Why did you send me a virus?
A primer on viruses, worms, and how to protect yourself on the Internet.
As more people use the Internet to work and play, more people are facing the perils of internet viruses and worms. In fact, you may have received an email from a friend or co-worker recently that contained a virus. Why would someone you know send a virus on to you? Chances are, they didn’t. Let’s take a look at some of the hazards of being on the internet.
Viruses and worms
One question you may have is, “What is the difference between a virus and a worm?” You’ve probably heard both terms, but distinguishing between the two can be difficult.
A virus is a small program that will affect, and often hides inside, other programs. A virus might attach itself to your word processing, email, or spreadsheet program — the most popular programs are often the most targeted by viruses and virus writers. Viruses can be spread through floppy disks, shared network drives, and jumpdrives that contain infected files. Some viruses are passed across the internet through emails, waiting for a recipient to open them. Once opened, they’ll replicate themselves by taking over the email program and emailing copies of the virus to every email address they can find on the hard drive. To further disguise themselves, the emails they send will appear to be from someone else’s email address, often an address also found on the hard drive.
A worm is a program that exploits security holes to infect other computers. A recent example of a worm looked for an error in the Microsoft Windows XP operating system of any machine it could find attached to the Internet. When the worm found the error, it copied itself onto the user’s computer and began causing the machine to shut down, making it difficult to use. From the new computer, the worm began looking for other computers to infect, as well. Microsoft was able to update the Windows XP operating system, fixing the error, but users had to get the update before the worm found their computer on the Internet. (If you run a Microsoft operating system, be sure to update Windows regularly to fix potential vulnerabilities, or better yet, configure Windows to find updates automatically. If you have a Macintosh, you’re not invulnerable — be sure to load the security updates for OS X.)
Did you send me this virus?
When you get an email that contains a virus, you feel upset that a friend would endanger your computer. But before you get angry, remember that your friend may have had nothing to do with the virus. Let’s look at how you might have gotten the virus.
A programmer writes code that will cause an email virus to be replicated around the globe. The virus may be designed to hurt your data, or it may be designed just to replicate itself as much as possible, clogging networks and making the Internet much slower. It could also be designed to attack a certain website. (Recent viruses have targeted Microsoft, SCO, and the White House.) The code for this virus designed to spread the virus as fast as possible through email. This virus is tricky because when it sends copies of itself, it will also send an email with one of several possible messages. One of these messages says, “Warning: Your computer may be infected with a virus. Please run this program to remove all viruses. From, Systems Administrator.”
The programmer, who does not want to face criminal charges associated with spreading viruses across the internet, does not launch the virus. Instead, she posts the code to her website for informational purposes. But a less experienced programmer (perhaps referred to as a “hacker” or “script kiddie”) finds the code, and thinks it would be fun to launch the virus. He attaches the virus to an email and sends it to fifty or so addresses that he’s gotten from searching the internet. His email says, “Team, please see the attached project status report. We’ll need to move quickly if we want to be successful.” He names the attachment “update.doc.exe.” (The .exe at the end indicates that the file is an executable program.)
The fifty or so recipients largely ignore the message, because they don’t know the sender. But one recipient is pressed for time, sees a message that looks like a real update, and opens the executable file without paying much attention. The virus has been released, and now sends itself to everyone in his address book, disguised as a message from “firstname.lastname@example.org,” which is another address our unwitting recipient had in his address book.
If you have ever sent an email to our one unlucky recipient, you may get the virus email he has unleashed. And if you know email@example.com, you may be fooled when you see his address at the top of the email you received.
How do I know what’s real, then?
Internet users have a responsibility to educate themselves about viruses and how they are spread, so that they can help combat viruses.
The best protection against computer viruses is anti-virus software. Good anti-virus software will also include a feature that allows it to connect to the internet and update its list of known viruses, providing up-to-the-minute coverage against new viruses. The Free Site offers a list of free anti-virus products, but some free products may not be updated often as new viruses are released. C-Net’s Virus Center offers reviews of a number of anti-virus software programs, as well as advisories of new viruses circling the Internet.
But just having anti-virus software won’t protect you fully. You’ll also need to educate yourself about viruses. Some computer experts suggest that people are now more likely to spread a computer virus than software. There are usually several telltale signs that an email attachment could be a virus:
- It comes from an email address you don’t recognize (but also remember that you can get email viruses from your friends and colleagues if their computers have been infected).
- The subject of the email is extremely vague.
- The subject contains hook lines like “Hi! Here’s the document you wanted.” or “Can you check this for me?” or “You’ll love this one.”
- The text body of the message is extremely short (a few words or a short paragraph) but the message size is very large (between 100KB and 500KB).
- The attachment is executable — i.e. it is a file whose filename suffix is .exe, or .vbs or .com or .bat — or the suffix is not one you recognize — such as .pif.
- The attachment has a double suffix — e.g. filename.doc.exe. This might look like a Microsoft Word document, but it is really an executable file — and therefore dangerous.
If you suspect that an email could contain a virus, do not open the attachment. If you are unsure, email or call the sender and ask them to verify that they did indeed send you a message with an attachment that is safe to open. Remember, don’t be surprised if they don’t know what you’re talking about — the email may not have come from them at all.