Spam

Spam

Unsolicited commercial email or “spam” is a nearly universal problem that assaults the productivity and patience of most everyone with an Internet connection.

Sources around the Internet almost uniformly agree that the word "spam" came to represent unsolicited, off-topic or otherwise annoying electronic communication based on the Spam sketch by Monty Python's Flying Circus, the 70's British sketch comedy troupe. For an exhaustive exploration of the how Hormel’s tinned pork product came to be synonymous with the flood in our inboxes, visit: http://www.templetons.com/brad/spamterm.html.

What You Can Do To Stop Spam

Though the University's spam filter stops a large amount of spam, it can’t possibly stop it all. Fortunately, there are a number of steps you can take to help stem the tide of spam!

The people who send unsolicited commercial e-mails are highly motivated by the profit potential. The famous Nigerian 419 scam, for example, managed to steal nearly $345,000 from a mere sixteen gullible people.

Spammers find ways around software filters and can nearly always reach you given a valid e-mail address. The key, therefore, is to deny spammers your personal information. Just as you probably wouldn't give out your phone number to just anybody who asked, you should be just as careful with your e-mail address. Once your email address "makes the list" expect spam for all eternity.

Some ways to protect your e-mail address include:

• Set up an email account with Google, Hotmail, Yahoo, or any of the other free email providers on the Internet.
• Any time you need to provide an email address for a contest, to send a card or any other reason where you don't 100% trust a firm's privacy policy (which you should always read), use this free address.
• Check the free account periodically to clean it out (and who knows, maybe you did win that contest!)
• Never use any email address you care about to post a message on a message board or Usenet newsgroup. Programs known as "bots" routinely scan such forums, harvesting email addresses.
• If you receive an email chain letter delete it immediately and certainly don't add your name and forward it on. Whatever fate might befall you for breaking the chain is better than all those addresses (including yours) falling into the hands of spammers.
• As a rule, only use your "good" email addresses for personal and business correspondence. Extend this warily only to dealings with companies that you trust.
• "Opt Out" while you can. When making an online purchase or subscribing to an e-newsletter, most sites have an option like "contact me with further offers or special deals" which is frequently checked by default. Unless you really want this information, uncheck the box. Remember, if you leave the box checked the offers you get from the site are not considered spam as you did technically request the information.
• Most reputable web sites will be very upfront and clear about their privacy policies. A good privacy statement should spell out in plain language that they will never sell your name or personal information to anyone. If the statement is at all vague on this point, take your business elsewhere.
• Some email clients, like Thunderbird, allow you to turn off the display of remote images. This thwarts attempts by spammers to confirm that you've received their email. If your email client has this feature, you should use it.

Unfortunately, once they’ve got you, they've got you. If your email address falls into the hands of a spammer it's tainted and will be passed around among the unscrupulous individuals and companies that produce most spam.

There are a few things you can do to avoid making a bad thing worse:

• If you receive an email that looks like spam, it’s a good idea to delete it without opening it. Opening spam that contains images (even hidden ones) can let the sender know that they’ve reached you successfully. Using Binghamton University web mail (webmail.binghamton.edu) is a great way around this problem.
• Never, ever reply to spam. It only reveals that you're paying attention and would like to receive more.
• For the same reason, never click a spam's "opt-out" option not to receive further e-mail. (The "opt-out" is only worthwhile if the solicitation is from a reputable company.)
• If you need that visceral taste of long-term revenge on your palate, you can always forward the spam to the Federal Trade Commission at: spam@uce.gov before you delete it. If you’re unwilling to take your arrival on a spam list lying down, and reporting a spammer to the FTC isn’t enough, check out http://www.spamfaq.net to begin your journey into the shadowy (but still plenty geeky) world of spam fighting.

Computer Viruses

Computer Viruses

 "Computer viruses" are one category of "malicious software". Generally, malicious software can be divided into three different categories: "viruses", "trojan horses" and "tapeworms" (or simply "worms"). Because people have only heard of "viruses", they tend to call any sort of malicious software a virus. One of the dangers of this misuse of terminology is that people come to expect all malicious software to act like a virus. If you read about a virus that has tremendous powers, for instance, the ability to physically damage a portion of your computer, it's probably a hoax.

Virus programs seem to have a few strikes against them from the start - they pop up at inopportune times for a lengthy scan of your hard disks, they may slightly impact the performance of your computer, and they may occasionally cause conflicts with other software. Or, at least those are some of the reasons lots of folks use for not running them.

