Skip to main content
Computing at CornellCIT Contact Center (HelpDesk)

Warning about e-mail and viruses

  • Beware of files attached to e-mail messages
    • they can contain viruses

  • Don't trust the From address in an e-mail message
    • it could be forged

  • Make sure your anti-virus software is up-to-date
    • but don't assume it guarantees safety

Some recent e-mails claiming to be from a Cornell office are a hoax and contain a virus.

About e-mail viruses

Members of the campus community continue to see new viruses (actually, viruses, worms and Trojan horses) on a daily basis. Most arrive in the form of a file attached to an e-mail, sometimes masquerading as a message from someone on campus or even from a Cornell office. Opening the attachment will launch a virus, typically designed to infect computers running Microsoft Windows.

Recent examples include e-mails that claim to be from "staff@cornell.edu" or "the Cornell.edu team" and warn about overdue payment for Internet access or a compromised e-mail account. They then invite you to view more details in the attached file, which is a virus.

A virus that spreads by e-mail often goes through an infected computer's e-mail address book to find other addresses it can send itself to. Sometimes it will also use the harvested addresses to forge the name of the sender, the From field at the head of an e-mail message. Note that this means the apparent sender of a virus-laden e-mail is not necessarily infected with the virus.

Technology cannot deliver complete protection

CIT provides two lines of defense against these e-mail-borne viruses:

  1. For people who use the central e-mail service, incoming mail is scanned by special software on the postoffice servers (PureMessage/Sophos) that filters out known viruses.

  2. Symantec/Norton AntiVirus has been licensed for use by all members of the Cornell community and is available through Bear Access or as an independent software download . Everyone should be running this software on their Windows or Macintosh desktops, with current virus definitions and with Real Time Protection turned on. (If you are on a departmental network, please check with your technical support staff about local processes for keeping anti-virus software up-to-date.)

These two defenses cannot, however, guarantee that you are safe from all viruses. For each new virus, there is an inevitable lag before our anti-virus software suppliers can develop and deliver updates, and even then their approach to detection isn't always definitive.

Beware of files attached to e-mail messages

  • Be very careful about opening e-mail attachments, especially on computers running Microsoft Windows, the target of most current viruses. Since these viruses can forge the name of the sender, a message that looks like it's from someone you know could be a trap.

  • In considering whether to open an attachment, you should evaluate the plausibility of the apparent sender and contents. The safest approach is to not open an attachment unless it's something you were expecting. If it appears to be from someone you know, you might want to check with them before opening.

  • Attachments ending in .exe .cmd .bat .scr .scf and .pif deserve particular caution.

  • Make sure the e-mail software on your computer is not configured to automatically open attachments.

Campus resources

If you are on a departmental network, you should work with local technical support to ensure that your computer's software, including anti-virus, is kept up-to-date. Your IT staff should also be able to help you clean up an infected computer.

Others needing assistance in removing a virus infection can contact the CIT Contact Center (HelpDesk) at helpdesk@cornell.edu or 255-8990 (8am-8pm Mon-Thurs, 8 am-5pm Friday).

To receive bulletins about viruses found on campus and other computing issues, subscribe to cit-alert-l.


CIT-Alert-L