Viruses depend on us
For ATA Magazine
I
have been a preferred target of the
Sircam virus. In the first week after the virus release, I received about two
dozen e-mail messages with a deceptive invitation to open a file sent for my
comment. I must confess that I almost yielded to the temptation at first. This
was a particularly smart virus that relied heavily on "social
engineering" for spreading itself. That is, it expected that the recipient
of the message would open the attachment, and so it would release a new virus
infection wave. Even now, several weeks after the initial spread of Sircam, I
sometimes receive a copy, meaning that the virus is still alive and well among
the unwary.
Before
we go any further, let us clarify the vocabulary, a necessary first step for us
translators. "Viruses", "worms", "time-bombs" and
"Trojan horses" are all malicious pieces of code or small computer
programs that surreptitiously make their way into our computers, and then try
to infect other computers from there. The popular press refer to all of them as "viruses"
("virii" for the sophisticated few), and so "virus" is the
general word I will use here. There are however some technical differences, but
they are of no consequence for this discussion. Contrary to popular belief, not
all viruses are dangerous. Although a few carry a dangerous payload (such as
erasing the hard disk), many others are just happy to say "I'm here",
or making some minor mischief in the victim's computer. There are even some
viruses that do nothing at all, except spread themselves. These are usually
"proof of concept" viruses, that serve to demonstrate the feasibility
of a new infection route or technique, as the recent worm that infects PDF
(Portable Document Format) files. After they set the example, other virus
developers can build on the concept and maybe add a destructive payload.
Years
ago, diskettes were the preferred medium for the propagation of viruses. Now,
the medium of choice is the Internet. There is a difference however: while the
old "diskette" viruses were usually able of propagating themselves
without the user having a clue, the new breed of e-mail viruses usually have to
"ask your permission" for installing and activating themselves.
Usually, you grant them permission when you click on the e-mail attachment.
This
usually frees the virus into the system. Many of them look for the Outlook
address book. They choose some e-mail addresses there (or all of them) and they compose a message to those addresses
attaching themselves to it. That was the propagation technique used by the Love
Letter, the Melissa and the Sircam worms.
Wary users can hinder this mechanism by entering slightly modified
e-mail addresses in their address books. For instance, I have changed all the
".com" addresses in my book to ".co" When I send an e-mail
message, I just add the missing
letter. No virus can do this trick, and so they cannot use my address book to
send themselves.
The
usual worms can be easily detected because they usually send the same e-mail
message to everybody. So it was easy to spread the word about what to look for.
The Sircam virus was smarter: it attached itself to any of the victim's data
files, and then it used that filename
for the e-mail message subject line and attachment. A different one each time.
I have received as many as six or seven infected e-mail messages from the same
person, all with different subject lines and attachments,.
Besides,
Sircam was bilingual. As it was probably developed in Mexico, there were two
versions of it: one in English and the other one in Spanish. Besides, each time
it reproduced, the worm displayed a different set of catchy, click-inducing
phrases: "I send you this file in order to have your advice", or
"I hope you can help me with this file that I send", or "This is
the file with the information that you asked for", or a few others. But it
was easy to catch because the first and the last line were always the same:
"Hi! How are you?" "See you later. Thanks." Casual enough,
however, to make you think that they came from an old acquaintance. As I said,
this was good social engineering.
The
point is that progressively more viruses will copy these "features".
Their payload may be dangerous or not, but they are always a nuisance, and they
can clog networks by their mere uncontrolled reproduction. So, a few words of
caution are in order:
-
Do not open unexpected attachments
from any sender. Remember that your relative, friend or client might be
infected, and may be unwillingly spreading the infection. In doubt, ask the
sender before opening the message.
-
Do not allow automatic macro execution in any program (especially the Microsoft
Office suite). You can de-select this option in the "Preferences" or
"Settings" menu item.
-
Do not allow automatic execution of programs or HTML content in your e-mail
program.
-
Most e-mail viruses target Microsoft Outlook for their spreading. There are
less chances of being affected if you switch to another e-mail program, such as
Opera, Eudora or The Bat.
-
Get and install the new versions or software patches for solving certain known
software vulnerabilities, known as
"exploits". The recent "Code Red" virus infection wave did
not affect home users, but it did play havoc with Windows NT Internet servers that had not been properly updated
using the patches available at Microsoft's Web site. Embarrassingly, the virus
also attacked some Microsoft Web properties that had not been patched.
-
Make and keep backup copies. If for any reason – virus related or not –
something happens, I know I have most of my significant data backed up on
another drive, on another machine, and that eventually it will all find its way
to my CD burner.
-
And, of course, get yourself a good antivirus program and update it frequently.
Remember, however, that these programs can protect you from already known
viruses, but they may be ineffective against the newest strains.
Are
all these precautions enough? Not completely. New viruses are constantly being
developed that attempt to bypass even the most stringent safety measures. But
for sure they will keep out most offenders. Your valuable data will be safer,
and you will sleep better!
|