Welcome to Prospect Technologies! CLICK HERE to reach Greg!

Saturday, November 22, 2003

Question:

I got an e-mail from admin@prospect-tech.com that contained a virus. I thought you folks at Prospect Technologies had all sorts of virus detectors / blockers on your e-mail servers? If this is so, then how did I still get this virus? Signed: “Concerned in Connecticut”, Bridgeport, CT

Answer:

Dear “CIC”:

Thanks for your e-mail and it appears as if you have run across the W32.Mimail@MM virus!

This virus has spread several times in the last few months and now has several different variants. It has also spread w/ alarming speed and infected numerous networks before virus definitions could be created by any of the Virus protection companies.

CLICK HERE to reach Greg! Here at Prospect Technologies, our anti-Virus program(s) are set to retrieve definition updates 24 a day, every day, seven- (7) days a week, 365 days per year. By doing so, every piece of mail entering or exiting our mail server is scanned before it can reach the intended target. While it is impossible to say that Prospect Technologies was not culpable for an infection, due to our rigorous procedures, the probability is very, very small. In fact, periodically, our procedures are reviewed to insure that the firm has done everything possible to prevent re-infection w/ a virus.

So how did the infection start? Let’s look into what happens when this particular nefarious virus begins its handiwork.

When an infection occurs, the W32.Mimail@MM virus begins e-mailing to every address in the infected computer’s Outlook or Outlook Express address books, e-mail lists, contact folders, etc. etc. If this wasn’t bad enough, the virus “spoofs” an e-mail address -- admin@domainname.com or info@domainname.com! -- from either the infected computers domain or some other registered e-mail domain that it found in the address book. These infected e-mails will usually contain a message asking you to update your computers operating system and directs the recipient to open an e-mail attachment. Unfortunately, this attachment contains the virus.

Interestingly, these e-mails have the ability to be sent from protected network because it uses an “open-relay” technique allowing it [the e-mail] to be forwarded to a “rogue mail server” somewhere on the Internet. This rogue server then allows mail to be illegally forwarded using these “spoofed” e-mail addresses. In your case, the alleged message appeared to be from admin@prospect-tech.com. Remember, due to the practices of the virus, this e-mail may NEVER have resided on any Prospect Technologies’ e-mail server or computer. Unfortunately, finial receipt receives this “spoofed” e-mail and believes the attachments are safe as they appear to be from a trusted source and / or business partner.

So w/ all of these nuances to this virus, how do we protect our computers from this and / or other malicious viruses?

There are several steps to take to minimize the risk of infection by the W32.Mimail@MM or some other menacing virus.

To begin, Prospect Technologies recommends that all computers be set to receive virus definition updates on a daily or weekly basis with corresponding virus scans as soon as new virus definitions are available. This will step will help a great deal, it will not stop viruses for which no definitions have been developed. Fortunately, with virus attacks increasing, most anti-virus protection companies – e.g. Norton, MacAfee, etc. etc. -- are developing definitions very quickly thereby reducing the amount of time an infected computer remains dangerous to other systems.

If your system becomes infected, it is recommended that you remove the computer from your network immediately thereby protecting other systems from infection. Once this is done, virus definitions or virus removal tools can be downloaded from your anti-virus companies (i.e. www.symantec.com) and copied on to removable, un-rewritable media such as a write protected floppy disk or a CD-R. This media can be used to remove the virus from any infected computer. If a virus removal tool is used, it is advised that this be used on all computers to assure complete removal from your network. If onsite employees cannot complete this process, Prospect Technologies is fully prepared and able to perform these actions.

In addition to the steps outlined above, it is suggested that the following simple rules be followed to prevent damage to your system(s):

  • In Outlook or Outlook Express (or any other e-mail programs), the preview mail options should be turned off to keep e-mail scripts from being automatically installed on your computers.
  • You should have your virus scanning software scan every piece of inbound and outbound mail.
  • If you receive a piece of mail unexpectedly from someone you know and it has an attachment don’t be hesitant to call or e-mail to confirm the validity of the attachment you received.
  • Update your Windows operating system from Windows update site at http://v4.windowsupdate.microsoft.com/en/default.asp at least once a month (preferably at least once a week) with the newest patches being released at the Microsoft website.
  • DO NOT load any piece of software sent to you in an e-mail! Any legitimate software update will redirect you to the company’s Web site to retrieve the required updates and downloads.
  • Do not instantly believe every e-mail that you receive. Take it [the e-mail] for what it is: a sometimes nameless and faceless contact that you have on your computer.
  • Be aware that hoaxes can do as much damage as a virus if you act without checking first. If you receive warnings about a virus, check with your Anti-virus company. Chances are if it is either a virus or a hoax they already know about it and can inform you on how to proceed.

Lastly, if you are unsure what to do, contact an Information Systems professional for advice on what steps you should take to protect your systems. Or just drop me an e-mail at askgreg@prospect-tech.com.

So “CIC”, I am very sorry you received a virus from your e-mail. However, following some of the rules that I have outlined above might help you not to receive the NEXT virus that comes into your inbox!

”+”

CLICK HERE to reach Greg! Mr. Greg Pringle is a Program Manager and Systems Engineer for Prospect Technologies and is author of the popular computer technology column entitled, “Ask Greg!” You can reach him by simply e-mailing askgreg@prospect-tech.com.

Mr. Pringle has been w/ Prospect Technologies since 2000 and has served in such diverse roles as a Program Manager, Systems Administrator, and Client Hardware and Network Specialist. He has recently supported the extensive Prospect Technologies engagement at Herb Gordon AutoWorld / MileOne, an auto wholesaler / operation of nine-(9) separate dealerships located on a thirty-(30) acre campus in Silver Spring and Annapolis, MD. For this work, he has received the firm’s special recognition award for his outstanding customer support and technical excellence.

Mr. Pringle is a Microsoft Certified Professional, a MCP+I, and Microsoft Certified Systems Engineer specializing in the Windows NT platform(s). He has also studied at NetCert – the Technical Education Center in Virginia. Prior to this, Mr. Pringle attended the University of Maryland at College Park where he majored in Business Administration and Computer Technology.

Mr. Pringle has supported numerous Prospect Technologies clients that have included, for example, Herb Gordon Auto World / Mile One, the Coalition of Community Development Financial Institutions (CDFI), the Princeton Club of New York, Lawyers for Civil Justice (LCJ), Lighting Maintenance, Inc., AEO, and the Law Offices of McCarthy & Schatzman. He also serves as the System Administrator for Prospect Technologies’ Internal Server Farm where he is responsible for the day-to-day maintenance of the firm’s 50+ Web site complexes and over 25 customer e-mail systems. He supervised all activities including software and patch rollout on the firm’s Web, e-Mail, file, storage, and numerous application servers.

”+”