Return to: OIT Home : U of M Home
 
 
     
         
     
Gold University of Minnesota M. Skip to main content. University of Minnesota. Home page. One Stop | Directories | Search U of M
     
             
     
Tech Talk logo. Link to home page.
About the Show
Show Schedule
Episodes
Tech Terms
Viewer Questions
 

  • Season 5
  • Season 4
  • Season 3
  • Season 2
  • Season 1

    • Podcasts
    		 
    submit feedback | contact us |
    		  &nbsp  
     
    Tech Talk Home>>Viewer Questions>>Season 1>>

    Viruses and Spoofing

    On this page:
  • Question
  • Answer
    		•
     
      &nbsp    

    Question

    "I received this message [from the U.S. Courts Postmaster, below] and am confused. I had scanned with Norton [AntiVirus] and found three viruses on my C drive, none of which were in the Quarantine: Klenz, Gibe B, and Bugbear. Yet this message says I have Netsky. I sent parts of this to Norton and asked why their [AntiVirus] didn't detect this. About seven days later I got a form message, I think. . . . Question: Should I be concerned and try their tools to remove these viruses? It involves disabling my rescue C drive and uninstalling Norton [AntiVirus] and reinstalling after cleanup. My [AntiVirus software] was originally purchased five years ago. I have updated each year since and live update all the time. This is a lot to think about for you but represents why several of my friends have all but abandoned their computers.

    [deleted text] 

    ----- Original Message -----

> From the U.S. Courts Postmaster:
> A virus was found in a message sent by this
> "postmaster."
>
> --- Scan information follows ---
>
> Result: Virus Detected
> Virus Name: W32.Netsky.C@mm
> File Attachment: portmoney.zip
> Attachment Status: deleted
>
> --- Original message information follows ---
>
> From: [Larry Carlson]
> To: [a U.S. Courts e-mail address]
> Date: Wed, 3 Mar04 15:32:16 -0600
> Subject: trust me . . . .

    --Larry Carlson

    Answer

    Phil Kachelmyer, who appeared on the "Virus Protection" episode, responded:

    Regarding the original message from the postmaster at the U.S. Courts site, many of the current viruses and worms "spoof" the sending address. What originates from a computer that contains the virus or worm looks like it comes from another. If your antivirus software is up-to-date and the virus definitions are up-to-date (and it sounds like they are) AND it does not detect any viruses you can consider your computer to be pretty secure. Of course, the three viruses that were found are bad things, but if Norton AntiVirus said it cleaned them then you should again be okay. I would say you can safely say that you do not have the Netsky virus.

    A bit more about the "spoofing" issue. What happens is these viruses send out e-mails to everyone who is in the address book on the infected computer, choosing one of those addresses to use as the sending address. The spoofing is done very cleanly so it's often difficult or impossible to tell that it did not originate from the user it says it did. In addition, those messages contain a copy of the virus itself so it can infect the recipient's computer if they do the wrong thing, like try to open the attachment or follow other instructions in the e-mail. The bar has been raised considerably. Back when we first recorded the "TechTalk" program addressing computer viruses they were problematic but didn't cause severe problems. The current lot of viruses do harm to the contents on the computer. It's ever more important to use the antivirus software.

    From your description of your setup I'm wondering if you have the System Realtime Protection enabled. This is a feature of the Norton/Symantec software that runs continuously and is vigilant for any incoming viruses. This will let you know if a virus is contained in an e-mail message you receive, if there's an attempt by a Web page to infect your computer, or if something dangerous enters your system from any other form, such as a floppy disk or CD-ROM. I also cannot tell from your e-mail which version of the software you're running so I won't attempt to tell you how to enable this, but you may want to search for that feature and make sure it's enabled. . . .

    Finally, another feature that may be available in your version of the software is the ability to check for updates automatically at a time of your designation. This will help to assure that you always have the most up-to-date versions of the virus definitions. Even with this feature enabled you should still use the LiveUpdate button periodically. However, if you have it check for updates on a daily basis at a time when you are usually using your computer you'll find you're kept most current. Symantec used to publish new definition files once a week on Wednesday afternoons. It's become much more frequent in the last couple of months.

    		  
     
         		   &nbsp  
             
         
     
     
     
     
    ©2007 by the Regents of the University of Minnesota. All rights reserved. Trouble seeing the text? | Contact U of M | Privacy
     
    The University of Minnesota is an equal opportunity educator and employer. Permissions and Copyright Information

    Page updated Friday, 16-Sep-2005 10:20:27 CDT.