Viruses and E-Mail Address Spoofing

Has someone you know accused you of sending them a virus from your Loyola account?  Or have you received a bounced email from a message you never sent?  This page will attempt to explain why these events occur and what Loyola is doing to prevent viruses on campus.

First, you must understand how email works across the Internet.  When email is sent, there are certain fields that are almost always used, such as "From:", "T" and "Subject:".  The "T" field is required, but the other fields are more like conventions - not required, but something that is polite to fill in to make the email easier for the recipient to read.  The "From:" field is not only optional, but there is no authentication done on it - in other words the sender can fill in any value for the field.  A user can send email across the Internet and fill in "From:" fields to make it look like it came from "pope@vatican.va" or "billg@microsoft.com" .

For an email virus to spread, it has to mail itself out to potential victims - usually as an attachment to an email.  When a virus infects a computer, it often searches the hard drive of the infected computer for email addresses of potential new victims.  Some of the addresses it finds it sends itself out to, but others it uses to fill in the "From:" field.

Here is an example. Alice knows both Bob and Charlie and has email stored on her computer from both of them. Then Alice gets a virus.  The virus searches Alice's hard drive and finds email addresses for both Bob and Charlie.  The virus tries to propagate by sending email to Charlie, filling in Bob's email address in the "From:" field.  Neither Bob nor Charlie are aware that the email really came from Alice's infected computer.

Since Bob and Charlie both know Alice, it is likely that they know each other.  When Charlie receives the virus from Bob with a message that says "Hey, open this attachment", Charlie might be more likely to open the attachment since he trusts Bob, which will lead to him getting infected.  Alternative, Charlie might notice something strange about this email and realize it is a virus.  Since it appears to come from Bob, Charlie might contact Bob and suggest that Bob clean the virus off his computer and stop sending Charlie virus infected emails.  Since the virus was on Alice's computer, Bob has no idea what Charlie is talking about.

Loyola College prevents certain attachment types from entering/leaving the campus network via email, including .exe, .zip, .com, and .bat files.  Those emails are sent to our GWGuardian quarantine server.  Loyola also scans incoming/outgoing emails for known viruses and will quarantine them also.  If you have sent or received a blocked attachment email into your quarantine that you KNOW is not a virus, please phone the Technology Service Center at x5555 to get that file released.

The final layer of virus security at Loyola is Symantec AntiVirus installed on all hosts on the Loyola network.  If you need a copy of this software, again, please contact the Technology Service Center at x5555.

I have a virus.  What do I do?

Don't worry, it happens to all of us at one point or another.  The first step is to remove the virus.  Many of them require the use of a removal tool (program).  We have most of them here.

Also if you need help you can call the Technology Service Center (TSC) at x5555 option 1.