Follow UsGoogle+Follow Me on Pinterest
Security

Protect Yourself Against SirCam, Anna, Melissa, the LoveBug, and Other Viruses! 5 Easy Steps to Guard Your Data
©2002 Corbin Ball Associates

Recently, I received more than a 25 email messages on one day from people I know beckoning me to check out an attached photo of teen tennis star, Anna Kournikova (see screenshot of a sample message below). I didn’t succumb – I didn’t open the files. If I had, a virus worm would have immediately seized control of my Outlook email messaging system, sending off dozens of this same self-propagating message under my name to contacts in my address book. Fortunately for the senders, this particular worm was not a destructive one. It could have, for example, just as easily wiped out the contents of the sender’s hard drive after sending the messages.

Computer viruses are out there. They can do serious damage, can destroy data and, in extreme cases, even make make your computer unbootable.Fortunately, with 20+ years of actively using computers and the Web, I have never caught a damaging computer virus. However, this has not been just luck. It has been because I have carefully followed five rules of virus protection as listed below:

1.Never open up file attachments ending with “.exe” “.vbs” ".bat" ".com" ".scr" and ".pif" without confirming with the sender

Back in the days before wide email usage, the common mean of virus distribution was by inserting an infected floppy disk. This has given way to email attachments as a much faster and more efficient way of spreading viruses.Be careful about opening any attached files, but be particularly careful about those ending with above extensions.

The “.exe” files are programs that, when opened, can do any task a programmer has in mind including, for example, erasing all the data on your hard drive. Before opening an .exe file, it is imperative that you confirm with the sender before doing so. The risks are far too great to not do so.

The ".vbs"file extension should always be treated with suspicion. VBS stands for “visual basic script” but can also be remembered as “very bad stuff.”The Anna Kounikava, and its predecessors, the love bug virus and the Melissa virus were .vbs worms.Never open these files.People do not normally send .vbs files in the course of normal business communications – they are virtually always virus worms.Also, look at file name very careful before opening any file. For example the Anna virus was disguised to look like a image (.jpg) file as it was titled: AnnaKournikova.jpg.vbs (see image):

Anna Kounikava Worm screen shot example

The ".bat" files (also called batch files from the old DOS days before Windows) issue a series (a batch) of instructions to your computer. These can be as malicious as the virus writer's imagination. The recent SirCam virus was sent as a ".bat" file as shown in an actual message seen below:

The ".com"file extension should not be confused with a web site extension. For example, it is fine to open a www.corbinball.com link. However, if this was sent as an as attached web file it uses the extension ".htm" or ".html.", i.e. it would appear as www.corbinball.com/home.htm. These are generally safe to open. However, if the attached file ends with ".com", beware! The ".com" extension is a vestige from the old DOS days and acts in the same way as an ".exe" file.

The recent MyParty mass mailing worm (W32.Myparty@mm) as seen on the screen shot below used this method of transmission. Note the yellow bar at the top -- recent Outlook programs will automatically block these messages.

The ".scr" is a Windows file extension typically used for screen-savers. However, Windows will treat this as a ".exe" file and malicious code can be written using this. The recent "goner" virus uses ".scr" extension as its propagation method.

Subject: Hi

Body:

 How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it! 

Attachment: Gone.scr

The ".pif" Windows "program information file" extension (typically used to start DOS programs in Windows), acts similarly to the ".scr" extension and can be used to propagate viruses. They should not be opened.

However, there are many file extensions that carry relatively little virus risks:

  • .html (web pages)

  • .htm (web pages)

  • .txt (text files)

  • .ppt (PowerPoint programs)

  • .jpg (graphics files)

  • .gif (graphics files)

  • .pdf (Adobe files)

  • .mpg (multimedia file)

  • .doc (Word documents - limited problems with macro viruses usually detected with Virus Programs)

  • .mdb (Access database -- limited problems with macro viruses usually detected with Virus Programs)

  • .xls (Excel documents -- limited problems with macro viruses usually detected with Virus Programs)

Please remember, however, that many worms and viruses try to disguise the attachment by putting these extensions as part of the document name (see image above). The letters after the last dot (period) are the ones that count.

