Q1: Why is it important to practise safety in reading E-mails?
There has been a high increase of malicious codes such as virus, worms and trojans that spread via email attachments, notably due to the lack of caution and care by individual in handling emails. On the other hand, virus can spread via diskette and file downloads too, however, the impact has not been as widespread as via email attachment.
Q2: How fast can these virus spread?
The speed of these malicious codes spread depends on the behavior of the virus itself, notably the worm type viruses spreads automatically via email attachment, which the code itself initiates. The user will not be aware that an email has been sent from his/her PC to his/her friend. This Worm feature can create pay-load on the user's or the service provider's mailer system, e.g. Happy99 and Melissa Worm* (http://www.cert.org/advisories/CA-1999-04.html).
Q3: What damages can these malicious codes do?
Malicious codes that has features to destroy data, such as Worm.ExploreZip* (http://www.cert.org/advisories/CA-1999-06.html) and CIH will destroy files, hard disk partitions, BIOS and other possible damages to the systems and hardware. Malicious codes with trojan features on the other hand will open a backdoor on the victims' machines inviting remote entry to the system.
Q4: How advanced is the threat?
The threat has been increasing since mid 1998, since we see many recent malicious codes have combined features of virus, worm and trojan, which increases the threats and challenges to the IT industry especially to the antivirus vendors in coming up with fixes. Our observation is, the most active attacks since mid last year has been on the windows platform. The statistics of reports received by MyCERT are available at http://www.mycert.org.my
Q5: How do we prevent the spread of these malicious codes?
Practice caution when receiving email attachments. Upon receiving email with an attachment, regardless of the sender :
DO NOT CLICK THE ATTACHMENT. Do not open it, do not view it, do not save it to disk.
Verify the E-mail, by contacting the sender.
Do not launch the program automatically - save it to hard disk to enable the antivirus software to scan the file for any viruses.
Ensure you have your antivirus, virus list updated.
If your computer shows some sign of abnormalities, after you launch their email attachment, contact the sender. Contact your Network Administrator if you are at your office. If you are at home, contact your ISP (Internet Service Provider). DO NOT SEND THEM A COPY OF THE ATTACHMENT, describe it to them and then wait until they ask you for it.
If all attempts fail, you can send a message to mycert [at] mycert.org.my describing the message you have received. You can also send a copy of the attachment to this address. The message will be investigated and you will receive a message back from MyCERT with whatever information we can get about it.
Upon sending out an attachment, practice the followings :
When sending an attachment, write the message describing the file and why you are sending it. Remember, viruses can do this too, so try and include something unique in this message so the recipient will know it is from you and not some automated virus.
Avoid sending messages with attachments that contain executable code (codes that run things), like Word documents with macros, EXE files and ZIPPED files. You can use Rich Text Format, or RTF, instead of the standard .DOC format. RTF will keep your formatting, but will not include any macros. There is, however, a couple of viruses out there that will fool Word when you save as RTF, so while you cannot completely trust .RTF files it is still a good practice. This may avoid the embarrassment of you sending them a virus if you are already infected.
You can use antivirus software products to scan your hard disks at all times, however, update the software list every few days and do not rely on it to protect you completely. Remember, they can only detect what they (the vendor) already know about.
Q6: How to Disable Active Scripting In Outlook Express?
Scripting in Microsoft outlook Express is enabled by default and executes when you open a message or preview it.. The information below describes how to use the Security Zones feature to disable the use of VBScript and JScript in Outlook Express HTML-format e-mail messages and newsgroup posts.
To disable scripting in Outlook Express:
Outlook Express 4.x for UNIX on HP-UX or Sun Solaris, Windows 3.1, Windows
NT 3.51, Windows 98, Windows 95 and Windows NT 4.0
1.Start Outlook Express.
2.On the Tools menu, click Options, and then click the Security tab.
3.In the Zone box, click the Restricted sites zone, and then click Settings.
4.When you are notified that you are about to change the security settings, click OK.
5.In the Security dialog box, click Custom (for expert users), and then click Settings.
6.In the Security Settings dialog box, click Disable under Active scripting in the Scripting area.
7.Click OK, click Yes if you are prompted, click OK, and then click OK.
Outlook Express 5 for UNIX on HP-UX or Sun Solaris, Windows 3.1, Windows
NT 3.51, Windows 98, Windows 95 and Windows 2000
1.Start Outlook Express.
2.On the Tools menu, click Options, and then click the Security tab.
3.Under Security Zones, click Restricted sites zone (More secure), and then click OK.
4.Start Internet Explorer, and then click Internet Options on the Tools menu.
5.On the Security tab, click Restricted sites, and then click Custom Level.
6.In the Security Settings dialog box, click Disable under Active scripting in the Scripting area.
7.Click OK, click Yes if you are prompted, and then click OK.
Additional query words:
Keywords : kbenv win98
Version : UNIX:4.01,5; WINDOWS:2000,4.0,4.01,4.01 Service Pack 1,4.01 Service Pack 2,5,5.01; Win98:5.01
Platform : UNIX WINDOWS Win98
Issue type : kbhowto
Technology :
Q7: What if the email is an announcement from my ISP, which includes an attachment?
ISPs will NOT send documents attached in an email announcement. They would normally refer to their website, where you can retrieve information desired.
Q8: What are other recent threats lately?
There are also a few attempts of stealing Internet account password through emails, which claim to have originated from the ISPs. These are NOT TRUE, the email headers have been forged, to look as if they were sent by the ISPs. As a matter of practice, ISPs do not request for customer's passwords in any circumstances, especially via email.
Q9: Any advice for organizations?
Every organization that has a network should have policy on virus prevention. These policies need to be enforced and monitored. Any development in the technology should call for the policy to be revisited, so as it is always applicable and acceptable to the current network environment.
Back
