MachLink^® Help Center

All Computers Are Prone to Infection
The only way to completely protect your computer from the threat of viruses, worms, and Trojan horses, among other things, is to isolate your computer from the rest of the world. In other words you wouldn't be able to surf the web, use email, connect to a network or exchange CDs and/or floppy disks with any other computer users. Why? Because anytime your computer comes in contact with data from an external source, there is always the possibility that the data source contains malicious enemies such as a virus, worm, or Trojan horse. However, it is unlikely and unrealistic that you won't be accessing other data sources, and therefore, you will need to take action to protect your computer.

Viruses

What is a Virus?
A virus commonly inserts itself into other program files, in the same manner that a virus in nature takes over the workings of normal cells. When the infected program runs, the virus code gets a chance to inspect its environment and look for and infect new carriers in the form of other program files. If a user transmits an infected file to another user, or if infected storage media moves from one machine to another, the virus may spread rapidly.

Viruses can be transmitted as attachments to an email note or in a downloaded file, or be present on a diskette or CD. The immediate source of the email note, downloaded file, or diskette you've received is usually unaware that it contains a virus.

Some viruses wreak havoc as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful, erasing data or causing your hard disk to require reformatting. Therefore, it is necessary to always keep a bootable CD or floppy in case your computer crashes. A virus that replicates itself by resending itself as an email attachment or as part of a network message is known as a worm.

The best protection against a virus is to know the origin of each program or file you load into your computer or open from your email program. Since this is difficult, you can buy anti-virus software that can screen email attachments and also check all of your files periodically and remove any viruses that are found. From time to time, you may get an email message warning of a new virus. Unless the warning is from a source you recognize, chances are good that the warning is a virus hoax.

All Computers Need Virus Protection Software
All Virus Protection Software Should Be Updated WEEKLY!
It is absolutely essential that you purchase and install a virus protection program and update it on a weekly basis. (Like biological germs that are always evolving, new viruses, worms, Trojan horses and the like are being developed all the time - if you install virus software but never update it, soon enough your virus protection software will lose its effectiveness because it won't recognize or know how to destroy the new threats that come along. Without regular updates, in a very real sense, your computer will soon lose its "immunity" and become prone to infection and damage.)

For Even Greater Security, Install a Firewall
Sometimes, computers are attacked in ways that can't be detected by traditional anti-virus software, as is often the case with worms and Trojan viruses. For even greater security, in addition to installing and maintaining up-to-date anti-virus software, you need to install a firewall. Click here for a free firewall from ZoneLabs.com. Then just click the link "Zone Alarm Free Download"near the bottom of the listing.



I received an email from the MachLink Team. Should I open the attachment?
There is currently a virus that is spreading itself throughout the internet that will "spoof" the providers e-mail addresses. This virus is designed to make itself look as though it was sent from the MachLink management team, Helpdesk, or Administration.

Here are two examples of what the text may contain from this virus. There could be a zip file with a password on the email to open it.

Subject line: your account
From: admin@machlink.com

Hello there, I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
___________________________________________________
Best regards, Administrator
Attached file: message.zip

OR

Dear user, the management of MachLink.com mailing system wants to let you know that our main mailing server will be temporary unavailable for the next two days. To continue receiving mail on these days you have to configure our free auto-forwarding service.

Pay attention to the attached file: message.zip

Helpdesk@machlink.com
___________________________________________________

It is strongly recommended NOT to open and delete ANY attachments in ANY circumstance similar to this! We urge all MachLink customers to keep an updated anti-virus program on their computers. If you have opened an attachment that is similar in nature to the above example(s), MachLink recommends that you have your computer scanned for viruses.

Click the links below to get more information regarding these viruses.

My Doom
w32Beagle.K



Virus Reporting

How can I report a virus? It says it’s from MachLink so can I send it to you?
A virus will forge the visible email address with any addresses it can find. Because of this we can not always be sure if this is a MachLink customer or not. The information needed to track down the infected user is contained in the header information. Headers are very difficult if not impossible to forge. Headers are extra email information that is usually not viewable during normal use. To view full headers:

OUTLOOK EXPRESS:
1. Click the "File" menu
2. Click "Properties"
3. Click the "Details" tab
4. Click "Message Source"
5. Highlight, copy, and paste everything from this window (Ctrl-A, Ctrl-C)

OUTLOOK:
1. Open appropriate email message
2. From the View menu, select "Options"
(additional information including the return path, received-from data, and the message is available in this section)
3. ID is displayed under "Internet Headers"

Other Email Clients:
Spam Cop has a great list of checking headers in other mail clients.

Here is an example of some header info:
Return-Path: <info.autoresponder@legalwiz.com>
X-Original-To: helpdesk@machlink.com
Delivered-To: helpdesk@machlink.com
Received: from carnelian.propagation.net (carnelian.propagation.net [209.164.120.1]) by mail.machlink.com (Postfix) with ESMTP id E43C8A3559 for <helpdesk@machlink.com>; Tue, 12 Oct 2004 10:01:24 -0500 (CDT)

The email headers show the path that the message has taken from the sender to the recipient. To identify where the email actually originated from, you need to identify the originating IP address. Please note that the line must begin "Received: from…" and not "Received: by…"

In the example above the relevant details are highlighted in red; the originating IP address is 209.164.120.1 and the email was sent on Tue, 12 Oct 2004 10:01:24 -0500 (CDT) (this date is the first date that appears after the originating IP address, not the date in the "Date:" field). When reporting email abuse always forward the entire header.



Once you have the IP address you can see where the email originated from by looking the IP address up on http://www.dnsstuff.com.Once DNS Stuff appears in the browser, you should be looking in the middle column, third box down, at the title of IPWHOIS LOOKUP. Simply type the number as noted above and the results will display the ISP or company information for the origin of the virus and in most cases, will provide an abuse address.

Please do not send attachments to the provider. Copy and paste details (as shown in the header example above) into a new email. If you are unsure of how to perform a copy/paste see instructions below. If the originating ISP is MachLink, please send your report with the FULL header and content of the offending email to helpdesk@machlink.com.

How to Copy/Paste

1. Left-click at the beginning of the header text and drag over the entire header
2. Right-Click to select "Copy" from the menu.
3. Click on the "Close" button.
4. Click on the "New" icon to open a new message.
5. Click once in the text box of your new message.
6. Select "Paste" from the Edit menu.
7. Left-click in the spam or harassing email text box and drag over the entire message.
8. Right-Click to select "Copy" from the menu.
9. Click once in the text portion of a new email message.
10. Select "Paste" from the Edit menu.



Worms

A worm, as defined by many security authorities, is a self-replicating program that does not alter files but resides in active memory and duplicates itself by means of computer networks. Worms use the facilities of an operating system that are meant to be automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, and causes slowing or halting of other tasks.

Another class of worm, such as Worm.ExploreZip, resides in your system's memory and self-replicates, but also contains a malicious payload. Worms may be carried via email, such as WORM_SWEN.A which claimed to be from Microsoft® and be the latest patch. They may be transmitted via security flaws or vulnerabilities such as MSBLAST.GEN or NACHI.A, which exploited vulnerable Microsoft® systems connected to the Internet, even though up-to-date anti-virus protection was used. The only protection for these two worms would have been a firewall or eliminating connectivity to the effected programs on your local machine.

Protection against a worm is like protection against other network faults - it depends on the intelligent recognition of suspicious patterns of events before a problem can interfere with essential functions. This protection can be provided by using both anti-virus software and a firewall.


Trojans