simply delete such messages, do NOT reply.

Bank scams: There are also scam messages appearing to come from a bank, asking you to visit their site and update your account information, "for your own security". Most banks, PayPal and eBay have been targeted so far. If this appears to apply to you, ring the bank to check, and NOT on the numbers in the e-mail. Despite appearances, the linked site generally has nothing to do with the bank and is purely set up to hijack your account, PIN/password and personal information.
What should you do? Simply delete such messages, do NOT reply.

Donation scams: These appear to come from a reputable company or charity, asking you to visit their site and donate for some emergency (eg donation for the Red Cross for victims of Hurricane Katrina in the USA via Yahoo.com). The look and feel of the message and the site is realistic, but the site is bogus.
What should you do? Simply delete such messages, do NOT reply.

ISP scams: These appear to come from your ISP, saying that your account has been the source of a lot of spam e-mails, and your account will be cancelled unless you enter some confirmation data. If concerned, contact them via their web site, do not use any links or addresses in this message. Often also associated with an attempt to send you a virus, eg see "Mimail" below.
What should you do? Simply delete such messages, do NOT reply.

Security scams: These appear to come from some security agency, saying that your privacy and reputation have been compromised, and asking you to enter information to help rectify this. Often also associated with an attempt to send you a virus, see below.
What should you do? Simply delete such messages, do NOT reply.

Note: The fake web site URLs that may be included in such messages look genuine because they start with the sort of address you expect, but then have a few dozen blanks embedded before the real domain appears, so you won't see that unless you are very careful and savvy.

The NSW Dept of Fair Trading has a useful Scams web site.
It covers many computer and normal life situations, and is well worth looking at.

SPOOFING the sending address:
You may get e-mails back from mail systems saying that e-mails that "you" sent could not be delivered, for various reasons, but usually because the target address does not exist. Have you got a virus infection that is sending out these e-mails without your knowledge?

It is possible, but provided that your anti-virus program is kept up to date (like weekly), it is most unlikely. Especially so if these target addresses are not otherwise present anywhere on your system.

Many viruses forward infected messages on to e-mail addresses that they find on the infected computer, and also forge the address that the message appears to come "From:", to be one of those addresses it finds. So it could be that someone who has your address has been infected, and some of the messages sent out have been spoofed as being from you. Note that such addresses are not just harvested from the address book of an e-mail application, but can be found anywhere in any file present on the computer.

SPYWARE - ADWARE - HIJACK your browser:
Though not strictly viruses, an increasing nuisance is the spyware / adware / hijack software.
Example, your browser's home page changes to a site you don't want, and despite you setting it to what you want to have, it keeps reverting to the undesired one. These can be the cause of a number of strange behaviours.

An anti-virus program usually won't be effective on its own, you need a special tool (or a couple as most are not 100% effective). Those usually recommended are Spybot, Ad-Aware, or Microsoft's Defender Spyware tool, which are free, plus a number of others.

A couple of useful pages for more information are:
http://www.microsoft.com/athome/security/spyware/default.mspx
http://www.spywareinfo.com/articles/hijacked/

Guides:

General advice to avoid getting a virus infection:

If you do NOT have good anti-virus software - GET ONE NOW, don't take stupid and avoidable risks !!!
UPDATE your anti-virus definitions regularly (weekly is best), via an update facility in your software or their web site.
Get a FIREWALL also. If you spend a lot of time on the net, especially if you have broadband (eg ADSL or Cable, which are "always on"). You can probably get one from your anti-virus supplier so they will work together, or there are free ones, eg ZoneAlarm is often recommended and also has a higher featured "Pro" version and Anti-Virus products that have to be paid for. Another firewall that is well recommended, and also with both a free and a paid but inexpensive version, is Kerio. A good source of comparison and download is to go to CNET's http://download.com and enter "Firewall" in the search box), or see the Home PC Firewall Guide site http://www.firewallguide.com for information, comparisons and links.
Windows XP has a firewall built-in, it is very basic, but better than nothing, and the the WinXP-SP2 version is much better, especially if you already use a web router to connect to the Internet which has a firewall in it. However a dedicated software firewall is much better again, since that also monitors and controls outbound traffic. NB: If you do install a third party firewall, then turn off Win XP's own firewall (see in Help) or they will clash.
If you think an attachment seems suspicious, do not open it from the e-mail. Save it to your hard disk, so it will be scanned by your normal anti-virus scanner, not just the e-mail component. Check that the name is not hiding its true identity, look for extra trailing executable extensions after what looks like a harmless name, eg somepicturename.jpg.pif and if still not certain, check with the sender whether they meant to send it to you and that it is OK.
Use the "Windows Update" feature in later Windows versions, and for other versions and Operating Systems check their web site regularly for updates (eg MicroSoft), to keep your OS protected and as secure as possible.
Have a back-up strategy in place, at least for your data.
Virus or no virus - your hard disk WILL FAIL one day, and sooner than you expect. A hard disk is an electro-mechanical device with a finite life - an inescapable physical fact. It is WHEN NOT IF, and just how soon.
If you receive an e-mail warning you of a "dangerous new virus", asking you to "install the attached patch to protect yourself", suspect a real virus trying to fool you. Manufacturers like MicroSoft do NOT send out such e-mails, so be very suspicious if it appears to come from someone like them. Check the anti-virus vendor or apparent source's web sites for keywords in the message.

Please don't pass on HOAXES:

If you receive an e-mail warning you of a "dangerous new virus", asking you to "forward the message to everyone you know", suspect a hoax. Before you do anything, check the Sophos hoax list on this page, or on your anti-virus supplier's site, or on sites like:
http://vmyths.com or http://www.breakthechain.org or http://www.hoax-slayer.com
... or just do a web search for some key words in the warning message. If it is a hoax, just advise the sender that they have been tricked (nicely) and then delete the message.
Also in this class are the urban myth stories: the needlestick warning quoting the Red Cross as a source; the waking in an ice bath with your kidneys removed; etc. These can be quickly checked in exactly the same way.
Even though some hoaxes and urban myths may sometimes actually contain a grain of truth, they are exaggerated to an extent that they become ridiculous.
They are a kind of virus in that they take up bandwidth and mail server space by the expanding propagation of the useless message.

General advice if you DO get a virus infection: DON'T PANIC !

If your computer is crippled, ask a friend to check out the following and download or print it out for you. There are usually ways to start up and eliminate the virus.
Visit your anti-virus supplier's site. Even with a good suite, you could just be very unlucky and be infected before a new virus is detected and coded into the software, but much more likely is that it has appeared since you last updated some weeks ago, and you really need the latest version. Update and check for information.
Even if you still do NOT have an anti-virus suite (you dumbo, how could you leave yourself so open), most suppliers will provide a removal tool or describe a removal method on their web site. Among many useful ones, these sites are definitely worth trying for help, information or when considering purchase:

http://www.symantec.com/avcenter ; http://au.mcafee.com ; http://www.sophos.com ;
http://www.vet.com.au ; http://www.leprechaun.com.au ; and the anti-hoax sites above for checking hoaxes.

Notice Board page

rotaryd9750.org.au

[Print This Page]