Tag Archives: e-mail
Virus Removal – E-Mail Attachment Viruses
Over recent years viruses that are spread in the form of e-mail attachments have become increasingly more common with widespread attacks taking place across the globe, the most famous of which being the CIH virus mail attack.
On 26 April 1998 the first wave of the much feared CIH virus (or Chernobyl virus) struck across the world. The initial spread of this virus was caused by the distribution of infected software and game demo’s, but later even big companies such as IBM were distributing newly built, complete PC systems blissfully unaware that these new systems were already harbouring the CIH virus.
Although the virus was first spread in April 1998, it was not set to activate until a year later on 26 April 1999. If virus removal had not been performed on infected PC’s prior to that date, the virus would be activated. Once activated, the virus had the ability to overwrite the majority of the data on the user’s hard drive, causing havoc within the file system and rendering the user’s PC inoperable.
In 2001 a new strain of this virus was created and distributed globally to thousands of victims in the form of an e-mail attachment. These two attacks combined caused an estimated $8 million worth of damage to computer systems around the world, but unfortunately a lot of this damage could have been avoided if the users had made simple adjustments to their e-mail security settings and updated their antivirus software. These simple adjustments help to protect your system from infection and avoid the difficult task of virus removal after an infection has been detected.
Always check your e-mail security settings to make sure you have the correct security measures in place to combat these attacks should they ever take place again. If you’re security settings are set up to allow JavaScript, Macros or other (possibly malicious) files to execute automatically, then it is vital that you disable these features as soon as possible to ensure that you are not vulnerable to an e-mail based virus attack.
Managing the Phishing Threat to Your Organization
By now youre familiar with the basic phishing e-mail. You know the one — it comes from a bank you dont do business with asking you to verify personal information such as your name, Social Security Number and your existing bank account information. The e-mail may claim the bank it purports to represent has a check to deposit to your account, is trying to clear a check or something else along those lines. These phishing e-mails are easy to spot, their misspelled words obvious and the bogus links show up clearly. Theyre also fairly easy to fight.
Unfortunately, so many people are on to this kind of attempted identity theft that the phishers have turned to more sophisticated means. They use real bank logos and information theyve gleaned from elsewhere on the Internet to make it look like they know you, and they dont ask for personal information. Rather, they ask you to visit a website that will download a virus that will go through your computer and collect whatever information it can find.
But as phishing continues to evolve, detecting phishing e-mails is becoming more difficult. Worse, some phishing e-mails are really the visible part of an APT. They appear to be from someone you know, and they appear to ask for a response regarding something related to work, your finances or something else a friend may know. But spear phishing, as these highly personal phishing e-mails are called, depends on gaining your confidence by using material gleaned from social networks or other sources. When the U.S. Chamber of Commerce was attacked, for example, the attackers went after the e-mail files. Most likely they were looking for e-mail addresses and information from the contents of the e-mails they found to use in a later spear phishing attack.
But these attacks may not be after personal finance information; rather, they may be after passwords to other companies systems, they may be after the names and e-mail addresses at other companies, or they may be after personal information they can use elsewhere.
The solution to most spear phishing attacks is first to use the best screening systems you can find. Some next-generation firewalls and most high-end security software can at least warn when they find a suspicious message. In addition, users must be trained never to answer requests for personal information of any kind. The bank is never going to e-mail anyone asking for account information. The IRS isnt going to e-mail anyone about taxes, and the security staff at another company isnt going to e-mail anyone about their access information.
Should such an e-mail hit your inbox, however, forward that e-mail to abuse@companyname.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it. , and contact the sender directly to see if theres actually a need for the information. Whatever you do, dont reply to any e-mails asking for information. If you must supply information, originate the e-mail yourself.
Managing the Phishing Threat to Your Organization
By now youre familiar with the basic phishing e-mail. You know the one — it comes from a bank you dont do business with asking you to verify personal information such as your name, Social Security Number and your existing bank account information. The e-mail may claim the bank it purports to represent has a check to deposit to your account, is trying to clear a check or something else along those lines. These phishing e-mails are easy to spot, their misspelled words obvious and the bogus links show up clearly. Theyre also fairly easy to fight.
Unfortunately, so many people are on to this kind of attempted identity theft that the phishers have turned to more sophisticated means. They use real bank logos and information theyve gleaned from elsewhere on the Internet to make it look like they know you, and they dont ask for personal information. Rather, they ask you to visit a website that will download a virus that will go through your computer and collect whatever information it can find.
But as phishing continues to evolve, detecting phishing e-mails is becoming more difficult. Worse, some phishing e-mails are really the visible part of an APT. They appear to be from someone you know, and they appear to ask for a response regarding something related to work, your finances or something else a friend may know. But spear phishing, as these highly personal phishing e-mails are called, depends on gaining your confidence by using material gleaned from social networks or other sources. When the U.S. Chamber of Commerce was attacked, for example, the attackers went after the e-mail files. Most likely they were looking for e-mail addresses and information from the contents of the e-mails they found to use in a later spear phishing attack.
But these attacks may not be after personal finance information; rather, they may be after passwords to other companies systems, they may be after the names and e-mail addresses at other companies, or they may be after personal information they can use elsewhere.
The solution to most spear phishing attacks is first to use the best screening systems you can find. Some next-generation firewalls and most high-end security software can at least warn when they find a suspicious message. In addition, users must be trained never to answer requests for personal information of any kind. The bank is never going to e-mail anyone asking for account information. The IRS isnt going to e-mail anyone about taxes, and the security staff at another company isnt going to e-mail anyone about their access information.
Should such an e-mail hit your inbox, however, forward that e-mail to abuse@companyname.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it. , and contact the sender directly to see if theres actually a need for the information. Whatever you do, dont reply to any e-mails asking for information. If you must supply information, originate the e-mail yourself.