[thelist] Virus Alert [OT]

Liam Delahunty ldelahunty at britstream.com
Mon Apr 22 19:57:01 CDT 2002 

Karen J. Bowen wrote:
<quote>
This has really alarmed me - this virus can attach/embed itself within
image files??
</quote>

In short no. A virus/worm/trogon needs to have some kind of executable.

What many virus writers are doing is taking advantage of the default
behaviour of windows to mask the extension of known file types. So if it's
an filename.exe, filename.bat etc, etc -  all you see is the filename bit
not the extension. So what they've done is create a virus, "evilvirus.exe"
they rename it to "fluffy_bunny.jpg.exe" (a file name from the hosts
computer) and  most windows users will see is "fluffy_bunny.jpg" from a mate
and open it.

To change this default behaviour,
1. open a folder on your computer (such as my documents)
2. tools > folder options > view
3. uncheck the "Hide file extensions for known file types"

While your at it I'd select "show hidden files and folders".

A fairly clever thing is the way that some of the latest viruses use our
contact lists. Previously they sent an email from the computer they infected
as that user, as a recipient it was fairly trivial (and good manners) to let
the infected person know. Then they started slightly corrupting the return
path so it became slightly harder to let the infected host know (the most
common technique was to prefix the email address with _ thus
_friends at emailaddress.co.uk)

Now some viruses look at our contact lists, select a name and then send the
mail as THAT name to a third party. So, lets say agentorangeemail1.co.uk. is
infected, the virus looks in his contact list and sees
bluemeany at email2.co.uk. It uses THAT address to forward on to
purplehearts at email3.co.uk and so on. That makes it quite difficult for the
average user to see who exactly the email as actually come from to report
the infection.

Regrettably the latest versions of some viruses don't need opening to
execute, as I understand it they can work in preview pane and don't actually
need to be opened.

Action you do need to take includes getting a decent virus checker, they
don't need to cost the earth, I'm trying the free AVG
http://www.grisoft.com/html/us_index.htm on this machine at home as
Inoculate It (which I continue to use at my office) will soon become
un-free. (Though still only $10 p.a. which I will probably get). My feeling
is AVG is more of a resource hog that Innoculate It. (But this is based on
nothing ore than a few hours use). Having anti-virus s/w is no good if you
only update once in a blue moon, so do make sure it's updated regularly.

The virus writers also want to have the most bang for their buck, which is
partially why there are fewer Mac, Linux or other OS specific email viruses
out there, as MS has the lions share of the market. With that in mind, many
viruses target the Microsoft email tools Outlook and O.L. Express. That's a
pain 'cos I love my Outlook! But good alternatives are out there that aren't
target but the viruses, so if you have to stick with windows for email use
consider an alternative email client such as http://www.ritlabs.com/the_bat/
which has just had glowing reviews in PC PRO magazine, but the article isn't
on their web site yet (http://www.pcpro.co.uk/)

Kind regards,
Liam


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 19/04/2002

More information about the thelist mailing list