Viruses: When Bad Things Come in Small Packages
- The Trusted, the Innocent, and the Seductive
- All Dressed Up, with Nowhere to Go
- Not What I Say, But What I Do
- Beware of Email Bearing Gifts
- Summary
This chapter is from the book
This chapter is from the book
This chapter is from the book
How Viruses Are Transmitted Through Email Attachments
IN THIS CHAPTER
-
The Trusted, the Innocent, and the Seductive
-
All Dressed Up, with Nowhere to Go
-
Not What I Say, But What I Do
-
Beware of Email Bearing Gifts
After spam, viruses are probably the most discussed email problem. Most people are aware of their existence and hear about the major new strains on the mainstream news. Viruses strike fear into many computer users' hearts, who cringe when they imagine files being deleted or corrupted or their computers being damaged.
Viruses and Trojan horses are also misunderstood. Many computer problems get blamed on viruses, often unjustifiably, and sometimes this misdirected blame does more damage than a virus would have. Because most people don't understand viruses and how they work, even hoaxes about viruses have become attacks and caused problems for many people who were never infected.
This chapter discusses viruses and Trojan horses and explains how they are passed through email messages. You learn the real risks and how to protect against them. Also, you look at hoaxes and misdiagnoses and see how to avoid hurting yourself by falling for them.
The Trusted, the Innocent, and the Seductive
Viruses are malicious code that attaches itself to files sent through email as attachments. Although viruses are shrouded in mystery and often attributed almost supernatural powers, they are simply a special type of program. My six-year-old was acting goofy yesterday, and my wife asked him why he wasn't listening. He told her he thought he had a computer virus from opening an attachment. I've been probably talking about the book too much, but many people, like Michael, believe that viruses can do things that are beyond their grasp. Like all programs, they must be run to do any work or, in the case of viruses, any damage. This section shows how email attackers convince you to open virus-infected files and allow the malicious code to run on your computer. By falling for their trap, your term paper, presentation for a big meeting, or the photos from your last vacation can be damaged or even lost forever.
Case Study 3-1
Tina opened her email program to find an email from her sister in Georgia. She clicked on the email and read a short note from her sister:
Subject: Brighten up your day
You've got to take a look at this program. It's hilarious. Let me know what you think.
Tina opened the attachment, a file called funstuff.exe. When she ran it, nothing seemed to happen. She tried again with the same result. Finally, Tina sent an email to her sister, saying that she couldn't open the attachment. Over the next few days, Tina noticed her computer getting slower and slower. She wondered if she needed to get a new computer. She never realized that the attachment she had opened had infected her computer with a virus that was responsible for the speed issues she was having. Buying a new computer would "fix" the problem, but simply dealing with the virus would have the same effect with a lot less cost and hassle.
Case Study 3-2
Ben came to work on Monday morning and logged in to his computer. As he started working through his email from the weekend, he noticed one from Acme Software, a major software company that Ben's company used.
From: support@acmesoftware.com
Subject: Important Security Patch
Dear Valued Customer,
We have just released an important security patch, which is critical for you to install to prevent hackers from attacking and taking over your computer. To get this information into your hands as quickly as possible, we have attached the security patch to this email.
Simply open the attachment, and the security patch will be installed on your computer immediately. We've tried to make this process as quick and painless as possible.
If you know anyone who uses the fine products from Acme Software but might not have registered the products, please forward this email to them. It is important to us that as many people as possible install this security patch before malicious hackers take advantage of them.
Thanks for your assistance in this matter,
Technical Support
Acme Software
Ben installed the security patch and forwarded the email to some friends who used Acme Software products at their companies.
Two days later, Ben was looking for an important file, but there was something wrong. None of his documents were in the directory where he had saved them. As he looked through all his directories, it appeared that all his documents were missing. He called the company's technical support line to find out what was going on.
They informed him that a virus had deleted most of the documents from their servers. The tech support staff was busy upgrading the virus protection software and restoring files from backup tapes. Ben was upset over the damage the virus had done, but he never considered that the security patch he installed had actually been the cuplrit.
Case Study 3-3
The subject of the email message caught Tom's attention immediately: "View Naked Pictures of Britney Spears!!!" Tom looked over his shoulder to make sure no one was around and clicked on the email.
The email didn't contain any pictures of Britney but described a special viewer that would allow downloading the pictures in a manner that couldn't be detected or tracked. Tom had heard rumors of some people being caught with porn on their computers and figured a secure viewer might just be the key.
Another glance over his shoulder, and Tom began installing the viewer. After all, it was Britney. The viewer didn't seem to work correctly, however, and Tom never saw the promised pictures of Britney. Almost immediately, his computer started acting strangely. Some programs that Tom used started crashing or wouldn't load. Tom realized that he had probably gotten a virus from the viewer, but he was afraid if he asked for help, someone would trace the problem back to the viewer. So Tom just kept silent and hoped it would go away.
How the Attack Works
To understand how these attacks work, first you need to understand what a virus is. A virus is simply a computer program with all the same characteristics of any computer program. A virus is written by a programmer, not some mysterious entity with magical properties.
