Q1: Why is it important to practise safety
in reading E-mails?
There has been a high increase of malicious codes such as virus, worms
and trojans that spread via E-mail attachments, notably due to the lack
of caution and care by individual in handling E-mails. On the other hand,
virus can spread via diskette and file downloads too, however, the impact
has not been as widespread as via E-mail attachment.
Q2: How fast can these virus spread?
The speed of these malicious codes spread depends on the behavior of
the virus itself, notably the worm type viruses spreads automatically via
E-mail attachment, which the code itself initiates. The user will not be
aware that a mail has been sent from his/her PC to his/her friend. This
Worm feature can create pay-load on the user's or the service provider's
mailer system, e.g. Happy99* (http://www.mycert.mimos.my/virus-info/happy99.html)
and Melissa Worm* (http://www.cert.org/ftp/cert_advisories/CA-99-04-Melissa-Macro-Virus.txt).
Q3: What damages can these malicious codes do?
Malicious codes that has features to destroy data, such as Worm.ExploreZip*
(http://www.cert.org/ftp/cert_advisories/CA-99-06-explorezip.txt)
and CIH* (http://mycert.mimos.my/)
will destroy files, hardisk partitions, bios and other possible damages
to the systems and harwares. Malicious codes with trojan features on the
other hand will open a backdoor on the victims' machines inviting remote
entry to the system.
Q4: How advanced is the threat?
The threat has been increasing since mid 1998, since we see many recent
malicious codes have combined features of virus, worm and trojan, which
increases the threats and challenges to the IT industry especially to the
antivirus vendors in coming up with fixes. Our observation is, the most
active attacks since mid last year has been on the windows platform. The
statistics of reports received by MyCERT are available at http://www.mycert.mimos.my.
Q5: How do we prevent the spread of these malicious
codes?
Practise caution when receiving E-mail attachments. Upon receiving E-mail
with an attachment, regardless of the sender :
DO NOT CLICK THE ATTACHMENT. Do not open
it, do not view it, do not save it to disk.
Verify the E-mail, by contacting the sender.
Do not launch the program automatically - save it to hardisk to enable
the antivirus software to scan the file for any viruses.
Ensure you have your antivirus, virus list updated.
If your computer shows some sign of abnormalities, after you launch
their E-mail attachment, contact the sender. Contact your Network Administrator
if you are at your office. If you are at home, contact your ISP (Internet
Service Provider). DO NOT SEND THEM A COPY OF THE
ATTACHMENT, describe it to them and then wait until they ask you
for it.
If all attempts fail, you can send a message to mycert@mycert.mimos.my
describing
the message you have received. You can also send a copy of the attachment
to this address. The message will be investigated and you will receive
a message back from MyCERT with whatever information we can get about it.
Upon sending out an attachment, practice the followings :
When sending an attachment, write the message describing the file and
why you are sending it. Remember, viruses can do this too, so try and include
something unique in this message so the recipient will know it is from
you and not some automated virus.
Avoid sending messages with attachments that contain executable
code (codes that run things), like Word documents with macros, EXE files
and ZIPPED files. You can use Rich Text Format, or RTF, instead of the
standard .DOC format. RTF will keep your formatting, but will not include
any macros. There is, however, a couple of viruses out there that will
fool Word when you save as RTF, so while you cannot completely trust .RTF
files it is still a good practice. This may avoid the embarrassment of
you sending them a virus if you are already infected.
You can use Anti-virus software products to scan your hardisks at all
times, however, update the software list every few days and don't rely
on it to protect you completely. Remember, they can only detect what they
(the vendor) already know about.
Q6: How to Disable Active Scripting In Outlook
Express?
Scripting in Microsoft outlook Express is enabled by default and
executes when you open a message or preview it.. The information below
describes how to use the Security Zones feature to disable the use of VBScript
and JScript in Outlook Express HTML-format e-mail messages and newsgroup
posts.
To disable scripting in Outlook Express:
Outlook Express 4.x for UNIX on HP-UX or Sun Solaris, Windows 3.1, Windows
NT 3.51, Windows 98, Windows 95 and Windows NT 4.0
1.Start Outlook Express.
2.On the Tools menu, click Options, and
then click the Security tab.
3.In the Zone box, click the Restricted
sites zone, and then click Settings.
4.When you are notified that you are
about to change the security settings, click OK.
5.In the Security dialog box, click Custom
(for expert users), and then click Settings.
6.In the Security Settings dialog box,
click Disable under Active scripting in the Scripting area.
7.Click OK, click Yes if you are prompted,
click OK, and then click OK.
Outlook Express 5 for UNIX on HP-UX or Sun Solaris, Windows 3.1, Windows
NT 3.51, Windows 98, Windows 95 and Windows 2000
1.Start Outlook Express.
2.On the Tools menu, click Options, and
then click the Security tab.
3.Under Security Zones, click Restricted
sites zone (More secure), and then click OK.
4.Start Internet Explorer, and then click
Internet Options on the Tools menu.
5.On the Security tab, click Restricted
sites, and then click Custom Level.
6.In the Security Settings dialog box,
click Disable under Active scripting in the Scripting area.
7.Click OK, click Yes if you are prompted,
and then click OK.
Additional query words:
Keywords : kbenv win98
Version : UNIX:4.01,5; WINDOWS:2000,4.0,4.01,4.01 Service
Pack 1,4.01 Service Pack 2,5,5.01; Win98:5.01
Platform : UNIX WINDOWS Win98
Issue type : kbhowto
Technology :
Q7: What if the E-mail is an announcement from my
ISP, which includes an attachment?
ISPs will NOT send documents attached in an E-mail announcement.
They would normally refer to their webpage, where you can retrieve information
desired.
Q8: What are other recent threats lately?
There are also a few attempts of stealing Internet account password
through E-mails, which claim to have originated from the ISPs. These are
NOT
TRUE, the E-mail headers have been forged, to look as if they were
sent by the ISPs. As a matter of practice, ISPs do not request for customer's
passwords in any circumstances, especially via E-mail.
Q9: Any advice for organisations?
Every organisation that has a network should have policy on Virus prevention.
These policies need to be enforced and monitored. Any development in the
technology should call for the policy to be revisited, so as it is always
applicable and acceptable to the current network environment.