UCSC Currents online

Front Page
Classified Ads
In Memoriam

December 17, 2001

Warning: Holiday greetings may spread viruses

By Steve Zenone, UCSC Security Team

Has the fun been taken out of Christmas?

From an Internet e-mail perspective, the answer is yes. The authors of malicious code (viruses and hostile web sites) have done much to spoil the fun of using Internet e-mail. Many of us have enjoyed sending and receiving electronic holiday greeting cards in the past, but now that can be risky. In our large connected environment, malicious code can, and has, caused problems with UCSC systems. A recent National Infrastructure Protection Center message from the FBI reminds us that:

"Holiday e-cards may spread viruses. Be wary of seemingly upbeat e-mail notes from family and friends that direct picking up personal messages at legitimate-sounding web sites. Often those sites are fake, as are the e-mails that carry them. Clicking the URL may install a Trojan and downloading from the site unleashes malicious code instead of a holiday greeting.

"The attachment--sometimes labeled "e-card.vbs"--may resemble an e-greeting, but is really an attacker's ploy to prey on the curiosity and ignorance of the user."

The UCSC Security Team is publishing the following reminders to discourage users from sending, forwarding and opening electronic holiday greetings and animations when using, or being connected to, the UCSC network.

Holiday e-mail use reminders

Be wary about opening or activating a file or Internet link sent to you attached to e-mail. This is especially important during the holiday season. Historically, there is an increase in holiday greetings and animations sent via e-mail during this time of year.

You should be suspicious if:

  • The attached file or Internet link is not business-related, and/or

  • You don't recognize the sender. (Mass-mailing viruses such as LoveLetter automatically use the Outlook Address book so you could receive infected messages from people you know and trust, if they become infected), and/or

  • You can't determine why the file or link was sent to you, and/or

  • The file name of the attachment ends with EXE, VBS or SHS.

Files and Internet links attached to e-mail may contain or lead to programs that can damage your system, files and the network to which you are connected.

What you can do

  • Delete messages without opening or activating attached files and links based on the criteria above.

  • Do not send, forward or open electronic greeting cards, animations, games, joke programs, chain letters or graphics.

  • Ensure that virus definition files are up-to-date, and that your anti-virus software is configured properly. Update virus definitions weekly and as needed.

  • Ensure that your department personnel heed the subject of this communication.

If you have questions regarding virus issues, e-mail the UCSC Security Team or call Steve Zenone at (831) 459-5408. Information is also available on the web.

Return to Front Page

  Maintained by pioweb@cats