Today's computer viruses are social - they don't just want your machine, they want our whole network and will use every form of technological and sociological deception to get it:

• Virus carrying emails appear to be from people you know and if you're infected, they might attempt to spread using every email address that can be found on your hard drive.
• Subject lines may entice you to open attachments with vague promises of humor, pictures, games, a screen saver, or even a software update (Microsoft NEVER sends product updates as attachments). The Anna Kournikova virus was hugely successful simply because people thought they were getting pictures of the tennis star.
• One infected machine can infect an entire network, eventually causing the email servers to clog with self-propogating viruses darting from machine to machine. Imagine the cost of the lost productivity on a campus deprived of its network for communication, learning, teaching and and research.
• Many viruses open "back doors" into infected machines, allowing the virus author (or anybody else) to access your data and any data accessible to you over the network.
• Machines with "back doors" can be taken over en masse and used as "zombies" to attack other computers. MSNBC.com was recently knocked off the Internet in a denial of service attack that likely originated from a number (maybe hundreds) of zombie computers that may well have been on corporate or university desktops at the time.

Viruses

A computer virus is a program (a block of executable code), which attaches itself to, overwrites or otherwise replaces another program in order to reproduce itself without the knowledge of the computer user. (See chart on next page for more details.) Many viruses are comparatively harmless, and may be present for years with no noticeable effect. Some, however, may cause random damage to data files (sometimes insidiously, over a long period) or attempt to destroy files or make disks unreadable. Still others cause unintended damage. Even so-called benign viruses cause significant damage by occupying disk space and/or main memory, by using up CPU processing time, and by the time and expense wasted in detecting and removing them. One of the most famous computer viruses was the Michelangelo virus. This virus received wide attention in the media, and sent waves of panic and hysteria through the computer user community in 1992. While Michelangelo itself did relatively little damage to computer systems, the reaction to Michelangelo resulted in a lot of wasted time, effort and money.

Trojan Horses

A Trojan Horse is a program intended to perform some covert and usually malicious act, which the victim did not expect or want. It differs from a destructive virus in that it doesn't reproduce — though this distinction is by no means universally accepted. An infamous "trojan horse" is a fake version of a popular "shareware" archiving program, "PKZIP". This "Trojan Horse" first surfaced in May of 1995, but warnings about it are still circulating on the Internet.

Worms

A worm is a program, which spreads on its own. Unlike a virus, it does not attach itself to a host program. Unlike a trojan horse, it reproduces and spreads by itself. In practice, worms are not normally associated with personal computer systems. The most famous worm is probably the one set loose on the Internet in 1988 by Robert Morris, Jr. Morris’s worm was a small program, which wreaked havoc on machines across the country by overloading them with invisible tasks, preventing users from being able to use the machines effectively.

