Computer Viruses

July 5, 2004

In light of Microsoft's ongoing problems with hackers targeting its products, it seems wise to get as far away from Microsoft as possible, within the limits of the fact that many of us need to use Windows for our daily work. Last week's reports of of a new hack which allows attackers to take control of your computer via Microsoft Internet Explorer finally jolted me into something I've been meaning to do for a while: change browsers. I took the advice of the Washington Posts's tech columnist, and have switched to Mozilla Firefox. So far I find it very similar to IE in look, feel, and behavior, minus the dangers of hackers (for now).

Apr 16, 2004

I’m getting up to 100 emails a day. Most of these are viruses and spam, and are filtered straight into the trash because they are sent to an email address which the spammers have invented or a virus has randomly generated (all mail sent to straughan.com comes to me). Others I see, but they have become obvious and predictable and I delete them with hardly a glance at their contents.

One had a dangerous twist though. At the bottom of the (brief) email it included these lines:

++++ Attachment: No Virus found

++++ Norman AntiVirus - www.norman.com

This is very similar to the standard lines that many anti-virus programs automatically put into incoming email to let you know whether it’s clean or not. I had never heard of Norman anti-virus, and even thought it was a joke, since one of the popular anti-virus packages is from Norton. In any case, my anti-virus is AVG, so I knew this message was spurious. In fact, AVG had added these lines at the true end of the message:

Viruses found in the attached files.

The attached file ou.doc .exe is infected by I-Worm/Netsky.Q. The attachment was moved to the virus vault.”

So… even if a mysterious email with an attachment claims to be clean, don’t trust it. Make sure that it has truly been inspected and passed by your own anti-virus software. And again: NEVER OPEN AN ATTACHMENT THAT YOU’RE NOT EXPECTING TO RECEIVE, NO MATTER WHO IT COMES FROM OR WHAT IT CLAIMS TO BE.

I visited the Norman site, and find that they do indeed make anti-virus software. Since I had never heard of them before, I am tempted to wonder if they are spreading this virus themselves as a publicity stunt. Especially since I’ve just received a very similar email, but with the name of a different virus protection software company, again one I’d never heard of. Hmm.

Another thing to watch out for: spyware.

Then there are viruses whose random text hits below the belt:
“you are a bad writer”
“Let'us be short: you have no experience in writing letters!!!”

More Virus Sneakiness

Mar 4, 2004

I received the following email last night:

"Dear user of e-mail server "Yahoogroups.com",
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
Please, read the attach for further details.
For security purposes the attached file is password protected. Password is "87240".
The Management,
The Yahoogroups.com team http://www.yahoogroups.com"

There was a password-protected zip (compressed archived) file attached.

The alarm bells started ringing in my head, even though my virus scanner had passed this attachment as clean. If Yahoo really had something to tell me, why would they put it in a password-protected file? I did NOT open the file, and I warned my fellow moderators of this Yahoo group not to open it. I turned to my group of expert friends for their opinions, and one told me he had recently received this warning from his ISP: "There's a new virus on the loose that's able to trick our antivirus program on our email server. It's in a password protected zip file. Unfortunately, there is no method to scan password protected zip files, so our server sends it through."

The moral of the story is the same as it's always been: if you are not expecting a file from somebody, and/or anything seems strange about the situation, do NOT OPEN THE ATTACHMENT. You'll save yourself and everyone in your address book a world of trouble.

See also

Feb 22, 2004

Virus mutation is happening alarmingly quickly. I have gotten into the habit of updating my virus software almost daily. Nonetheless, something arrived in my mailbox the other day which my virus software passed as clean. But it was from someone I didn't know, with an executable (.EXE) attachment, so I didn't touch it. I updated my virus software and ran a check and, sure enough, it was a virus.

Even had this piece of mail claimed to be from someone I know, I would have been suspicious unless I had been expecting to receive such a file from that person right then. Many viruses disguise themselves with fake email addresses pulled from your own address book, and/or someone you know may be infected and not know it himself.

Another Reason to Secure Your Computer

Some viruses are now looking to turn your unprotected computer into a spam-generator, especially if you have a high-speed, always-on connection such as cable or DSL. Such abuse of your system could result in your service being cut off by your Internet Service Provider. Read all about it.

Feb 15, 2004

Since the MyDoom attack, I've gotten into the habit of updating my anti-virus software almost daily. What's scary is that new updates have been available that often, meaning that new viruses are appearing that frequently (many of them variants on MyDoom). I can't say it enough: UPDATE YOUR ANTI-VIRUS SOFTWARE. If it's too old to catch the current bugs, it's no use to you.

You may also have noted that there's a new security hole in Windows discovered just about every week. Hackers may have even more opportunities to exploit Windows vulnerabilities, now that several million lines of Windows source code have been leaked, so be prepared for an increase in attacks. It doesn't hurt to run Windows Update weekly, at least, to see if Uncle Bill has any new patches for his leaky boat.

Oct 27, 2003

I recently received an email message, purportedly from Microsoft. It was nicely laid out with Microsoft typefaces and logos, just like the Microsoft website, and claimed to be a new service: "We're now emailing operating system updates directly to the customer. Just click on the attached file to install your update..."

However, my virus scanner software added a message at the bottom: "This attachment contains a virus." Which I had instantly suspected, since I know that Microsoft doesn't mail out updates.

Y'all be careful out there. The virus-mongers are always looking for new ways to make you do something nasty to yourself. NEVER NEVER NEVER open or run an email attachment that you receive unexpectedly, no matter who it's from (even people you know). Always scan attachments with virus software before you do anything with them - and make sure your virus software is up to date.

February, 2003

I've received a number of emails lately from friends and family, apologizing for possibly infecting me with a virus. So far, it's never been true - they have all been the victims of hoaxes. This is a "psychological" virus, spread by your desire to help your friends and prevent computer tragedy; there is no real virus involved. Unfortunately, these hoaxes can sometimes result in real damage to your system, if you follow the instructions and delete whatever file they tell you is a virus.

Whenever you receive an email of this type, before you do anything else, go to Symantec or McAfee and look up a keyword in the message (such as the name of the .exe file you are advised to delete) using the site's search feature. This will tell you whether the danger is real or (far more likely) a hoax. If it's a hoax, no further action is needed - you haven't infected anybody, so long as you don't pass on the hoax email!

NB: I have also received plenty of real viruses, but these are disabled upon arrival in my mailbox. DO make sure that you have anti-virus software installed, and update it at least weekly. There's a good one available that's completely free, AVG Free Edition from Grisoft.