Network Services: University Technology Services Center

NETWORK SUPPORT: UNIVERSITY TECHNOLOGY SERVICES

DIVISION OF IT

OFFICE OF IT

GET CONNECTED

UTS HOME


	POPULAR LINKS
	DEPARTMENTS
	SERVICES & SUPPORT
	NEWS & INFORMATION
	A-Z INDEX

NISS HOME

NETWORK SERVICES

FAQS

PROJECTS

STAFF

Frequently Asked Questions

I received an e-mail that looks official and urgent! It even claims to be from "some_official_office@sc.edu"! It is asking me to submit personal information such as passwords, credit card numbers, VIP pin number and/or social security number. Is this a legitimate request? What should I do?
I received an e-mail that claims to be from ebay, Citibank, paypal or some other organization/person that is asking me to login to their site to reset my account information. They were even nice enough to provide me a link in the e-mail! Should I?
I received an e-mail that is from the MailScanner E-Mail Virus Protection Service. What do I do?
I tried to send an e-mail to someone with an attachment that I *know* is not infected with a virus, yet the mail system quarantined it! What gives?
How can I stop getting so much spam?
I do not want to receive all of those virus notification email messages, what can I do?
Who is guarddog.csd.sc.edu and watchcat.csd.sc.edu? I keep getting emails and spam from them.
I want to report this spam/phishing/fraudulent email attempt to someone. Who can I report it to?
I cannot connect to a site or machine I was able to connect to yesterday, but I can connect everywhere else. Is it the firewalls?
My manager/chair/supervisor thinks that someone who works with us is spending their work time looking at porn or other non-work related sites on the Internet. Can my network manager or can you monitor their traffic so that we can prove this is the case?
How to Documents

Q: I received an e-mail that looks official and urgent! It even claims to be from "some_official_office@sc.edu"! It is asking me to submit personal information such as passwords, credit card numbers, VIP pin number and/or social security number. Is this a legitimate request? What should I do?

Never give anyone this information via e-mail - even if it seems official. Never click on any of the links found in such e-mails. Never open any of the attachments in such e-mails. Simply delete these e-mails. If you are still unsure about what to do, ask your local network manager or computer help desk for further assistance.

Q: I received an e-mail that claims to be from ebay, Citibank, paypal or some other organization/person that is asking me to login to their site to reset my account information. They were even nice enough to provide me a link in the e-mail! Should I?

Absolutely not. This is commonly known as a “phishing” attempt, and it’s goal is to get you to voluntarily disclose your passwords, credit card numbers and other sensitive, personal information. The link provided in the e-mail will *not* send you to the legitimate vendor site. Instead, it will send you to a look-a-like site. The following links provide more details on phishing: http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
http://antiphishing.org/

Q: I received an e-mail that is from the MailScanner E-Mail Virus Protection Service. What do I do?

Warning: This message has had one or more attachments removed
Warning: (email-info.zip).
Warning: Please read the "VirusWarning.txt" attachment(s) for more information.

To safeguard your email account from possible termination, Please follow the instructions in the attached file.

----------------------------------------------------------------------
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "email-info.zip"
was believed to be infected by a virus and has been replaced by this warning
message for your protection.

NOTE: Email messages directed through Computer Services guarddog.csd.sc.edu
mail server (mail addressed to Gamecock Email accounts, USC aliases,
and other USC systems using guarddog.csd.sc.edu for delivery) is being
scanned for viruses effective 6/26/02.

If you have questions about this action, please FORWARD a copy of this email with your questions to the Computer Services Help Desk, cshelpdesk@sc.edu. Alternatively, you can create a ticket via http://cshelpdesk.csd.sc.edu; please cut and paste the following detail into the error msg field of the ticket along with your comments:

At Sun Apr 12 11:16:29 2005 the virus scanner said:
McAfee: email-info.zip/EMAIL-INFO.PIF Found the W32/Mytob.gen@MM virus !!!

Note to Help Desk: Look on guarddog in /usr/local/MailScanner/quarantine/20050304 (message j6D4lA24014837).

--
Postmaster
http://cshelpdesk.csd.sc.edu
e-mail: cshelpdesk@sc.edu
777-1800

This message was generated by one of the university mail servers. It is telling you that a message destined for your address was quarantined and the reasons for that. In this particular case, the virus scanner on our mail system found an infected file. This message can safely be ignored. No action is necessary on your part. Your computer is more than likely not infected with a virus/worm. If you feel that your computer may indeed be infected, please contact your local network manager or computer help desk for further assistance.

If this were actually a legitimate attachment that was found to be infected and quarantined for some reason, USC postmasters would be able to deliver the message to you at your request. You can make such a request to postmaster@sc.edu.

