Malicious - Ma-li-cious - "Having the nature of or resulting from
malice; deliberately harmful; spiteful." -- American
Heritage Dictionary of the English Language, Fourth Edition
Malware - Mal-ware - Malicious Software
For our district, this is by far
the most disruptive category. When a hoax e-mail is received, at the very
least, it takes up the time needed to read it. It also takes time to check
if the message is really a hoax. And finally, you would be surprised on
how much space is used up on our servers storing these hoax messages.
Hoax/scam e-mail tends to fall into one of these categories:
- Bank/Credit Card "phishing" scams -
These emails claim to be an alert from your bank or credit card company.
Typically they warn you that something bad has happened or will happen soon
(account is going to be closed, suspicious activity, security problems,
etc.) The email will provide a link to the "bank"
website. The website, however, is actually owned by criminals who want
to obtain your account, Internet log in information, or just want you to
visit the site so they can infect your PC.
- Alerts - These are generally virus alerts or
alerts of other hoaxes or scams. NO security agency uses a "Please
Forward" type e-mail for alerts. They all use either a web site,
or a system which you must sign up to receive the e-mail alerts.
- "Something for Nothing" messages -
These hoaxes generally promise money, vacations, or something else free in
return for forwarding the message on to as many people as possible.
Most say they are testing some type of e-mail tracking system. (With the way
Internet e-mail is sent, it is NOT POSSIBLE for any tracking system to
automatically determine who a messages is sent to.)
- "Please Help" messages - These
hoaxes generally claim that money will be donated to some cause for every
copy sent. Others claim to need you to take action to prevent some serious
wrong. Examples are "Missing Child", "e-mail tax
bill" and "Children's Miracle Network Fundraiser" messages.
What can you do?
- First: If the email claims to be from your bank or other financial
institution, be suspicious immediately. If legitimate it is very
unlikely they would be contacting you via email before calling or sending a
message via U.S. Mail. If you think the email may be legitimate, DO
NOT CLICK ON LINK(S) OR USE CONTACT INFORMATION IN THE EMAIL. Instead
look up the number in the phone book and call them directly.
- Second: Assume that any e-mail you receive that fits into one of the
categories above is a hoax. Especially be suspicious if it asks you to
forward it to everyone you know.
- Third: Think about what the message says. Does it make some extraordinary
claim? Does it claim that some message tracking software is going to
be used? Does it claim that simply opening a message will erase your
- Fourth: Do some research before you forward it to anyone.
Fortunately, there are now a few web sites dedicated to stopping the spread
of hoax e-mails. I have some links for them listed on the District's
If the message claims to be from a well-known organization (IBM, CNN,
McAfee, etc.) you may want to check with that organization's web site.
If you simply can not find any information about the message, forward it to your building's technitian
instead of forwarding it to others. We'll check on the message and see if it
is legitimate but PLEASE at least check the hoax sites mentioned
- Finally: Unless there is a very good reason why the message should be
forwarded on, DON'T forward it. Just delete it.
Because DCE uses and
regularly updates virus software on all workstations and many servers, viruses
are not a big problem in our district. We also receive some extra
protection due to the e-mail software and workstation configurations that we
have chosen to use. Since the start of the 1998-1999 school year, the district has suffered
only a handful of virus infections. This is an incredible record.
Every time a virus is detected anywhere in the district, an alert is
automatically sent out. We receive an average of 2 virus alerts each
week. Malicious web sites probably account for 90% of the virus
alerts we receive. These are web sites which hackers are using to try to
break into computers of those who visit the site.
Viruses still should not be ignored, however, since even the best virus
software can't catch 100% of them. A brand new virus which sneaks in
past our anti-virus software has the potential to do a lot of damage.
example in November of 2000, a virus infected five computers and deleted all .JPG
files on the high school server and several on the Administration building
server. This virus took advantage of the fact that our anti-virus software
didn't check .VBS files when using it's default settings. (Fortunately,
because we are using Netware on our server we were able to recover every one of
the .JPG files.)
What can you do?
- Only use district approved software. Part of the considerations when
choosing software for the district is virus resistance.
- If you get an e-mail attachment you were not expecting, check with the
sender to be sure it was sent intentionally. Many viruses spread
by e-mailing themselves from an infected machine. The e-mail appears
to come from someone you know.
- If you must open an attachment, try to use GroupWise's "view"
option. Right-click on the attachment and choose View instead
of double-clicking on it. GroupWise is able to safely view many
different types of attachments.
- Purchase, use, and update anti-virus software at home. The second most commone source
of the virus alerts we receive each month are from documents which were
infected at someone's home then brought to school on a floppy, ZIP disk or
CD. For more information about viruses at
home, see our Virus FAQ Page.