General Virus InformationViruses are, unfortunately, an increasingly common threat to computer systems. While UNE's servers detect many viruses which arrive via email they can never catch 100% and not all viruses are email-borne. Please make sure that you have a current and up to date anti-virus program installed
An information sheet for students connected to the LAN from College can be found here
Students should have a anti-virus software to ensure that they are not removed from the network for spreading virus.
Software can be purchased from Mac1 or other software vendors in town.
Alternatively if you can not purchase a anti-virus software then you can download a free, but limited, version from the internet.
List of Free Anti-Virus programs
http://free.grisoft.com/
http://www.free-av.com/ From the McAfee Website here are a few recommendations for protecting your computer from viruses: - Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
- Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it.
- Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so.
- Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network.
- Do not download any files from strangers.
- Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti-virus software.
- Update your anti-virus software regularly. Over 500 viruses are discovered each month, so you'll want to be protected. These updates should be at the least the products virus signature files. You may also need to update the product's scanning engine as well. If you have downloaded UNE's version of McAfee and are connected to the network, your virus signatures will update automatically; if you purchased your own software, please contact your software vendor for information.
- Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
- When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates which include those for your operating system web browser, and email. One example is the security site section of Microsoft located at http://www.microsoft.com/security .
More info on http://www.mcafee.com/antivirus/virus_tips.asp You'll find more information on viruses at the following website: http://www.mcafee.com/centers/antivirus/default2.asp
For more information and/or assistance please contact IT help desk. Back to top Stinger Removal ToolStinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather an emergency tool to help deal with a system that has already become infected. Download Now:
Stinger.exe
[EXE file about 1Mb] Important
Windows ME and Windows XP users must disable the "System Restore" function before running Stinger - please click here for details. Once STINGER has removed the viruses it finds, please make sure that you keep your Windows system updated to prevent future worm attacks. Please run "Windows Update" regularly on your computer - click HERE for instructions. Back to top Blocked email subject lines and attachment types To prevent the spread of the computer virus (MyDoom), any email with the subject line "Hi" has been blocked on our mailserver. We are also currently blocking any "zipped" files sent as attachments i.e. any file compressed with WinZip on Windows having the the extension .zip cannot be sent or recieved. Please don't use "Hi" as your subject line ("Hi!" Or "Hi Bob" will be fine). - If you need to send a zipped file, please RENAME it prior to sending (from filename.zip to filename.zap) and ask the recipient to rename it back to filename.zip before they open it. - If you need to receive a zip file, please ask the sender to rename the file prior to sending it (- you will need to rename it back once received to open it correctly). The block on .zip files will be in place for at least the remainder of 2004. Below is a list of ALL blocked subject lines; most of them were blocked because of specific viruses: Hi
Hi! How are you
Hola como estas
your account
Re: Your password!
the list
bill caricature
Trojaner-Info Newsletter
new photos from my party!
Microsoft Security Bulletin MS01-037
FWD: Help us ALL to END ILLEGAL child porn NOW
Homepage
Matcher
FW: Naked Wife
Here you have, ;o
Snowhite and the Seven Dwarfs - The REAL story!
fw: life stages
fw: funny
fw: joke
Resume Janet Simons
iloveyou
Susitikim shi vakara kavos puodukui...
fwd?: Joke
Mother's Day Order Confirmation
Dangerous Virus Warning
virus alert!
Important Read carefully !
How to protect yourself from the IL0VEY0U bug!
I Cant Believe This!
Thank You For Flying With Arab Airlines
Variant Test
Yeah,? Yeah another time to DEATH.
look!
Bewerbung Kreolina
Recent Virus Attacks-Fix
PresenteUOL
IMPORTANT: Official virus and bug fix
NEUE ANTI-VIRUS-LISTE
BUG & VIRUS FIX
New Variation on LOVEBUG Update Anti-Virus!!
Image of the Millenium
Your details
Thank you!
Re: Thank you!
