Falun Dafa Minghui.org www.minghui.org PRINT

Recent Situations in which E-Mail Has Been Used to Attack Practitioners' Computers Overseas

July 19, 2004

(Clearwisdom.net) The evil forces in China have been attacking overseas practitioners' emails with a vengeance. Recently, some new developments have emerged. Here is the summary to provide a reference for practitioners:

1. Many practitioners' email addresses, including those used in internal project communications were compromised.

In the past, mailboxes published on the websites were attacked. Currently, some unlisted email addresses and some that are generally considered safe are continually receiving suspicious emails.

2. Senders disguised as well-known practitioners.

Some practitioners have received email from senders disguised as their own team project coordinators. Just looking at the email there doesn't seem to be a problem, but after analysis, it has been discovered that the email originated from certain information centers in Tianjin City, and Shandong Province, or other places in China.

3. The details in the emails is disguised as project communications, Fa-study matters, regional coordination contents and so on.

As an example, an email had been disguised as having been sent by a coordinator, in English, giving the general idea that "Teacher has published a new jingwen and we must all study it. For the convenience of everyone, I have made a simplified edition that you can save on your desktop. Let us study the Fa and advance together." The attachment was a .chm file. The other fake email was supposedly from a coordinator for the global rescue project. The gist of the email was "To improve the global rescue effort, please read this notice." The email contained an attachment in Word format.

4. Some emails provide false Internet links:

Example: One email recommended an experience sharing article from Clearwisdom.net, and provided a link, but if you clicked on the link you would be connected to a different website. It was not a problem with Clearwisdom.net. The problem was that the link was not connected to the one indicated. Those practitioners who understand HTML can refer to the following:

For example, a recommended experience sharing article in Clearwisdom.net is http://minghui.cc/2004-01-01/xxxx.html. Because of a Microsoft security loophole, if Outlook Express is used to read emails, moving the mouse pointer to this link will show that it is a actually a false location. It can be verified that after clicking the link to the false location that the PC was infected and compromised. An Internet Explorer window opened but with the false location displayed at the URL address. If this false link situation is not clear, it is best not to click links that are given in email messages. Instead, connect directly to Clearwisdom.net (by typing the link into the browser) and do not attempt to click the link provided in the email message.

Under the above circumstance, it can be deduced that after the personal computer was attacked and compromised, a lot of relevant information could be accessed from that computer. Additionally, passwords could be recorded as they are typed.

We recommend:

1. Be very careful with email attachments. If it is necessary to send an attachment, it is best to inform the recipient by phone beforehand. If you receive an attachment in your email, it is best to phone the sender and confirm before you open the attachment. Files that may contain viruses include those that end with .exe, .bat .vbs, and .pif. Files in locally used networks that end with .chm and .mht may also contain viruses.

2. Computers should be loaded with authentic anti-virus software and firewalls. At the same time, please ensure that the antivirus software and firewall are updated regularly, at least once weekly. For those computers without antivirus and firewall software loaded when accessing the Internet, there are more than fifty ways other parties can gain access to control these computers to a high degree. However, even though the firewall and anti-virus software is necessary, they cannot completely protect computers from attacks. If we are not alert, our computers can still be subject to attacks.

3. You can ask the practitioners around you who are technically knowledgeable and trustworthy to periodically check and test your computer. It is best to do this at three or six month intervals.

4. With very important documents, it is best not to save them on the computer you use to access the Internet. Perhaps you can save these documents on a computer that is not used to access the Internet or on a floppy disk or removable storage device. They should be removed before connecting to the Internet.

5. If you can confirm that the email you received contains a virus, please contact local practitioners who are technically knowledgeable to assist in saving the email as evidence. The US and Canadian governments have related investigation departments that collect such evidence. A few persons in the U.S. who have sent viruses have had their names recorded in the investigations list. Viruses sent from China that have violated related laws have also been recorded, and evidence is now being gathered in the investigations.

Teacher said:

"I think everybody should pay attention to this point. Even though we don't have anything to hide, we can't let the secret agents interfere." (From "Teaching the Fa at the 2003 Atlanta Fa Conference")