Common (and not-so-common) Virus Terminology

• Anti-antivirus Virus - A virus that attacks, disables, or avoids infecting specific anti-virus software. Also called a retrovirus.
• Antivirus Virus - A virus that looks specifically for, and removes another virus.
• Bimodal Virus - A virus that infects both boot records and files. Also called bipartite or multipartite. See File-infecting virus and Boot-sector-infecting virus.
• Boot Records - Those areas on diskettes or hard disks that contain some of the first instructions executed by a PC when it is booting up. Boot records must be loaded and executed in order to load the operating system. (Also called "Boot Blocks" or "Boot Sectors".)
• Boot-sector-infecting Virus - Some viruses infect the boot records of hard disks and diskettes. They typically do so by replacing the existing boot record with their own code. The virus is executed when the system is booted from the hard disk or diskette, and installs its own code in the system's memory so that it can infect other hard disks or diskettes later. Once that has happened, the virus will usually execute the normal boot program, which it stores elsewhere on the disk. Other names for this type of virus are: boot sector virus, boot block virus, or boot virus.
• Bug - An error in the design or implementation of a program that causes it to do something that neither the user nor the program author had intended to be done.
• Cluster Virus - A virus that infects disks or diskettes by modifying their file systems so that every program file entry points to the virus code. The virus code only exists in one physical place on the disk, but running any program on the disk will run the virus as well. So, cluster viruses can appear to infect every program on a disk.
• Companion Virus - A virus that creates a new program with the same file name as an existing program, but in a different place or with a different file type, so that typing the program's name on the MS-DOS command line causes the virus program to be executed instead of the original program. For instance, a companion virus could create a file name FOO.COM that contained its code, if a program named FOO.EXE already existed. When the user types FOO on the MS-DOS command line, FOO.COM would get executed instead of FOO.EXE. (This is a special case of a "file virus".)
• File-infecting Virus - Some viruses infect executable files. There are a variety of mechanisms that they use to do so. Usually, the virus will get control when the program is first executed. In most cases, the virus will return control to the original program after it has completed its own execution.
• Logic Bomb - A Trojan Horse, which is left within a computing system with the intent of it executing when some condition occurs. The logic bomb could be triggered by a change in a file, by a particular input sequence to the program, or at a particular time or date (see Time Bomb). Logic bombs get their name from malicious actions that they can take when triggered.
• Malicious Code - Any program or piece of code designed to do damage to a system or the information it contains, to prevent the system from being used in its normal manner, or to accomplish a purpose unintended by the user.
• Master Boot Records - Those boot records on PC hard disks that define the structure of the information on the disk. There is only one master boot record on each physical hard disk. Each logical partition has a system boot record associated with it. (See Boot Records and System Boot Records.)
• Mutant - See Variant.
• Rogue Program - This term has been used in the popular press to denote any program intended to damage programs or data, or to breach the security of systems. It encompasses malicious trojan horses, viruses, and so on.
• Self-Encrypting Viruses - See Self-Garbling Viruses.
• Self-Extracting Files - A file which, when run, decompresses part of itself into one or more new files. It is common to store and transmit groups of files in a self-extracting file to conserve both disk space and transmission time. If infected files are compressed into a self-extracting file, anti-virus programs that only scan files will not necessarily be able to detect the virus. To scan such files, you must first extract and then scan their constituent files. (Some virus software can scan archived files.)
• Self-Garbling Viruses - Some viruses attempt to hide from virus scanning programs by keeping most of their code garbled in some way, and by changing the garbling each time they spread. When such a virus runs, a small header degarbles the body of the virus and then branches to it.
• Stealth Viruses - Some viruses attempt to hide from detection programs by hiding their presence in boot records or files. When such viruses are run, they install a resident extension. This resident extension intercepts various disk accesses, determines if its own code is part of the disk access, and removes the code before giving the data to the calling program. This may allow a virus to be in several places on the disk, but normal disk reads won’t reveal it.
• Time Bomb - A logic bomb activated at a certain time or date.
• (Tape) Worm - A worm is a program that spreads (usually) over network connections. Unlike a virus, it does not attach itself to a host program. In practice, worms are normally not associated with personal computer systems.
• Trojan Horse - A Trojan Horse is a program intended to perform some covert and, usually, malicious act which the victim did not expect or want. It differs from a destructive virus in that it doesn't reproduce though this distinction is by no means universally accepted.
• Variant - A modified version of a virus that is usually produced on purpose by a virus author or by someone who modifies the original virus. Variants may be very similar to their parent virus, or may be fairly different. Some are text variants, which means that the only differences between them and their parent virus are in internal program comments that are never displayed, or in text that is displayed to the screen. Some are the result of small changes made to the original virus, apparently to create a new virus that is not detected by certain anti-virus programs. Some are the result of large changes, such as combining the spreading part of one virus with the damage part of another.
• Virus - A (computer) virus is a program (a block of executable code) which attaches itself to, overwrites or otherwise replaces another program in order to reproduce itself without the knowledge of the computer user.

Real Virus or Virus Hoax?

"Help! I've got email from a friend telling me about a terrible new virus on the Internet. It says if I read this certain email message, it will erase my hard disk and permanently damage my computer! What should I do?" Chances are you can ignore it. There are lots of hoax virus warnings out there. So many, in fact, that CIAC (U.S. Dept. of Energy Computer Incident Advisory Capability) wrote: "The Internet is constantly being flooded with information about computer viruses and Trojans. However, interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, they are still time consuming and costly to handle. At CIAC, we find that we are spending much more time de-bunking hoaxes than handling real virus incidents..."So, how can you find out if this virus warning is for real? Check out these web sites:

• http://kumite.com/myths/myths/
• http://hoaxbusters.ciac.org/
• http://www.symantec.com/avcenter/hoax.html

Email Virus Trail

Email leaves a trail wherever it goes, recorded in the header data that accompanies every message. In Outlook you can view the header data by right-clicking on the message and selecting Options from the menu. In Eudora, open the message and click the “Blah,blah,blah” button on the toolbar.

