Purple Arch graphic
UNI Nameplate/Home Page Link
MyUNIverse graphicDash graphicCalendar graphicDash graphicAZ Index graphicDash graphicEmail graphicDash graphicContact graphic
UNI Directory graphic
Search graphic
 

Viruses and E-mail Spoofing


Information about the "Dear User of "UNI.EDU" Mailing System," Virus


Why do I keep getting returned e-mail messages and complaints from people that I'm sending infected e-mail messages that I didn't send?

Many e-mail viruses now use random e-mail addresses from an infected computer's address book in the FROM and TO fields of messages the virus sends. Most likely the virus on someone else's computer has found your e-mail address in an address book and used it in the FROM field as the virus replicates itself via e-mail. The messages look like they came from you, but they did not. This is called e-mail spoofing.

 

For instance, UNI faculty, staff and students may have recently received e-mails with attachments containing a virus that appear to be from official UNI accounts, such as UNIOnlineEditor@uni.edu or MyUNIverseNewsEditor@uni.edu, or from individuals with UNI accounts, making them appear to be legitimate correspondence.

 

Never, ever click on executable file extensions

One of the best ways to protect yourself from the majority of e-mail viruses is to never send, click, open, save, or run EXECUTABLE e-mail attachments.

Executable File Extensions are:

.EXE .COM .VBS .LNK .PIF .SCR .BAT .CMD

Examples:

clickme.exe, iloveyou.jpg.pif, memo.doc.scr, newdean.bat, your_tenure.vbs


If you receive a file via e-mail that ends with any of these, delete the message without opening the attachment. Most people should never need to receive an executable computer program via e-mail. Executable programs typically come from software manufacturers on CD-ROM or other media. You can also ask your department or college technical support staff about e-mail programs that automatically delete executable files so there's no chance you can accidentally click on them.

 

UNI Online and MyUNIverse News

UNI Online and MyUNIverse News never contain attachments. For the most part, they also stick to a strict publishing schedule: UNI Online to faculty and staff on Tuesday and Thursday mornings at 4 a.m., and MyUNIverse News to students on Monday mornings at 4 a.m. (Note: MyUNIverse News is only published during the academic year, not during the summer, and UNI Online is Tuesday-only during the summer) Occasionally a special edition of either publication will be sent, but never with an attachment.

 

Virus spoofing

E-mail distributed viruses that use spoofing, such as the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.


If you receive an alert that you’re sending infected e-mails, first run a virus scan using your virus protection software. If you are uninfected, you may be tempted to reply, but keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server. In that case, replying to the original e-mail may not elicit a response and only causes more useless traffic on the Internet.

 

If someone sends you a personal e-mail accusing you of distributing a virus (and you're not), the following text could be sent to them.


“Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of e-mail-distributed viruses fake, or spoof, the ‘From' address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.”


Alternatively, if you receive an e-mail-distributed virus, look at the Internet Headers information to see where the e-mail actually originated from, before firing off a complaint or virus alert to the person you assume sent it.

 

Other Resources

 

UNI-ITS Virus Detection/Prevention Resources

 

Res-Net Virus Software Download site (Free virus protection software for UNI students)

 

Spoofed Identities:Virus, Spam or Scam?

News article explaining more about e-mail spoofing

 

 

Maintained by University Marketing and Public Relations

Updated: March 3, 2004