There are so many different forms of malware on the internet that it would be an exercise in futility to list all the different possible messages you might get, and they are constantly changing and evolving. If you simply follow the below listed “best practices”, you will remain pretty safe from e-mail bourn malware:

Never open attachments you were not expecting - even if they come from someone you know.
Never click on links in suspicious e-mail messages.
Don’t open suspicious e-mail, period. Simply delete it. If it is important, you will be contacted again in a similar fashion or by other, offline means.
Do not enable html e-mail features in your mail client! Read e-mail as plain text only. E-mails don’t look as pretty then, but it closes the door to a whole slew of attack vectors and keeps you safe.

Q: I tried to send an e-mail to someone with an attachment that I *know* is not infected with a virus, yet the mail system quarantined it! What gives?

Unfortunately, there are circumstances where the mail server will quarantine innocent messages. Any message that is named in such a way as to contain “multiple extensions” will be flagged as suspect and quarantined automatically. This is due to the prevalence of malware using this technique to trick people into opening infected files. For example, we often see infected files named in the following fashion (this is only a tiny fraction of actual file names we see, but serves to illustrate the point):

document_full.pif
attach.rar.exe
email-info.htm.scr
email-text.pif
IMPORTANT.txt .exe
body.htm .scr
data.htm .exe

To prevent these sorts of attachments from sneaking in to our network before anti-virus vendors detect the latest and greatest malware, we simply quarantine them. This has the unfortunate side effect of also quarantining attachments that are legitimate but named in a similar fashion, like so:

blahblah.rtf.wps
blahblah.23mar04.txt
very-important-dissertation.doc.pdf
my life work.critical.doc
my_cool_website-script.html.php
statistics homework.assignment32.final.xls

Thus, a simple way to work around this limitation is to not name your files in such a way as to contain more than 1 period. If it contains more than 1 period in the name, the mail system will quarantine it.

Q: How can I stop getting so much spam?

Please see http://www.uts.sc.edu/emailservices/spam.shtml for instructions on how to filter your spam.

Also, be aware of the ways that spammers get your address. Here are the top ten ways spammers get their email addresses, according to FrontBridge:

Put an email address on a high traffic website.
Post or reply to a post on Usenet.
Post or reply to a post on a public web-based discussion group.
Register the address with a website that goes out of business and sells its email lists.
Register the address with a website that sells lists.
Subscribe to a porn site with the email address.
Reply to an opt-out email or click on an opt-out link in a message. Do NOT reply to a spam message - all this does is verify your address is real.
Use an address with a common name that can be easily guessed (e.g. bob@domainname.com)
Register a domain name.
Post an email address in a chat room.

Here is a web site that describes how to slow down the harvesting of your email addresses:
http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm

Q: I do not want to receive all of those virus notification email messages, what can I do?

You can use the instructions on the spam filtering site:
http://www.uts.sc.edu/emailservices/spam.shtml

Instead of filtering on the:

"{SpamScore:*sss"
or
"{SpamScore: sss"

tags, use the: "{Virus?}" tag.

(remove the double quotes)

Q: Who is guarddog.csd.sc.edu and watchcat.csd.sc.edu? I keep getting emails and spam from them.

Guarddog and watchcat are the two load balanced anti-spam/anti-virus machines at the border of our network. The reason emails look like they come from them is that, when a spammer fakes their "From" address and just puts a plain name as the address without any "@somewhere.somewhere" at the end of it, the anti-spam machines automatically tack their machine names onto the end of the name so that the email becomes compliant with email standards.

Q: I want to report this spam/phishing/fraudulent email attempt to someone. Who can I report it to?

The Federal Trade Commission (FTC) Bureau of Consumer Protection is who you are looking for. See the following link to report such emails:

https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01

Q: I cannot connect to a site or machine I was able to connect to yesterday, but I can connect everywhere else. Is it the firewalls?

No, it is not the firewalls. We do not make random changes to the firewalls. If you are still unsure check with your network manager and have them check with your local security contact. They are the ones that can request changes made to the firewalls that would affect your machines.

Q: My manager/chair/supervisor thinks that someone who works with us is spending their work time looking at porn or other non-work related sites on the Internet. Can my network manager or can you monitor their traffic so that we can prove this is the case?

No, this is a felony. University employees do not sign a consent form when they are hired stating that their traffic will be monitored. This would be considered an illegal wiretap. See: "Interception of Wire, Electronic, or Oral Communications," Title 17, Chapter 30, Code of Laws of South Carolina for further information.

Beginners guide for data security: (HTML) (Word Doc)

How To Documents

How to patch your Microsoft machine (HTML) (Word Doc)

How to tell if you are Administrator on your Windows 2000 machine (HTML) (Word Doc)

How to tell if you are Administrator on your Windows XP machine (HTML) (Word Doc)

How to tell what kind of Windows machine you have (HTML) (Word Doc)

How to use the Microsoft Baseline Security Analyzer (HTML) (Word Doc)

Basic Microsoft Security Checklist (HTML) (Word Doc)

How to make an SSL certificate for a Microsoft IIS 5.0 Web Server (HTML) (Word Doc)

2002 CLA InfoTech Presentation:
"Protecting Your Microsoft Windows Machine from the Ravages of the Internet"

USC LINKS: