Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
   Service Ends 11/1/07
   Who Gets Email?
   Switching Email
   Already Forwarding?
   New Accounts
   Closed Accounts
   Group Accounts
   Special Aliases
   Transferring Email
   Address Updating
   Table of Forwarding
   Pine @stanford.edu
   Messages to All
Web Hosting
Get Help
Net Connections
Macintosh
Windows PC
Unix/Linux System
Pangea Server
School Resources
Using Unix

An email from "pangea.stanford.edu team" says my computer is infected. What should I do?

Last revision April 17, 2006

Have you recently received an email like this?

Dear user of pangea.stanford.edu,
 
Your e-mail account has been used to send a huge amount of spam during the last week.
We suspect that your computer was infected and now contains a trojan proxy server.
 
We recommend you to follow our instructions in the attached text file in order to keep your computer safe.
 
Best regards,
pangea.stanford.edu technical support team.

These messages are fake; you can ignore them. Your computer is not sending out huge amounts of spam (as far as we know) and probably has not been infected. Furthermore, the pangea managers would never send a warning email that includes an attachment, because we don't want to encourage you to click on attachments. We would either include information directly in the body of the message, or refer you to a web page on pangea.

The first part of the message was written by a hacker who hopes you will naively click on the attachment he has sent you. For more information on how hackers forge email, see the FAQ Why am I getting notices about viruses found in email from me that I don't remember sending?

The attachment, of course, contains a virus which could have infected your PC if you had executed it. Fortunately, Pangea's anti-virus scanner caught the virus and deleted it. The second part of the message, which is legitimate, tells you what happened:

The original content of this message part has been replaced by this text because it tested positive for the following virus(es):
 
W32/MyDoom-O, W32/MyDoom-BC
 
The original message has been quarantined pending further action by the mail administrator. For further information about the message and its delivery status, please contact the undersigned, and include the full content of this message. The identifier for this message is
'k38Av3gI020579'.
 
The Management
PureMessage Admin <lanz@pangea.Stanford.EDU>

This legitimate text is boilerplate, automatically generated by the PMX/Sophos anti-spam/anti-virus package we run on pangea. Kai Lanz's email is listed as the administrator of that package.

There has been a huge increase in the number of these "MyDoom" worm emails in the last couple of weeks. There is nothing you need to do; just delete them.

 


Comments?

Stanford University    |