We all get them
- those e-mails from someone we don't know or from another GSU user
and the subjects reference a myriad of topics. One thing that they
have in common is that the Groupwise virus scanner detected a virus
and sent you an alert to that effect.
I get a lot of
questions from campus users wondering how the virus message originator
got their e-mail address or why they are getting mail from GSU users
they don't know… The answers are in the nature of the behavior
of most viruses, such as the "Klez" variants of late.
These viruses
have a number of ways in which they propagate themselves to innocent
users. They W32.Klez.gen@mm is a mass-mailing worm that searches the
Windows address book for e-mail addresses and sends messages to all
recipients that it finds. The worm uses its own SMTP engine to send
the messages. The subject and attachment name of incoming emails is
randomly chosen. The attachment will have one of the following extensions:
.bat, .exe, .pif or .scr. Klez then attempts to copy itself to all
network shared drives that it finds.
The Klez virus
can even alter the "from" line of messages to insert a particular
user's name and make it appear that the individual was the originator,
when in fact they were not.
If you get a message
from an unknown sender that has an attachment, with no accompanying
alert from the Groupwise scanner, those are the ones you need to be
cautious about. You would want to save the attachment to a folder
on your hard drive and scan it with Norton Antivirus prior to opening
it.
That leads me
to one final point - I can't emphasize enough the importance
of running Norton Anti-virus on your workstations. If you
disable Norton, your system will become infected with a virus and
subsequently attempt to wreak havoc with your files and directories
or with other users' computers. You need to enable "real time"
protection, do "live updates" periodically just to ensure
you are protected by the latest updates to the software, and scan
your hard drives at least once a week.