Internaut: Being smart's up to you
- By Shawn McCarthy
- Mar 17, 2004
Shawn P. McCarthy
At increasingly frequent intervals, a new variation of an e-mail virus or worm wreaks mass havoc on the Internet. This happens because mail recipients are too trusting and keep making the same mistakes over and over.
Virus authors are happy to exploit the confusion by continuing to trick people into opening infected messages and attachments.
Even the best antivirus software can't protect against a user's bad choices. The best way to combat the latest viruses is to understand how the different virus types proliferate. That way you can call their bluff when they land in your inbox.
The latest viruses have all been arriving in the same format: a harmless-looking message from someone you know or by way of an e-mail discussion group to which you belong. But the message isn't really from your acquaintance, even though it appears to come from that person's computer. The machine has become infected, and the virus is passing along a copy of itself to every address on that system's address book.
You must be suspicious of every e-mail you receive, especially if it:
- Comes from someone you haven't talked to in a while
- Comes from a mail list, but the subject line seems written for you, such as, 'Hey [your name]'
- Has vague language that encourages you to open an attachment or link to read a full message.
Be especially suspicious of any mail with an attachment. Were you expecting the attachment? Does the message look like your own e-mail that has been returned because it encountered an error? Do you have to open an attachment to see the full error? Don't!
Sometimes a message will have an attachment thinly disguised as a link. Even a single word ending in .com can be a small program. Just remember that links will appear in the message text. An attached file is just that: a file, not a link.
Watch out for attachments with double file extensions, such as filename.txt.exe. A text file (.txt) is usually safe to open. Virus writers know people might fail to notice that it's really an executable program (.exe) as well.
If you do accidentally open such a message, keep in mind that newer virus variants such as NetSky install themselves into Microsoft Windows folders that are marked as shared. They can pass through peer-to-peer networks, so the programs in a shared folder can become a shortcut to other machines.
Various versions of Bagle let the sender or someone else seize control of an infected computer. MyDoom autodeletes specific operating system files. But none of them can proliferate if your office is smart and uses a combination of updated virus scanning software and good common mail-handling sense.
Be aware of a devious practice called phishing. Phishers send well-crafted e-mail hoaxes that appear to come from your bank, Internet service provider or agency. The messages often arrive as HTML mail with official-looking fonts, logos and signatures. They ask recipients to click on a link to update information in a database or retrieve a statement.
Such links often launch two pages. The first is a legitimate page from the government site or bank. The second is a pop-up screen that floats over that page. The pop-up looks real but isn't. Some phishers even craft fake Secure Sockets Layer certificates and fake icons that claim a secure connection has been made.
Never forget, however, that you can be safe from these marauders if you're both vigilant and skeptical.Shawn P. McCarthy is president of an information services development firm. E-mail him at [email protected].
Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.