General Virus Information
Viruses are, unfortunately, an increasingly common threat to computer systems. While UNE's servers detect many viruses which arrive via email they can never catch 100% and not all viruses are email-borne.
Please make sure that you have a current anti-virus program installed
ITD provides Sophos Antivirus software for university owned computers connected to the campus LAN. Members of staff, you can get information about Sophos Antivirus here. For installation guides please select one of the following operationing systems:
A few recommendations for protecting your computer from viruses:
- Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
- Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it.
- Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so.
- Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network.
- Do not download any files from strangers.
- Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti-virus software.
- Update your anti-virus software regularly. Over 500 viruses are discovered each month, so you'll want to be protected. These updates should be at the least the products virus signature files. You may also need to update the product's scanning engine as well. If you have downloaded UNE's version of Sophos and are connected to the network, your virus signatures will update automatically; if you purchased your own software, please contact your software vendor for information.
- Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
- When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates which include those for your operating system web browser, and email. One example is the security site section of Microsoft located at http://www.microsoft.com/security .
For more information and/or assistance please contact IT help desk.
Back to top
Stinger Removal Tool
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather an emergency tool to help deal with a system that has already become infected.
Download Now:
Stinger.exe
[EXE file about 1Mb]
Important
Windows ME and Windows XP users must disable the "System Restore" function before running Stinger - please click here for details.
Once STINGER has removed the viruses it finds, please make sure that you keep your Windows system updated to prevent future worm attacks. Please run "Windows Update" regularly on your computer - click HERE for instructions.
Back to top
Blocked email subject lines and attachment types
To prevent the spread of the computer virus (MyDoom), any email with the subject line "Hi" has been blocked on our mailserver. We are also currently blocking any "zipped" files sent as attachments i.e. any file compressed with WinZip on Windows having the the extension .zip cannot be sent or recieved. Please don't use "Hi" as your subject line ("Hi!" Or "Hi Bob" will be fine).
- If you need to send a zipped file, please RENAME it prior to sending (from filename.zip to filename.zap) and ask the recipient to rename it back to filename.zip before they open it.
- If you need to receive a zip file, please ask the sender to rename the file prior to sending it (- you will need to rename it back once received to open it correctly).
The block on .zip files will be in place for at least the remainder of 2004.
Below is a list of ALL blocked subject lines; most of them were blocked because of specific viruses:
Hi
Hi! How are you
Hola como estas
your account
Re: Your password!
the list
bill caricature
Trojaner-Info Newsletter
new photos from my party!
Microsoft Security Bulletin MS01-037
FWD: Help us ALL to END ILLEGAL child porn NOW
Homepage
Matcher
FW: Naked Wife
Here you have, ;o
Snowhite and the Seven Dwarfs - The REAL story!
fw: life stages
fw: funny
fw: joke
Resume Janet Simons
iloveyou
Susitikim shi vakara kavos puodukui...
fwd?: Joke
Mother's Day Order Confirmation
Dangerous Virus Warning
virus alert!
Important Read carefully !
How to protect yourself from the IL0VEY0U bug!
I Cant Believe This!
Thank You For Flying With Arab Airlines
Variant Test
Yeah,? Yeah another time to DEATH.
look!
Bewerbung Kreolina
Recent Virus Attacks-Fix
PresenteUOL
IMPORTANT: Official virus and bug fix
NEUE ANTI-VIRUS-LISTE
BUG & VIRUS FIX
New Variation on LOVEBUG Update Anti-Virus!!
Image of the Millenium
Your details
Thank you!
Re: Thank you!
Re: Details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Re: Re: My details
Back to top
Virus Hoaxes
A lot of virus warnings that go round in emails don't relate to actual viruses, but are myths / hoaxes. You should always check whether a virus warning received via email is a hoax BEFORE taking any action. There are numerous web sites where you can check, here are a couple:
Back to top
Email scam targeting customers of online banking services
ITD had a number of reports of scam emails that were sent to UNE accounts and were targeting users of online banking and electronic payment sites. These scams are designed to fraudulently collect information along the lines of the following from unsuspecting users:
- online banking logins and passwords; or
- full banking account details such as account name/id, full name of account holder, swift code and BSB code.
- credit card details such as cardholder name, card number and expiry date.