A sure tip-off in the Windows environment, is that the icon will not be a recognizable one. In the example below, the "test.doc" file is recognized as a Word document. A similar titled attachment "test.doc.exe" on the next line is not recognized as an installed application, and, therefore, has a generic icon that could be a virus. Any attachment ending in ".exe" will have this same generic icon that is a flag for a virus threat. This same generic icon is also used for the ".com" files. The ".vbs" icon and ".bat" icons are shown below. Never open these attachments unless you are absolutely sure of its origin and the reason why you are receiving it.

Generally safe attachment:

Suspect attachment icons:

Sample of the ".vbs" icon:

Actual ".bat" icon received from the SirCam worm:

2. Use the latest versions of Web browsers and check for the latest service releases for the Windows Office products.

Virus writers are ingenious in a twisted way. They are always coming up with new attacks often times exploiting weaknesses commonly used software. The software developers are playing the cat-and-mouse game constantly trying to patch the holes with software upgrades and service releases (http://www.microsoft.com/office/downloads.htm). Not only do you take advantage of removing some of the bugs in your programs, you increase your security in installing these patches and updated programs.

3. Set you security settings on “medium” or “high” for your email reader and browser.

Here is where the usability trade-off begins. I personally keep my settings on “medium” as I want to take advantage of tools such as cookies, and other conveniences. As long as you follow the other steps listed here, your problems are minimized. You can access security settings in the following manner: For Outlook it is Tools-Options-Security. For Internet Explorer it is: Tools-Internet Options-Security. For Netscape Communicator it is Communicator-Tools-Security Info.

4. Use virus protection software and keep download the anti-virus update on a weekly basis.

There are thousands of computer viruses out there (current virus protection programs detect more than 58,000 of them) and new ones added daily. The good news is that there are very effective virus programs such as Symantec (www.symantec.com) andMcAfee (www.mcafee.com). However they are only as good as the long as they recognize the virus signature – they won’t recognize the new variations and viruses that come along. Therefore, it is very important that you update the virus data file regularly. This is usually an easy process (you go to the manufacturer’s web site and follow the instructions) and it is free. I recommend doing this on at least a weekly basis.

5. Back up regularly.

No matter how careful you are, there is always a chance that you will catch something damaging – or, maybe simply, that your hard drive gave its last turn and died a hard crash. At any rate, your data is one of your most precious possessions. Buy a CD-RW burner or a zip drive and backup your key files regularly. Also consider remote storage. Convenient ways for remote storage include: uploading key files to a secure portion of your web site or to free storage sites such as XDrive (www.xdrive.com) which allows free storage for up to 100Mb of data. In case of fire, theft or other disaster, your data will be protected in secure storage area away from where your computer resides.

As mentioned, your data is one of your most precious possessions. Following these five steps will reduce your exposure to virus problems significantly.


Virus Hoaxes
Virus hoaxes are alive and well too. See my recent article:

Virus Hoaxes: How to Spot Them


Tagged: computer virus, computer viruses, Anna Kournikova, .exe, love bug, Melissa, worms, trojan horses, data security, data protection, .vbs, macro viruses
 

If you find this article helpful, please let me know by signing the Guest Book in the
Contact Corbin Section.

BACK TO ARTICLES LIST


News

TechTalk about to exceed 10,000 subscribers

The July/August Issue of TechTalk is out packed with new meetings technology.

Corbin to Chair EIBTM's Technology Watch Award for the Eleventh Year.

Corbin's Meetings Technology Link File Updated (1,500+ categorized links)

TechSpec technology site insection is now available as an app (for both iPhone and Android)

Corbin Ball Named Again as One of "The 25 Most Influential Persons in the Meetings Industry"