This article is to help understand the current situation regarding internet based viruses and worms. It should help you understand the reasons behind certain strange occupancies such as:

Receiving a virus email from:
1. A complete stranger
2. Someone you know who denies they are infected.
3. A nonexistent account
4. Grandpa (who doesn"t know how to send attachments!)
5. Us
6. Yourself (!)

Worms vs. Viruses

The main difference here is that worms replicate themselves and act as free agents, roaming the internet by sending themselves to people. Viruses rely more directly on human help to spread (eg sharing a floppy disk). Worms still need to be executed manually but once started, they will search your machine for any address books and email themselves to the contacts contained therein. Of course there is other mischief they can get up to as well - ranging from showing a funny image on your screen to deleting your hard drive.

The "Clever" Idea

For a while worms propagated by grabbing addresses out of your address book and sending emails appearing to come from your account. Inevitably one of your helpful friends will write back a polite (or not so polite) email gently pointing out that your computer is sending out viruses and suggesting that you scan your system. You would do so and the worm would be terminated.

Worm coders soon cottoned on to the idea of making it much more difficult to trace the real originator of the infected email. New worms were born that again scanned your address books and did one of the following:

1. Made up an email address to send itself from
2. Selected another address in the address book to send itself from.

Thus the email would be received appearing to come from either a fantasy address or otherwise some other contact who is most probably completely innocent!

Further Deceit

Some worms try to be even more clever. Say your address was joe@hailsoc.net. The worm would send itself to you and make up a from address along the lines of "admin@hailsoc.net" and create a very believable email stating something like:

Joe,
Your account has been found to be sending out SPAM email.
Please run the attached file immediately to clean your account or we will be forced to suspend your use of this service.

Best regards,
hailsoc.net Mail Administrator

All that the worm has done is stuck in your username and the domain name into a generic email template and it instantly has an effective email that relies on fear to ensure its continued survival and propagation.

Heed These Words

"We will NEVER EVER send you an attachment for any reason whatsoever
unless you have specifically requested that one be sent".

Also note that the emails made up by worms are often rude or curt and often contain bad English - so do look out for obvious language mistakes. As some of you have experienced we are also extremely polite and helpful and would always offer assistance rather than hand out threats about closing accounts.

What You Can Do

All services within our group run similar systems that try to block infected messages at the perimeter as well as filtering emails as they get to your account. The perimeter filters work silently in the background but you can configure your local filters yourself. Log into your webmail account and go to OPTIONS > SPAM AND VIRUS FILTERS. We suggest you select all of the high risk file types to block and move them into your junk folder.

You should also run a local virus scanner on your computer. As well as the well known commercial scanners there are some highly regarded free ones:

AntiVir: http://www.free-av.com
AVG Anti-Virus: http://free.grisoft.com/

If you have any further questions do contact us at help@hailsoc.net and we will do our best to answer promptly and clearly.