Pictured below is an Internet worm that was sent to the readers of the PEC listserv. Recipients may have thought the listserv itself was infected but the headers tell the real story.

In this example, while it appears a worm infected the pec-l listserv, it’s actually another campus machine that had permission to post to the listserv that was infected. In the example, a sender portrayed themselves as “The Binghamton.edu team”, using the spoofed address noreply@BINGHAMTON.EDU [2]. Reading down through the headers reveals that the message originated on a machine at the IP 128.226.47.91 [1]. Typically the last “Received: from” line will reveal the IP address of the sender. Finally, note the spelling and grammar [3] in the body, which is often a giveaway that a message isn’t authentic.

NOTE: You can forward infected messages to abuse@binghamton.edu and cite the IP you find in the message headers. If the message originates from a campus IP (128.226…) ITS can locate and clean the infected machine.

Typically, the last “Received: from” line in the headers will reveal the sender by their unique, numeric IP address. Reading down through the headers reveals that the message originated on a machine at the IP 128.226.47.91 [1]. From this we can determine that the infected machine was on-campus (128.226… is a campus address) and that it probably had an address book entry for the listserv that was harvested by the worm. In this example, the worm portrayed itself as “The Binghamton.edu team”, using the bogus return address noreply@BINGHAMTON.EDU [2]. Note the spelling and grammar [3] in the body, which is often a giveaway that a message isn’t authentic.

Remember: Viruses are Simply Software

When dealing with computer viruses, it's important to remember that they are software. That means:

• Viruses can do anything other software can do:
  • Viruses can delete files.
  • Viruses can format hard drives or scramble the data on them.
  • Viruses can communicate over a network.
• Viruses cannot do anything impossible for other software:
  • Viruses cannot damage your CPU.
  • Viruses cannot physically destroy your hard disk, although they can scramble the data on them.
  • Viruses cannot destroy your computer's RAM.
  • Viruses cannot cause your computer system to explode.
• People intentionally write computer viruses, they do not appear spontaneously. They are not accidental mutations of "normal" software. Find more information at: http://vil.nai.com/vil/default.aspx

Email Filtering at Binghamton University

Email Filtering at Binghamton University

Viruses, worms and spam (unsolicited commercial email) have become increasingly prevalent in electronic mail sent to the University community, some of it capable of causing damage to our infrastructure and resulting in costly downtime. In order to protect the integrity of campus computing, Information Technology Services filters incoming e-mail. All mail sent to binghamton.edu email addresses (inbound mail) is scanned and checked for e-mail borne viruses and spam. The spam filter, based on a conservative “blacklist” of known spammers, has proven successful in discarding some 55,000 unsolicited commercial e-mails each day. Since this list generally contains only the most egregious unsolicited commercial e-mail senders, some spam will make it through.

All incoming mail is scanned for viruses at the server level using McAfee anti-virus software and definition files. (McAfee for your desktop is available free from Information Technology Services at http://its.binghamton.edu/software/anti-virus)

1. Clean mail is passed through.
2. Infected mail is disinfected, if possible. Disinfected mail is then passed through.
3. Infected mail that can’t be disinfected is quarantined.

All attachments to incoming mail are also screened for file extensions that are indicative of viruses and other dangerous material:

• If the extension is .zip, .exe, .com, .scr, .bat, .cpl or .pif the attachment is stripped from the message and a substitute message announcing the removal is attached.
• If the extension has multiple types - any one of which is deemed dangerous [e.g., .exe.doc] the attachment is stripped and a substitute message announcing the removal is attached.

NOTE: The content of messages is not scanned. Many commercial and free software products such as Mailwasher (http://www.mailwasher.net) are available that attempt to filter unsolicited commercial email to some extent on your computer, but the efficacy of these solutions has not been adequately demonstrated.

Installing McAfee Anti-virus Protection Software for PCs

Installing McAfee Anti-virus Protection Software for PCs

McAfee Enterprise version 8 will install on the following Windows Operating Systems:

• Windows NT Workstation and all Server versions.
• Windows 2000 Pro and all Server Versions.
• Windows XP Home and Pro.
• Windows 2003 server

NOTE: Important McAfee 7 Enterprise will NOT install on Windows 95, 98 or Millenium.

Preparing your Computer for Installation of McAfee 8 Enterprise

You must be logged onto the Local Machine (not a domain such as BGM), and have an Administrator level account.

