VIRUS INFORMATION PAGE

There has been some nasty viruses circulating lately.  Continue reading to learn more about these pests, what they do, and how to avoid them.

How do you best avoid them?  DO NOT OPEN ANY ATTACHMENTS!!!
This point is so important it bears repeating. 

       DO NOT OPEN ANY ATTACHMENTS!!!

If you follow the step mentioned above you have made the largest step in protecting your computer system from viruses. It is very important that every user that uses your computer system understands this.  Remember the virus doesn't care who opens it.  The end result is that your system becomes infected.

    Some of the latest viruses that have been spreading so effectively appear to be coming from a reputable source.  This is what helps them propagate so effectively.  The email message will almost always have a brief warning about your account expiring or being terminated and then refer you to an attachment for details.  There are others that tell you that you need to run the attached patch to protect your computer from a virus that is spreading across the Internet.  Others yet will come from someone you know asking you to check out the attachment and let them know what you think.

Red Flag #1: Why do you have to open an attachment for details?  Why can't the person  sending you this message just tell you what you need to know in the message. This is so obvious that it is hard the believe anyone falls for it.  But people do by the thousands per day.

Red Flag #2: Many of these message originate from outside the United States.  This is usually quite obvious given the misspellings and grammatical errors usually found in the message text. Why would a legitimate message coming from a legitimate group or company have spelling and grammar errors?   It just doesn't make any sense.  Believe it or not this is still not enough to deter many people from opening these attachments and they do by the thousands per day.

    Red Flag #3: DfwOnline.net, Microsoft, Adobe, McAfee, Symantec, TrendMicro etc.. (read as no legitimate entity) never mass distribute patches or information as attachments to their customers. This needs to be repeated because what is common knowledge among many does not seems to be stopping thousands of folks per day from opening these bogus virus infected attachments.  REPUTABLE COMPANIES NEVER SEND CUSTOMERS EMAILS WITH ATTACHMENTS THAT NEED TO BE OPENED AS PART OF THE MESSAGE.  This simply does not happen.  Again it make no logical sense as described in "Red Flag #1".

EMAIL TROJAN'S EXPLAINED
 

How do these virus do it? 
Let's start with a computer that is infected.  We do not know who this is or where in the world they are located or where they got the virus. These facts have nothing to do with you and are beyond the scope and purpose of this help page.  There is a wealth of information on the Internet about this subject for those of you that want more information. We just want our users to understand the big picture of what is happening and how they fit in.
Email Trojan's spread by sending themselves to everyone in the infected computers address book. They also sometime get email addresses from files that might be cached in the temporary files directories on the infected computers hard drive.

Why do they appear to be coming from someone legitimate? 
Here is the trick that is actually not that tricky. Remember they are sending out to everyone in the infected computers address book.  What better way for the virus to increase the odds of getting it's infected message opened by the recipient then to show the message coming from the actual user of infected computer.  After all, it is his address book so the destination user is more likely to open the message if it coming from someone they know. The name and email address of the owner or operator of the infected computers is easy for the virus to get as it is in the infected computers account setup files located on the hard drive.
We are all familiar with pyramid schemes and how they work.  This is that principal on a grand scale.  Just think, every user that opens that infected email message and thus gets the virus then begins sending out to everyone in that users address book. This just goes on and on and on. It is easy to see how these viruses spread to thousand of computer systems in a very short period of time.

Why would my friend be sending me a virus?
The user (your friend) is not knowingly sending you a virus infected email.  These viruses run in the background on the infected computer and will send out messages without the users knowledge anytime the computer is connected to the Internet. This will continue until the virus is cleaned from the infected computer system. If you are one of the people that opens one of these infected files your computer begins doing the same thing to everyone in your address book.

Why would my Internet Service Provider send me a virus infected email.
The short answer is they're not.  The explanation is fairly simple as well.  The creators of viruses are always trying to come up with ways to get computer users to open their attachments. So one of the latest variants of these email Trojans is doing things differently than what is described above.  This email message looks like it is coming from someone on your network (your ISP) i.e. @dfwonline.net.  It is really quite simple what it is doing.  If your email address is  johndoe@dfwonline.net it sends the virus infected message to johndoe@dfwonline.net and shows the "from" to be staff, admin, billing, support, etc... @dfwonline.net.  This is not very complicated as the @dfwonline.net comes right from your own email address.  So if recipients email is johndoe@yahoo.com the message looks to be coming from staff@yahoo.com..       Everyone accesses the Internet through a service provider, therefore a message    appearing to come from staff@YourISP.com looks official and has a better chance of being opened by the recipient then a message that displays it is coming from
    VirusInfectedComputer@SomeDomain.com. Everyone would just delete the later instantly and therefore reduce the odds of the virus being successful in getting a user to open the attachment. This virus still comes from infected computers around the world just like the Trojan described above.  The only difference is what it puts in the "from" field that you see when you receive the message. These viruses will also use the "YourISP.com" in other places throughout the message to help make it look more official.

Below are some links to TrendMicro's website describing some of these viruses being referred throughout this page.

WORM_BAGLE.K: This email claims that your email account will be disabled because improper using. (note grammar error, "using" instead of "use"). This is the one that looks like is coming from staff@ or support@ etc...  Check out the technical details page and you will probably recognize some of these (click here).

WORM_GIBE.A :This emails attachment is supposed to to be a security update for  Microsoft Internet Explorer or other products.  It nothing but a virus. If you open this attachment you will need some patching after it is done that's for sure. Again note the grammar errors. 

WORM_GANT.C: This one just wants you to check out something. A game, screen saver etc... There is nothing fun about falling for this one.  These messages all fail one or more of the "Red Flag" tests.

These are just a few there are thousands more viruses just like them.  Remember these best step to protecting you computer system from these viruses...

DO NOT OPEN ANY ATTACHMENTS!!!