Sometimes users attribute qualities to viruses that are beyond their capabilities. For example, viruses can't live through a reformatting of your hard disk because, like any other program, they'll be deleted. If a virus was inadvertently copied over to a disk and you insert that disk into your computer, you can reinfect the machine, but the original copy of the virus on your computer would have been destroyed.
Also, viruses have bugs, just like all other programs. Sometimes the damage a virus does is unintentional and is actually the result of a bug in the software. Although the result is the same, these programs aren't necessarily the most sophisticated software out there. Often virus developers are copying someone else's code and making minor modifications to it.
Although a virus is a computer program, a distinct characteristic separates a virus from other programs: its capability to replicate. This trait is what makes a virus a virus. Viruses can spread by copying files onto floppy disks, burning CDs, or passing computer files over the Internet or network. Any medium that allows computer code to be passed from one computer to another is fair game for a virus to attempt replication.
The issue most people have with viruses is the damage they cause. However, a virus isn't necessarily built to cause damage. Sometimes the damage is deliberate, sometimes it's accidental, as when a bug causes the damage, and sometimes a virus simply replicates without any other behavior. When a virus does cause damage, whether intentionally or not, it has access to all the files and resources that other computer programs have. Usually this access results in a significant loss of data and time.
In email messages, files passed as attachments can be infected with a virus. When a virus infects a file, it modifies the file in a way that's similar to how you might edit a document. The virus changes the original file so that the virus code becomes part of the file. When a user sends the file, the virus is transmitted as well. When the file is opened, the virus code runs and spreads to the new computer.
As you saw in the case studies, the reasons people have for opening attachments can vary. You might trust the people who send you email, but do you trust their ability to keep their computer free and clear of viruses? Tina trusts her sister, of course, but the file her sister sent might be infected without her knowledge.
Several Christmases ago, a frantic relative across the country phoned me. This relative had sent an email to the entire family and then found out later that the attachment contained a virus. By the time I was called, several family members had already opened the email attachment and infected their machines. The day after Christmas included a run to the mall to pick up a popular virus protection package to install on my father-in-law's computer. Trusting a person and trusting the security of his or her computer are often quite different things.
In Ben's case, getting a patch mailed from a company sounds helpful, but no major company would do this. The risk is too high that someone pretending to be the company is sending a malicious patch. Never trust these types of emails. Whether or not they're a virus or other malicious program, rely on established ways of updating your software. Go to the software company's Web site and download your patches there.
Finally, Tom is a difficult situation, in that he's the most likely to run into a virus and the least likely to report it. Reporting a virus might raise some questions that Tom doesn't want to answer, so he's more likely to keep silent about any potential problems, which actually compounds the problem. As time goes on, the chance of Tom infecting other computers increases substantially.
An Ounce of Prevention
The first and most important rule to help in the battle against viruses and Trojan horses is to avoid opening attachments and clicking on links to install software. If you never open attachments or install software from the Internet, you substantially reduce the risk of virus infection. Of course, there will be times you want to see a picture of your new nephew or install a new game, but if you start out with a cautious approach, you'll be burned far less often. If you need to open an attachment, be sure to protect yourself by following the second rule.
The second rule, which goes hand in hand with the first, is to install and run virus protection software. There are a number of options, with Norton and McAffee being two of the more popular packages. No computer should be without virus protection software. The cost of the software and the time to keep it up to date are minor matters compared to the time and money spent on a single virus attack.
Another important step is to make sure you're running the latest patches on your operating system and applications. The security patches that Microsoft, Apple, and Linux vendors make available for their operating systems often fix the problems that viruses exploit in attacks. If you keep up to date on these security patches, the damage a virus causes to your files, if your computer does become infected, might be limited.
Finally, make frequent backups of your system. If a virus does infect your system and succeeds in causing some damage, a backup could be your only resort. A good backup is important for a number of reasons, but protecting against virus damage should be enough by itself.
By taking steps to protect yourself from these attacks, you help not only yourself, but also those around you. Viruses can spread only by infecting one computer and then being transferred to the next. If enough people take steps to protect against viruses, it becomes more difficult for them to spread. Also, by taking the proper measures, your system can inform you of a virus in an email message, which allows you to inform the sender and minimize the damage that's caused.
A Pound of Cure
If you have already been infected with a virus, the first step is to run a virus protection software package. These software packages typically come with a disk or CD that you can boot from to clean up the virus without allowing it to run. You might also need to download the latest signatures to catch the most recent viruses and variants.
Until your virus problem is cleaned up, limit your use of the computer. Especially avoid sending emails with attachments or other risky behavior that could actually enable the spreading of the virus. It's bad enough to have your system infected. When your friends, family, and co-workers become infected, the problem becomes much bigger.
Finally, if you suspect your system has been infected, backing up the system is still a good idea. The backups might contain the virus and should be destroyed after the virus is cleaned up and a new backup has been made. However, if the virus causes some form of data loss, knowing that the data is safe and protected so that you can try again to remove the virus can be reassuring.
Checklist
Avoid downloading software, especially from sources you're not familiar with.
Avoid opening attachments you aren't expecting, especially from sources you aren't familiar with.
Install and run virus protection software.
Back up your computer.