- full account and password details of other forms of electronic payment or funds transfer (eg PayPal, Ebay)
The institutions whose customers are being targeted for these scams include banks, on-line stores, on-line auction sites and alternative electronic funds transfer sites (eg PayPal).
Details:
Attackers are constructing mimic sites to lure customers of online banking and other forms of electronic payments into accessing fake sites rather than the original.
- Contacting users by email and requesting them to either reply to the email with their account login / details and passwords, or fill in an enclosed form that will send the results to a site under the attacker's control.
- Contacting users by email and requesting them to enter their account login / details and password into a site that is not the real banking or electronic payments site of the organisation that is supposedly requesting the information. This fake site may resemble the original very closely in both layout and function. The email can also be in html format and may be constructed to include links to what appears to be a legitimate site but that are in fact pointing at fake addresses eg:
http://www.yourbank.com.au
- Establishing a web site that resembles the original not only in just appearance and function but also has a very similar domain name eg where www.yourbank.com.au is the real site and www.yourbank-bank.com is the fake.
What to Do:
Protect your password and account details. Users should *never* give out password or account details in response to unsolicited requests via email or other forms. Users should *only* log in to the appropriate financial institution's or other electronic payment web site that has been verified as the legitimate site for that organisation.
Banks and other electronic payment sites (on-line store and auction sites) never request account or credit card details and never - under any circumstances - request passwords via email.
In summary:
- Never provide account details and passwords by email
- Never provide account details and passwords in response to an unsolicited request
- Ensure you are dealing with the correct website by checking other forms of advertising media
If you receive an email that fits the description below, please ignore and delete it, do not reply to it.
For more details, see:
http://national.auscert.org.au/render.html?it=2909
Back to top
Nigerian eMail Scam
The following information was provided by the NZ Ministry of Consumer Affairs. This is just some general advice that people should take into consideration when receiving this type of email.
"Nigerian" Scams
The Nigerian scam, as it is commonly called, is an advanced fee type of fraud. The scam runs like this - you receive a letter (by mail, email or fax) allegedly written by a Prince or top officer from a company or a quasi government corporation in an African state (the most common is Nigeria). The letter will offer you an opportunity to share in a million dollar bonanza. The letter explains that citizens of that country are forbidden to operate foreign bank accounts or send funds out of their country. What they need is access to a foreign account that can be used to transfer money through. The amount of money usually mentioned is upwards of US$10 million. All that's needed are details of your bank account and a few blank pages of letterhead if you're a company. In return you are offered an opportunity to share in the millions. Sound too good to be true? It is, and should be avoided at all costs! You will be asked to pay a processing fee of tens of thousands of US dollars and that's the last you will see of your money, or the promised share of $30 million. See our Nigerian scam lists for more information and a list of the most common varieties. This list can be found at the Ministry of Consumer Affairs
Back to top
SMS Phone Virus Hoax
Over the last few weeks emails that warn about Mobile Phone / SMS viruses have been doing the rounds. We encourage you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern. There are several versions of this hoax in circulation. Two versions are as follows:
Version 1
To: ALL ORANGE USERS If you receive a phone call and your mobiles phone displays ACE-? on the screen DON'T ANSWER THIS CALL - END THE CALL IMMEDIATELY. IF YOU ANSWER THE CALL, YOUR PHONE WILL BE INFECTED BY THIS VIRUS. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network. You will have to buy a new phone. ? This information has been confirmed by both Motorola and Nokia. There are over 3 million mobile phones being infected by this virus in USA now.
Version 2
Dear all mobile phone's owners, ATTENTION!!! NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM.. All mobile phone in DIGITAL system can be infected by this virus..If you receive a phone call and your phone display "UNAVAILABLE" on the screen (for most of digital mobile phones with a function to display in-coming call telephone number), DON'T ANSWER THE CALL. END THE CALL IMMEDIATELY!!!BECAUSE IF YOU ANSWER THE CALL, YOUR PHONE WIL L BE INFECTED BY THIS VIRUS.. This virus will erase all IMIE and IMSI information from both your phone and your SIM card which will make your phone unable to connect with the telephone network. You will have to buy a new phone.
For further information, please check the Symantec website on http://securityresponse.symantec.com/avcenter/venc/data/mobile-phone-hoax.html
Back to top
|