• Generally, Windows 2000 and XP users connect to a Domain while at work. To login without connecting to the domain:

1. Save your work and close all open applications
2. Press Start on the lower left of your screen
3. Select Log Off username... or select Log Off username from the Shut Down menu. Windows will close.
4. Press <CTRL><ALT><DELETE> to login. You will be presented with your network logon window.
5. Select your local machine from the Log On To: list. (If you do not see a drop-down list under password called Log On To:, click the Options button.
6. Enter your Administrator username and your Administrator password. Click OK.

• Seek out and uninstall all other virus scanners you may have in your system. When it comes to hunting viruses, scanners are loners and will not function properly with competition.

1. To do this, go to -> Settings-> Control Panel -> Add/Remove Programs.
2. The Add/Remove Programs window displays all the software currently installed on your machine. Search through this list and remove all other virus checkers including any versions of Command Anti Virus, Symantec, Norton and McAfee.
3. Click the Remove button to remove each selected item of software.
4. Restart your computer.
5. Your machine will now be functioning without a virus scanner, so be sure to install the new one before you do anything else. (Save all your work and close all programs before beginning installation.)
6. Go to the Binghamton University ftp site, (ftp://ftp.binghamton.edu/pub/windows/virus-protection/) and double–click in the McAfee8 folder.
7. Double-click on the McAfee8.exe file to run the executable.
8. A splash screen will appear and then disappear and the installation will proceed in the background.
9. You will know the installation is complete when the McAfee icon appears in your system tray in the lower right-hand corner of your computer screen.
10. McAfee is now protecting your computer. It will update the virus definition files every hour of every day.

NOTE: If the Update process fails following installation, restart your computer and then right-click the McAfee icon on your system tray. Choose Update Now from the menu.

Installing Virex Anti-virus Protection Software for Macs

Installing Virex Anti-virus Protection Software for Macs

Installing Virex

1. Go to http://its.binghamton.edu/software/anti-virus.
2. Under Macintosh - Virex Software, click on the appropriate link for your operating system. Download and unzip/unstuff the file.
3. Double-click the software icon to start the Installer and follow the on-screen steps to install the software.
4. Read and accept the license agreement. If you do not accept the license agreement, the installation cannot continue.
5. Click Install to perform the Installation. The Authenticationdialog box appears. Enter your Administrative username and password and click OK.
6. When the Installer finishes, it notifies you with a dialog box recommending you perform an On-Demand scan. Click OK.
7. Click Restart to complete Virex installation. This will ensure that Virex starts properly. Virex is now located in your computer's Applications folder.

To Update Virex Manually:

1. Double-click on the icon for the Virex application.
2. Click on the eUpdate icon in the upper right hand corner of the main Virex window.
3. Virex will contact their home office for a copy of the latest "signature file" including all the latest viruses, worms, and Trojan horses.
4. When it is finished, Quit the application.

To Schedule eUpdates for Virex:

1. From the Virex Schedule menu, choose Edit Schedule.
2. Click the Add button in the lower left hand corner of the Schedule Editor window.
3. Press (and hold) the button labeled Diagnose to reveal a pop-up menu.
4. Choose eUpdate from this menu.
5. Press (and hold) the button labeled After Startup and choose At Specific Time from the pop-up menu.
   • Check to see that the eUpdate event will run monthly. Adjust the date field to show the 1st or 2nd of the month.
   • Adjust the time field so it shows a relatively early time. This is suggested so that at the beginning of each month, your Virex will check for a new signature file when you turn on your Mac.
   • Click on the name of the event, and change it to a name you will recognize. I.e.: Monthly update.
6. Click Save.
7. From the File menu, choose Quit. Your Virex will now keep itself up-to-date every month.

5 Easy Steps to Securing Your Computer

5 Easy Steps to Securing Your Computer

1. Install virus protection software, such as McAfee and Virex, on your computer. McAfee and Virex are available free from http://security.binghamton.edu.
2. Make sure that all critical security patches for your computer’s operating system are applied.
   • For Windows: It is recommended that all users keep their Windows machines "patched". Because bugs are constantly discovered in much of the complex computer software we use, patches for these mistakes are periodically made available. Most Windows user should find a link to Windows Update at or near the top of their Start menu. You can also go to http://windowsupdate.microsoft.com. Download and install any critical updates that Windows Update suggests you need. Remember to run Windows Update at least once a month.
3. If you use peer-to-peer file sharing services (such as Kazaa), disable sharing of files on your computer.
4. Secure all accounts and passwords used by your computer.
5. Disable file and print sharing.