Re: Details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Re: Re: My details Back to top Virus Hoaxes A lot of virus warnings that go round in emails don't relate to actual viruses, but are myths / hoaxes. You should always check whether a virus warning received via email is a hoax BEFORE taking any action. There are numerous web sites where you can check, here are a couple: Back to top Email scam targeting customers of online banking services ITD had a number of reports of scam emails that were sent to UNE accounts and were targeting users of online banking and electronic payment sites. These scams are designed to fraudulently collect information along the lines of the following from unsuspecting users: - online banking logins and passwords; or
- full banking account details such as account name/id, full name of account holder, swift code and BSB code.
- credit card details such as cardholder name, card number and expiry date.
- full account and password details of other forms of electronic payment or funds transfer (eg PayPal, Ebay)
The institutions whose customers are being targeted for these scams include banks, on-line stores, on-line auction sites and alternative electronic funds transfer sites (eg PayPal). Details: Attackers are constructing mimic sites to lure customers of online banking and other forms of electronic payments into accessing fake sites rather than the original. - Contacting users by email and requesting them to either reply to the email with their account login / details and passwords, or fill in an enclosed form that will send the results to a site under the attacker's control.
- Contacting users by email and requesting them to enter their account login / details and password into a site that is not the real banking or electronic payments site of the organisation that is supposedly requesting the information. This fake site may resemble the original very closely in both layout and function. The email can also be in html format and may be constructed to include links to what appears to be a legitimate site but that are in fact pointing at fake addresses eg:
<a href="http://www.fakebank.com">http://www.yourbank.com.au</a> - Establishing a web site that resembles the original not only in just appearance and function but also has a very similar domain name eg where www.yourbank.com.au is the real site and www.yourbank-bank.com is the fake.
What to Do: Protect your password and account details. Users should *never* give out password or account details in response to unsolicited requests via email or other forms. Users should *only* log in to the appropriate financial institution's or other electronic payment web site that has been verified as the legitimate site for that organisation. Banks and other electronic payment sites (on-line store and auction sites) never request account or credit card details and never - under any circumstances - request passwords via email. In summary: - Never provide account details and passwords by email
- Never provide account details and passwords in response to an unsolicited request
- Ensure you are dealing with the correct website by checking other forms of advertising media
If you receive an email that fits the description below, please ignore and delete it, do not reply to it. For more details, see:
http://national.auscert.org.au/render.html?it=2909 Back to top Virus Hoax "Life is Beautiful " This virus warning has been confirmed as a HOAX by Symantec and McAfee. Please delete the email and ignore the contents; do not pass it on to other users. The text of the email reads: IMPORTANT WARNING
Please be extremely careful especially if using e-mails such as Yahoo, Hotmail and so on.
This information arrived this morning, from Microsoft and Norton.
Please send it to everybody you know who accesses the Internet.
You may receive an apparently harmless e-mail with a Power Point presentation "Life is beautiful. pps".
If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it immediately.
If you open this file, a message will appear on your screen saying: "It is too late now, your life is no longer beautiful", subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will gain access to your name,e-mail and password.
This is a new virus which started to circulate on Saturday afternoon. WE NEED TO DO EVERYTHING POSSIBLE TO STOP THIS VIRUS: AOL has already confirmed the severity, and the antivirus Softs are not capable of destroying it.
