First, none of the major software providers (Microsoft, Norton,
McAfee...) send out fixes or patches by e-mail. They all require that
you manually go to their web site to download the patches or use the
software (Liveupdate, Windows Update...) that is ALREADY
installed with
the application on your PC.
Almost all of the viri that are in circulation forge the return
address. So even if you identify a message as being a virus, the sender
is probably not the one infected and that sent it to you.
(1/27/2004) There is a couple of worm type viri going around now that
are
especially virulent. Once your system is infected they try to e-mail
themselves to everyone in you address book using another address in
your book as the forged return address. There have been reports that
they can e-mail themselves to 100 people in just a few minutes.
(10/2004) There are a couple of new methods that virus writers are
using to try and get around e-mail server based anti-virus and sucker
people into opening their systems to infections. One is to actually
claim that the e-mail has been scanned and found clean by attaching a
footer stating as much in a footer the way AVG does. Despite the claim
the attachment is a virus and should not be opened. The other is by
saying that the attachment is something that you wanted (or is being
returned to you) but has been encrypted and gives you the key to
de-crypt it. Because the server doesn't "read" e-mail it can't get the
key to de-crypt the attachment and thus identify the virus.
There are viri that even
try to spread by placing themselves as bait in the KaZaA and other file
sharing systems shared folders
on you system using popular software file names. Aside form legal
issues of using these file sharing systems there is now the danger that
your will be asking for a virus when you download using them.
While mentioning KaZaA (and its cousins Morpheus, Aimster,
Sharebear...), did you
know that most people that install it open their system entirely to the
rest of the world by taking the default configuration? The default is
to share your entire hard drive with everyone. There have been reports
of peoples *private* wedding pictures and even complete bank records
being accessible because of this. Also, the second most popular use of
KaZaA is for the sharing of pornography. Some legal authorities as well
as the music industry are starting to search KaZaA shares for illegal
files.
When ever your anti-virus warns you that your virus definitions are old
or that it is time to update them, perform the update or allow the
LiveUpdate to do so. If you can't do so or have trouble please contact
an IT professional.
Also, when you anti-virus warns you that it is time to renew, do so
before it expires. While the major anti-virus programs will continue to
work after expiration they won't catch viri that are released after the
expiration date. Several people have thought they were protected and
gotten infected because their anti-virus updates had expired and a
later virus was allowed in.
Do not disable auto-protect or real time scanning in your anti-virus.
Be certain that any e-mail you receive with an attachment is from
someone you know, trust and are expecting to send you
an
attachment at that exact time.
Watch for attachments that end with .bat .cmd .pif .vbs .lnk .scr or
.exe, these are almost always virus infections. Do not open them unless
YOU are prepared to suffer if they are a virus. Be careful of
ones that
look normal but have an
extra extension added to the end such as zone_report.xls.lnk
which is
not an Excel file.
Never open an attachment (even one you expect) directly from the e-mail
window. Instead save the attachment to disk first, this gives your
anti-virus a direct chance to examine the file for virus intents.
A few virus assaults take advantage of flaws in Microsoft's Outlook and
Outlook Express to infect your system with out you having to open the
attachment. These attacks usually show as being from a sender you don't
recognize or have a subject that is inconsistent with being from
someone you do know. Subjects can be: "Hi, I missed you", "Here is that
file I promised you", "Read This", "Zone Report", "Here are those
pictures you asked for" as well as others. It is best to not even
preview (single click so it shows in the lower pane) but to right click
on them and delete.
Watch out for two messages in a row from the same sender. Some virus
will wait until their victim sends a message and then use that address
to send itself in another message right behind it. Sometimes the
subject will be the same but other times it might be different. This
shows that even someone you trust might not have been as careful as you
and is now exposing you to a virus.
If you receive messages that say that a message you sent has been
rejected and you haven't sent any to them it probably means that
someone with your address in their book has been infected. As mentioned
before many virus attacks are based on forging the return address with
one from the infected user's address book before sending it to everyone
in their address book.
Another danger is e-mails that appear to be from something like E-Bay,
they even have all the graphics and "feel", and ask you to click on a
link to update your personal details. The link looks like it is to a
legitimate site and even when you do click on it the web browser looks
like a legitimate site address. However, due to a flaw in Microsoft
Internet Explorer it really is an entirely different site that is
trying to steal your personal information or infect your system. Always
use your existing bookmarks to sites you use or manually type the
address when going to sites that you think you trust.
Remember that the second most common e-mail virus is the Hoax. Many
virus warnings have been spread such as SULFNBK.EXE being a virus when
it really is a part of Windows. Or the one about Aids tainted needles
being left in gas pump handles. Almost all of them do not provide
complete specifics, who the
official was that reported it, the town & state & business, the
date when it occurred so that it can be used to verify their dire
warnings. Before becoming a Hoax Virus carrier always make sure that it
is real before forwarding. You can use www.sarc.com to check out actual
virus alerts. Some bogus e-mail alerts even claim they are from
Symantec (Norton AV)! Also, for urban legends you can check
www.hoaxinfo.com, www.nonprofit.net/hoax/default.htm,
or
www.urbanlegends.com for
reports on hoaxes.
Finally there are hundreds, maybe even thousands, of e-mails that
promise to give you money for helping them clear an estate, get you
cheap drugs, enlarge parts of your body that your gender doesn't even
have or any number of other ways to sucker you into giving them your
money. If it isn't a business that you have given your e-mail address
to, given permission to e-mail you and is about business you do with
them you would be wise to delete it without even reading more than the
subject line.
Finally, when in doubt contact an IT professional.
