Beware of malicious emails and web pages

Malicious emails, email attachments, and web pages can sometimes bypass virus scans and firewalls, and therefore remain undetected by security patches. Opening email attachments or visiting web links in suspicious emails is like allowing a stranger into your house - they have bypassed your house alarm and other security precautions and can be extremely dangerous.

Malicious emails and websites try to trick you into installing software with or without your knowledge. These programs can do anything from:

• destroy all the information on your computer,
• capture your usernames and passwords,
• steal your credit card information,
• send spam from your computer
• or more

However, astute observation of your emails, knowing the warning signs associated with these threats, and following safe computing practises can help prevent such attacks against your computer.

Types of malicious programs

Trojan Horses

This family of programs is named after the wooden horse of Greek mythology. The story goes that the Greeks stored a small group of men inside a giant wooden horse and left it on the beach as a 'gift' to the Trojans before they supposedly retreated. The Trojans, thinking the war was over, wheeled the horse inside the city gates. At nightfall, the Greeks inside slipped out and opened the city gates - allowing the rest of the Greek army in to destroy the city of Troy.

Much like the old trojan horse, the user (ie: you) is tricked into installing a 'harmless' program. If it is sent via email, it typically states that it is a game for you to play, a new screensaver to download, or a file that you have requested. Trojan horses can take the form of an executable file (.bat, .exe or .com) or a compressed (.zip) file. They could also have been given to you over an online chat session by an unscrupulous person.

Trojan horse programs are designed to allow another person on the internet to take complete control of your computer. The other (remote) user can then use the trojan horse to delete your data, read your email, or steal your passwords and credit card numbers. They can also use your computer to launch attacks against other systems which could then be traced back to you or they may use your computer to send spam emails.

Viruses

Viruses are programs that are designed to infect other programs and computers by replicating themselves. They typically work by exploiting known vulnerabilities that exist within common operating systems or programs.

There are several ways in which you can be infected by a virus, but they most often arrive in the form of an infected file or email attachment. They can be disguised as friendly files and can arrive from the email address of someone you know. Such viruses can 'fake' the email address of an infected person's computer or pick a random email address out of their address book as the apparent reply address.

If the file is run - either by you opening it, or the file running itself automatically, the virus will then replicate itself. Consequently, it can infect other files on your computer, destroy information or propagate itself onto other unsuspecting computers. Such viruses can generate substantial network traffic, and bring a single computer or an entire network to its knees.

Worms

Worms are designed to replicate themselves from computer to computer. They work like viruses do; by exploiting known vulnerabilities in common operating systems and programs, often tricking you into running them. There are often no obvious telltale signs that a worm is active as it doesn't infect other files, although it does make changes to your system in order to work. Once your computer is infected it simply searches for other vulnerable computers to infect.

Much like viruses, worms also generate substantial traffic which can collapse a network.

By keeping your anti virus software up to date and performing regular system scans, it should be able to detect all known versions of existing
trojan horse programs, viruses, and worms.

Spam

Spam is used to describe unsolicited emails, often advertising a particular product or service. Spammers trade target email addresses amongst themselves, or harvest them through search engines, newsgroups, and sell these email lists to organisations claiming that these are willing recipients who want to receive their email. Once your address is on a spammer's email list, it becomes notoriously difficult to unsubscribe yourself from the list. As they often trade or sell their lists, chances are you will accumulate more spam over time.

Many mail filters can minimise spam and you are free to adopt whatever program best suits your needs. There is detailed information on how Monash deals with spam via this link. If you connect to the Internet through an ISP and not through Monash University, you might want to contact their technical support team to see if they have any anti spam tools or filters available.

However, the easiest way of dealing with spam is to simply delete it. Spammers will continue to operate so long as at least one person responds to their advertisement. Therefore, the less people that respond to spam, the harder spammers will have to work in order to try and see the same profit. Eventually the profit margin will become so slim that it will not be worth it.

Other precautions you can take is to never publicly post your email address on the Internet. This should minimise the probability of your address making it onto a spammer's lists. If you must, either use a 'throwaway' email account - one you don't mind being used as a catch-all for spam so you can then give legitimate recipients your "real" email address. Alternatively you can alter your email address so that it is not easily picked up by search programs ("munging" your address). Of course, you can even do both. Visit this link for more information on email address munging.

Spyware

Spyware is the label given to malicious programs that monitor end user activity and report it back to a central source. This can be used to monitor a user's web surfing patterns and search criteria so it can display advertising the user might be interested in, or it can be as malicious as trojan horse programs - capturing personal information such as usernames and passwords then sending it back to another user to steal.

Phisher Scams

'Phisher Scams' is the nickname given to scams where a spammer will pose as an already existing, legitimate business - such as a bank, Internet Service Provider (ISP) or an auction website. They "phish" for email addresses of customers belonging to that institution, then construct an email which appears to be from that institution.

These scams are designed to defraud people or worse yet, steal their identities. The email generally states that there is some problem with the institution's billing system or with the recipient's account, and that the recipient's personal information is needed in order to resolve the problem. The email usually provides a link, redirecting the recipient to a seemingly legitimate website, where they are prompted to enter their personal information.

Email checklist

If you receive an email or a popup window, it's best to ask yourself the following five questions

1. Did you request this message or were you expecting it?

   If you did not sign up for it, then it is likely to be unsolicited and can be deleted. Also delete the message if it is cryptic and requests you visit another website.
   
   

2. Does it advertise a product or request you visit a website?

   Again, if you didn't request it and the address is unfamiliar then there is a good chance it is an unsolicited email.
   Be particularly suspicious if the email or website tells you to do something urgently. For instance, claiming you have spyware installed or you are being investigated by the FBI. Typically these pages are fraudulent and written to deceive people into installing malicious programs.
   
   

3. Does the email claim to represent a body or organisation that you are a member of, and asks you to visit a website to update personal information?

   Remember banks and most other institutions will NOT send official communication via email, so it is safe to assume the email is fraudulent. If you have any doubt contact the institution directly.
   
   

4. Are there any attachments included in the message?

   If the email is not from a source you trust, then you should not open the attachment. If it is from someone you trust, save the attachment and a scan it with your anti-virus software. The anti-virus software should tell you what to do from there.
   
   

5. Is the email from someone you know?

   If the sender is someone you know, then a cursory examination of the email should tell you if it is really from that person. If you're still unsure, you can always email that person and ask them. Ensure you have the correct email address if you do this. This is often a good idea if you have emails you are uncertain of, as many viruses replicate by forging the 'from' address and multiple by sending to people listed in their address books. This means someone you know could potentially have a virus and unwittingly have sent it to you.
   
   If the sender is a stranger, then you should be able to determine from steps 1- 4 whether or not this message is legitimate. If the email was requested or expected, if it carries attachments, requests you visit a website or change personal information - then chances are it is a malicious email and can be deleted.

Technical information

Free Anti Virus Software for Monash University Staff and Students

• Sophos Anti Virus

Differences Between Trojan Horses, Viruses and Worms

• What is the difference between viruses, worms, and Trojans?

Spyware

• Spywareguide

Spam

• Monash Unsolicited Email page
• Spamcop - stop spam
• Spamhaus.org - world's leading anti spam organisation
• Spam Digest - tips for avoiding and dealing with spam

Phisher Scams

• Australian Communications Authority: Phishing - Don't Take The Bait!
• How Identity Theft Works