As if viruses and Trojan horses were not enough trouble, you have to also separate the real ones from the hoaxes. And then there are the scary e-mails that warn you to look out for ax murderers at your local shopping mall. Oh yes, and the chain letters full of dire warnings if you don't pass it on to at least ten friends within the next ten minutes. Tugging on your heartstrings are the e-mails about lost kids, complete with photo. And, "they" are spying on you as you surf the Web.
A real virus
I guess I've been fortunate. After nearly 20 years of combined Macintosh and PC computing, I only just recently received my very first bona fide virus. I received an e-mail that did not appear to have any text in the body (I'm using Preview Pane in Outlook). It was the newest one in my inbox (therefore automatically selected), and a window immediately popped up asking me whether I wanted to open the attachment or save it to disk. It wasn't from anyone I knew, and, fortunately, I remembered having seen the attachment name in an article about viruses. I hit Cancel in the window and headed to my browser to do a search on the attachment name. The McAfee Virus Information Library (http://vil.nai.com/vil/default.asp) came up in the results list, so I immediately read the scoop on this particular virus. The McAfee site provides directions for removing this and other sundry viruses, but since I hadn't opened the attachment, my computer did not become infected.
I tried to reply to the e-mail to warn the sender that they had a virus (in case they didn't send it on purpose), but it was impossible because the virus had modified the return address.
Be cautious. Don't open attachments from strangers. But also beware of attachments even from persons known to you. If the message is unexpected or contains an extension you are not familiar with, check with the sender before opening it. If the attachment is named photo_ Emily.jpg, and the message is from your friends who have a new baby named Emily, it probably is a photo of Emily and safe to open. But if the message is from someone you don't know, and the name of the document is something odd like "fun.pif," check it out. Use your favorite search engine to search for the file name. Then read about it to find out if it is a virus. Delete the message permanently from your Inbox. Although the e-mail message itself can't do any harm, opening the attachment will trigger the virus.
But what about virus hoaxes?
Well meaning friends and colleagues send warnings about real and hoax viruses, tying up time and bandwidth. Your organization should have an established security policy that instructs employees how to handle a virus warning. Technical support should be contacted immediately. The individual who receives a virus warning should not forward the warning to others in the organization, because doing so might create an even bigger problem if spread to others.
If you're not sure about the validity of a virus warning you receive, check out these resources:
You might want to bookmark one or more of these sites for a quick check the next time you receive a dire warning. Then, copy the URL for the information about the specific hoax and paste it into a reply to the sender along with a polite note that the item they forwarded to you was a hoax. With any luck, they'll start checking for themselves before disseminating warnings
Be safe
In addition to being aware of the hazards of malicious e-mail attachments, be very careful about downloading files from the Internet. There are lots of interesting and useful sounding utilities available, but make sure that the source is legitimate and reputable. Read the information on the download site to see whether an anti-virus program checks the files that are available. If you're not certain, don't download the file at all or at least download the file to a floppy and then test it with your own anti-virus software first. You are keeping your anti-virus software up to date, right? Also, make it a priority to back up your important data regularly. That way, if despite all the care you take, your computer becomes infected, you can retrieve your clean files from backups.
Urban legends and other hoaxes
Urban legends have been around for a long time. E-mail just helps them spread farther and faster. Some well-meaning people want to warn their friends about potential danger and e-mails are then forwarded on and on. Again, such practices tie up time and bandwidth.
Here is a sample of one I received recently. The sender, a former colleague, said he received it via friends in Hong Kong, so you can just imagine how such stories can travel far and wide. The body of the e-mail started with
"LET THIS TRUE STORY SERVE AS A WARNING - To the men: Warn your loved ones! To the women: remember this! This just gives me the creeps! About a month ago there was a woman standing by the mall entrance passing out flyers to all the women going in. The woman had written the flyer herself to tell about an experience she had, so that she might warn other women. "
The e-mail goes on to say that the woman was nearly murdered by a man who offered to change her flat tire and then asked for a ride. Fortunately, according to the story, she was suspicious and went back in the mall and contacted security. Police later supposedly found rope, duct tape, and knives in a briefcase the man left behind. This story, like many similar ones, is a hoax, which I verified by checking the www.urbanlegends.com Web site, my first source for checking such suspicious stories.
I also just received another kind of urban legend/hoax, the "Penny Brown is Missing" e-mail. This hoax has made its rounds several times because well-meaning, sympathetic people want to help.
There are also hoaxes that appeal to the desire to get something for nothing. Let's use some common sense Microsoft, Disney, and other companies are not giving away anything for free simply because you send a certain e-mail to enough people. Check it out before you pass it on.
Here are four sources for debunking hoaxes and urban legends:
A key indication that a message is a hoax is the urgent plea to pass it on and many people do. And while they are passing it on, they are providing the e-mail addresses of all of their contacts, since the "To" portion of the e-mail contains a clearly visible list of recipients. But here's a useful e-mail tip: don't give out your friends' and colleagues' e-mail addresses. Use the "Bcc" instead of "To" or "Cc" to add multiple recipients. That way each recipient sees only his or her own e-mail address.
"They" are spying on you
While banner and pop-up ads are a common way to promote a product, some software advertising systems do more than just show static banners. They use your Internet connection to get additional banner ads from a third party's server and send information about you back to the server. This information is then collected and sold to others. Some of these programs track the sites you visit. And the more they know about you and your surfing habits, the higher your value to them.
Most of these products are installed with a host application, which may or may not work without the spy components installed. Popular applications including such spy programs are Go!Zilla, AudioGalaxy, Gator, or BearShare. When you download these products, a Trojan Horse comes along for the ride.
How can you tell if spy programs are using your computer? Is your browsing speed slower than ever since you installed a free program to speed up your browser? Does your firewall report that a program with an unusual or odd name is trying to connect to a remote server? Is your mailbox increasingly full of targeted Spam, and do some of these advertisers use your real name in their messages? Any of these are symptoms suggest that your computer may have been spied upon
A free utility called AdAware from LavaSoft (www. lsfilserv.com) can scan your system and remove spyware.
It is fast and easy to use. You can even set up scanning parameters which drives, which folders, scan at start up, scan when you choose, etc. When the scan is finished, a list of spyware programs on your system, if any, will appear. At that point you have the option to delete them from your system. You can back up the programs first, if you're not sure what they are. And if there are programs you want to keep, you can exclude them from subsequent scans.
If you're concerned about your privacy while surfing, check out AdAware. It detected three spyware programs the first time I used it.
© Copyright 2002 by Sound Internet Strategy. All rights reserved