August 11, 2004
To: UCOP Personnel
From: Patrimpas Prapuolenis, Manager, IR&C Desktop Computing Services
Monday's computer worm attack illustrates how critical it is for each
of us to be judicious when opening e-mail attachments. Unfortunately,
we can no longer assume that an e-mail is legitimate just because
it's from a coworker, supervisor, friend, or familiar organization.
Viruses and worms routinely fake the sender's name and e-mail address
to look as though the message is from someone you know and trust.
The intent is to trick you into opening the attachment containing
the worm and thereby allowing the worm to spread throughout the network.
Once a worm infects your computer it can spread and infect more computers
by sending itself as an e-mail attachment to anyone whose e-mail address
is on your computer. Worse still, it can directly attack any computer
on the same network as well as give remote control of the infected
system to the hackers. But a worm cannot do all this until that first
person opens the attachment inside our network, which is why precaution
is so important.
Be cautious when you receive
attachments, and consider the following tips and suggestions in dealing
with them:
1. Don't rely on the sender's name or e-mail address for verifying
the legitimacy of an e-mail message and attachment.
2. Read the message in the body of the e-mail. Does it provide sufficient
detail about the attachment and its purpose? If it seems suspicious
in the least, don't open the attachment.
3. Be suspicious if:
--The subject line is blank.
--The subject line and message use bad grammar and have misspellings.
--Several messages have the same subject line.
--The subject line has odd symbols and characters in it, or is in upper case.
--The message asks you to update or change your account.
--The message stresses urgency and immediate action.
--The message pretends to be a server-generated message (e.g., a delivery error message for an e-mail that you never sent).
--The attachment is from someone you do not know.
--The attachment appears to be from a known and trusted sender but you weren't expecting it.
--The attachment name is vague and general; there isn't an accompanying description with specific detail and context.
--The attachment has an uncommon file extension, such as .exe, .scr, or .pif.
--The attachment is described as an important software update or patch. (Note: IR&C never distributes updates or patches as attachments. We either refer you to a secure internal Web site or coordinate with departmental PC coordinators for distribution.)
When you suspect you have
received a message with a virus in the attachment, please do not open
it but contact your departmental PC coordinator immediately.
By following the guidelines above, you are helping protect the UCOP
network. Thank you for your cooperation.