How Can We Stop E-mail Viruses?

by Henry Wong

In the early days, as long as computer viruses were transferred by floppy disks, they spread slowly. However, e-mail has changed all that. Now you can exchange files much more quickly and infecting your PC is as easy as clicking on an icon - or easier. E-mail has become the biggest source of viruses. It is because nowadays many viruses can spread themselves automatically by sending virus-contained e-mail to every address in the address book on the infected computer. Latest viruses even pick up e-mail addresses from the victim's hard disk and insert them in the sender field of the infected e-mail, and it is therefore difficult to trace the origin of the sender.

Although computer viruses spread everywhere, we could minimize the chance of being infected by taking sufficient preventive measures. The following provides some guidelines on preventing your computers from being infected by viruses spreading through e-mail:

"... your machine has been infected ... you must delete file xxx from your hard disk"

"... Your e-mail account has been temporarily disabled because of unauthorized access. Our main mailing server will be temporarily unavailable for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service ...
For more information see the attached file.
For security reasons the attached file is password protected. The
password is ..."
  1. Install Anti-virus software
    • Always run updated anti-virus software to protect all your computers (including your office, home, and mobile computers).
    • Enable the "scan email" or "internet download scan" function.
    • The anti-virus software must be updated regularly to ensure that it can detect all the viruses.
    • If a file is found to contain virus, you should delete it immediately.
  2. Apply updates/patches on your Windows O/S and Internet software
     
    • You should perform Windows Update as frequently as possible in order to obtain and install the latest security patches from Microsoft. You may need to restart your computer to make the updates effective.
    • Make sure that you are using the most up-to-date Internet software (e.g. Internet Explorer, e-mail clients). More recent versions of the software often offer enhanced security protection.
  3. Be careful on e-mail attachments
     
    • Never open any attachment (even if it comes from a trustworthy source) included with e-mail unless it had gone through an anti-virus tool scan first.
    • Never open e-mail attachments from unknown sources even though the attachments have been scanned by the anti-virus software. It is because the anti-virus software is most effective on known virus and less and even ineffective on unknown ones.
    • Take care of attached office documents (e.g. files of MS Word, MS Excel) that contain macros. Disable macro execution in your MS Office software by default.
       
  4. Disable scripts (e.g. JavaScript and ActiveX) on your e-mail clients

    Nowadays many computer viruses come with e-mail containing scripts (computer program codes) which, if activated, will infect your machine as well as using your address book to propagate the virus itself. In order to prevent your computer from getting infected by computer virus via e-mail, you should tighten the security configuration of your e-mail software (e.g. Outlook Express) to prohibit scripts from running within e-mail.
     
  5. Think twice before following the instructions of a suspicious e-mail

    Sometimes you may receive an e-mail saying that:
     
Please think before following any actions recommended by the e-mail. For example you can:
  • Check if the e-mail is a "hoax" (a Virus Hoax is an untrue virus-related warning/alert started by malicious individuals.) or "virus" against the virus lists published at http://www.hkcert.org/valert/
  • Double check with the claimed-sender. For example, if it said it is from Microsoft, you should check with www.microsoft.com
  • Check the identification of the e-mail. For example, check the full mail headers. To invoke the mail header of a message, please read the e-mail FAQ page on http://email.cityu.edu.hk/faq/fullheaders.htm
  1. Do not panic when received a message claiming that you have sent a virus-infected e-mail

You may have experience in receiving an undeliverable e-mail notification or virus alert message from an e-mail server (e.g. Mailer-Daemon) saying that your e-mail sent to someone was rejected because it contains a virus or an unsafe file. However, you have never sent such an e-mail!

This kind of e-mail is in fact related to the spreading of the massing-mailing viruses/worms. The virus-infected e-mail was actually sent by the virus itself from an infected computer automatically, and the sender address was faked by the virus. If your e-mail address was found in the infected computer, it could be picked up by the virus to fake the sender address. As a standard procedure, when a mail server detects an e-mail with a virus or unsafe file, it will reject the mail and send an undeliverable notification to the "sender", which could be your e-mail address. That is why you received an undeliverable notification for an email that you have never sent

When you receive such an e-mail undeliverable notification or virus alert, you can:

    • If you are sure that your computer has not been infected by any virus, you may simply discard the message.
    • If the notification e-mail shows the full mail header of the virus-infected e-mail, you can trace the mail header to find out the source machine of the concerned e-mail. Please visit the E-mail FAQ page at http://email.cityu.edu.hk/faq/undeliverable.htm for more detailed information.
 

Finally, if you are unsure, your can always seek advice from the CSC Help Desk.