From support@hkucc.hku.hk
Your account is disabled or your password
is updated.
To re-activate your account or get your updated password,
click on the attachment...
+++ Attachment: No Virus (Clean)
+++ Cc Antivirus - www.hkucc.hku.hk
2. How to distinguish a fake email notice
2.1. Verify the sender's IP address
Reveal the full header of an email messages and you will see
the real origin of the email. Many
information in the header can be
forged but the IP addresses
would reveal the actual origin of the email.
Look for the lines beginning with
"Received:" in the sample header below. Reading from
bottom to top, the first "Received" line
shows the
computer name (which
could be fake) and the IP
address (165.165.244.24) of the
originating computer sending the email. There may be other "Received" lines
between the first and the last showing the relaying computers between
the sender's and the recipient's email servers.
Return-Path:
<psbpkilrdn@dell.com>
Received: from www.hku.hk ([147.8.145.52])
by hkusua.hku.hk (8.13.3/8.13.3) with ESMTP id
j85JwbPu011452
for <chaumabc@HKUSUA.HKU.HK>; Tue, 6 Sep 2005 03:58:37
+0800 (EAT)
Received: from dell.com (tpr-165-244-24.telkomadsl.co.za
[165.165.244.24])
by www.hku.hk (8.13.3/8.13.3) with SMTP id
j85JvW0N1131632
for <chaumabc@hku.hk>; Tue, 6 Sep 2005 03:58:14 +0800
(HKT)
Date: Tue, 6 Sep 2005 03:57:32 +0800 (HKT)
Message-Id: <200509051958.j85JvW0N1131632@www.hku.hk>
From: "chaumabc@hku.hk" <liverpoolpromo2@uk2.net>
To: chaumabc <chaumabc@hku.hk>
Subject: WINNING NOTIFICATION...................
As seen from the sample header above, the sender's IP address is
actually [165.165.244.24] and the email address
is spoofed as
"chaumabc@hku.hk".
2.2. Verify the attachment before opening
The Computer Centre would never send an email
attachment to our users. If you
receive an attachment from a known email address (it could be
fake!), you should verify with the
sender by reply email. If this is authentic, you would get a
confirmation from the sender that he has sent you
an attachment. If you get a bounced mail or
non-delivery notice, you would know that this is false.
Even after you
verified that the attachment is real, you should
have an anti-virus software with daily update of virus pattern on
start-up of your computer to protect you when opening the
attachment.
Note that even if an attachment is confirmed to be from a known
correspondent, it is always wise to be vigilant as it may
unfortunately be infected with a virus.
3. What to do if your PC is infected with a virus
If you unfortunately opened an attachment and your PC got infected with
the virus, don't panic and do the following:
3.1. Update your
anti-virus and anti-spyware software
and scan your computer
Every computer should be protected by an anti-virus software.
Update your anti-virus software and scan your computer.
Delete the virus(es) when found.
Do the same with your anti-spyware
software.
Note: You should
also install an anti-spyware software in your PC
for protection. It works similar to an anti-virus software by
scanning the memory and storage drives on your computer. If
Trojan horse or spyware is found, it
will be deleted. Just as for anti-virus patterns,
anti-spyware must be continuously
updated. Microsoft has released the
Microsoft Windows AntiSpyware.
Click here to download this free software (beta version at
the time of writing).
See
our FAQ for another anti-spyware Spybot
which requires manual update.
Some viruses will block your access to the anti-virus site
so you cannot get the antidote. If that is the case, first
disconnect the infected PC from the network (so you will not
spread the virus on the network). Use a clean PC to connect to the
network and go to your anti-virus website to get the removal tool for
the virus. Copy it to a CD or
a USB thumb drive and run it
in the infected PC
to clean up the virus.
See our FAQ for more details.
For a brand-new virus, the antidote may not be available yet.
In
this case, report to the Computer Centre via
ithelp@hku.hk and our
colleague will send
a copy of the virus to anti-virus providers for analysis.
You may
have to wait a day or two until the antidote becomes available.
3.2. Update your Windows
This is a preventive measure rather than cure, but as the saying
goes, "prevention is better then cure". By doing Windows
Update, you
are closing all the known vulnerabilities of
Windows and reducing the chances of being hit
by a Trojan horse or
virus from the Internet and preventing your PC from
disseminating your own virus on the Internet.
In your Internet Explorer browser's menu click "Tools" => "Windows
Update" => scan for updates
and do all Critical Update. If you have
Windows XP,
configure Windows XP to do automatic windows update.
3.3. Getting help
If your infected PC
is a departmental computer, please ask
your departmental technical support staff to help clean the
virus.
If you have a personal notebook computer,
study the
FAQ
and follow the steps in questions 7A and 7B. If it fails,
you may try our
technician service counter by bringing your
notebook computer to the Library Building
Old Wing, Room 134A or to the IT Student
Ambassadors at their counter in the K K Leung Concourse (see
opening hours).