The virus has been created by a hacker, who calls himself "life owner",
PLEASE MAKE A COPY OF THIS EMAIL TO ALL YOUR FRIENDS. See: http://securityresponse.symantec.com/avcenter/venc/data/life.is.beautiful.hoax.html Back to top Virus Hoax "WTC Survivor" A new virus warning has been confirmed as a HOAX by McAfee. Please delete the email and ignore the contents; do not pass it on to other users. The text of the email reads "I received this from a reliable family friend this morning. 10/28/01 BIG TROUBLE !!!! DO NOT OPEN "WTC Survivor" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person. I repeat a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not not all. If you receive an email called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. This is a serious one." See http://vil.mcafee.com/dispVirus.asp?virus_k=99245 for more info. Back to top A Card for you / NEW VIRUS An old virus hoax raised its head on campus again this morning. If you received an email with "A card for you . . . " OR ""NEW VIRUS!!!!!!!!! Beware" in the Subject: line, please put it in the bin rather than pass it on to all your colleagues. It's simply a chain letter hoax. The ITD Network and Communications Group stops all known destructive computer viruses at the UNE firewall. If you have any doubts at all about an email that you've received, please call the Service Desk first on extension 5000, or email servicedesk@une.edu.au or go to http://www.une.edu.au/itd/help/helpdesk.html for an on-line form to log a call. The Service Desk will be delighted to help you. The "A card for you" hoax is very aptly described at:
http://www.itd.umich.edu/virusbusters/hoaxes/virtual.html Back to top Sulfnbk.exe / Jdbgmgr.exeA common virus hoax that is going round at the moment is an email that warns recipients about a malicious virus and recommends deleting the SULF or file of the system. Both messages are HOAXES. Our advise to users who receive the email is to delete the message. DO NOT pass it on as this is how an email HOAX propagates. JDBGMGR.EXE is the Microsoft Debugger Registrar for Java; it uses a Teddy Bear icon.SULFNBK.EXE is a Microsoft Windows utility that is used to restore long file names For further information about the hoaxes and for instructions on how to restore the files to your system if you have deleted them, please refer to the McAfee website at http://vil.mcafee.com/dispVirus.asp?virus_k=99436 (JDBGMGR.EXE) or
http://vil.mcafee.com/dispVirus.asp?virus_k=99084 (SULFNBK.EXE) Back to top Nigerian eMail ScamThe following information was provided by the NZ Ministry of Consumer Affairs. This is just some general advice that people should take into consideration when receiving this type of email. "Nigerian" Scams
The Nigerian scam, as it is commonly called, is an advanced fee type of fraud. The scam runs like this - you receive a letter (by mail, email or fax) allegedly written by a Prince or top officer from a company or a quasi government corporation in an African state (the most common is Nigeria). The letter will offer you an opportunity to share in a million dollar bonanza. The letter explains that citizens of that country are forbidden to operate foreign bank accounts or send funds out of their country. What they need is access to a foreign account that can be used to transfer money through. The amount of money usually mentioned is upwards of US$10 million. All that's needed are details of your bank account and a few blank pages of letterhead if you're a company. In return you are offered an opportunity to share in the millions. Sound too good to be true? It is, and should be avoided at all costs! You will be asked to pay a processing fee of tens of thousands of US dollars and that's the last you will see of your money, or the promised share of $30 million. See our Nigerian scam lists for more information and a list of the most common varieties. This list can be found at the Ministry of Consumer Affairs Back to top SMS Phone Virus HoaxOver the last few weeks emails that warn about Mobile Phone / SMS viruses have been doing the rounds. We encourage you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern. There are several versions of this hoax in circulation. Two versions are as follows: Version 1
To: ALL ORANGE USERS If you receive a phone call and your mobiles phone displays ACE-? on the screen DON'T ANSWER THIS CALL - END THE CALL IMMEDIATELY. IF YOU ANSWER THE CALL, YOUR PHONE WILL BE INFECTED BY THIS VIRUS. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network. You will have to buy a new phone. ? This information has been confirmed by both Motorola and Nokia. There are over 3 million mobile phones being infected by this virus in USA now. Version 2
Dear all mobile phone's owners, ATTENTION!!! NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM.. All mobile phone in DIGITAL system can be infected by this virus..If you receive a phone call and your phone display "UNAVAILABLE" on the screen (for most of digital mobile phones with a function to display in-coming call telephone number), DON'T ANSWER THE CALL. END THE CALL IMMEDIATELY!!!BECAUSE IF YOU ANSWER THE CALL, YOUR PHONE WIL L BE INFECTED BY THIS VIRUS.. This virus will erase all IMIE and IMSI information from both your phone and your SIM card which will make your phone unable to connect with the telephone network. You will have to buy a new phone. For further information, please check the Symantec website on http://securityresponse.symantec.com/avcenter/venc/data/mobile-phone-hoax.html Back to top | 
