Vicker Programming Logo

Vicker Programming

Roger Vicker, CCP

This is a reminder on practicing safe e-mail.

First, none of the major software providers (Microsoft, Norton, McAfee...) send out fixes or patches by e-mail. They all require that you manually go to their web site to download the patches or use the software (Liveupdate, Windows Update...) that is ALREADY installed with the application on your PC.

Almost all of the viri that are in circulation forge the return address. So even if you identify a message as being a virus, the sender is probably not the one infected and that sent it to you.

(1/27/2004) There is a couple of worm type viri going around now that are especially virulent. Once your system is infected they try to e-mail themselves to everyone in you address book using another address in your book as the forged return address. There have been reports that they can e-mail themselves to 100 people in just a few minutes.

(10/2004) There are a couple of new methods that virus writers are using to try and get around e-mail server based anti-virus and sucker people into opening their systems to infections. One is to actually claim that the e-mail has been scanned and found clean by attaching a footer stating as much in a footer the way AVG does. Despite the claim the attachment is a virus and should not be opened. The other is by saying that the attachment is something that you wanted (or is being returned to you) but has been encrypted and gives you the key to de-crypt it. Because the server doesn't "read" e-mail it can't get the key to de-crypt the attachment and thus identify the virus.

There are viri that even try to spread by placing themselves as bait in the KaZaA and other file sharing systems shared folders on you system using popular software file names. Aside form legal issues of using these file sharing systems there is now the danger that your will be asking for a virus when you download using them.

While mentioning KaZaA (and its cousins Morpheus, Aimster, Sharebear...), did you know that most people that install it open their system entirely to the rest of the world by taking the default configuration? The default is to share your entire hard drive with everyone. There have been reports of peoples *private* wedding pictures and even complete bank records being accessible because of this. Also, the second most popular use of KaZaA is for the sharing of pornography. Some legal authorities as well as the music industry are starting to search KaZaA shares for illegal files.

When ever your anti-virus warns you that your virus definitions are old or that it is time to update them, perform the update or allow the LiveUpdate to do so. If you can't do so or have trouble please contact an IT professional.

Also, when you anti-virus warns you that it is time to renew, do so before it expires. While the major anti-virus programs will continue to work after expiration they won't catch viri that are released after the expiration date. Several people have thought they were protected and gotten infected because their anti-virus updates had expired and a later virus was allowed in.

Do not disable auto-protect or real time scanning in your anti-virus.

Be certain that any e-mail you receive with an attachment is from someone you know, trust and are expecting to send you an attachment at that exact time.

Watch for attachments that end with .bat .cmd .pif .vbs .lnk .scr or .exe, these are almost always virus infections. Do not open them unless YOU are prepared to suffer if they are a virus. Be careful of ones that look normal but have an
extra extension added to the end such as zone_report.xls.lnk which is not an Excel file.

Never open an attachment (even one you expect) directly from the e-mail window. Instead save the attachment to disk first, this gives your anti-virus a direct chance to examine the file for virus intents.

A few virus assaults take advantage of flaws in Microsoft's Outlook and Outlook Express to infect your system with out you having to open the attachment. These attacks usually show as being from a sender you don't recognize or have a subject that is inconsistent with being from someone you do know. Subjects can be: "Hi, I missed you", "Here is that file I promised you", "Read This", "Zone Report", "Here are those pictures you asked for" as well as others. It is best to not even preview (single click so it shows in the lower pane) but to right click on them and delete.

Watch out for two messages in a row from the same sender. Some virus will wait until their victim sends a message and then use that address to send itself in another message right behind it. Sometimes the subject will be the same but other times it might be different. This shows that even someone you trust might not have been as careful as you and is now exposing you to a virus.

If you receive messages that say that a message you sent has been rejected and you haven't sent any to them it probably means that someone with your address in their book has been infected. As mentioned before many virus attacks are based on forging the return address with one from the infected user's address book before sending it to everyone in their address book.

Another danger is e-mails that appear to be from something like E-Bay, they even have all the graphics and "feel", and ask you to click on a link to update your personal details. The link looks like it is to a legitimate site and even when you do click on it the web browser looks like a legitimate site address. However, due to a flaw in Microsoft Internet Explorer it really is an entirely different site that is trying to steal your personal information or infect your system. Always use your existing bookmarks to sites you use or manually type the address when going to sites that you think you trust.

Remember that the second most common e-mail virus is the Hoax. Many virus warnings have been spread such as SULFNBK.EXE being a virus when it really is a part of Windows. Or the one about Aids tainted needles being left in gas pump handles. Almost all of them do not provide complete specifics, who the official was that reported it, the town & state & business, the date when it occurred so that it can be used to verify their dire warnings. Before becoming a Hoax Virus carrier always make sure that it is real before forwarding. You can use to check out actual virus alerts. Some bogus e-mail alerts even claim they are from Symantec (Norton AV)! Also, for urban legends you can check,, or for reports on hoaxes.

Finally there are hundreds, maybe even thousands, of e-mails that promise to give you money for helping them clear an estate, get you cheap drugs, enlarge parts of your body that your gender doesn't even have or any number of other ways to sucker you into giving them your money. If it isn't a business that you have given your e-mail address to, given permission to e-mail you and is about business you do with them you would be wise to delete it without even reading more than the subject line.

Finally, when in doubt contact an IT professional.

Roger Vicker, CCP

All contents and photos are copyrighted © 2004 by Roger Vicker and may not be re-distributed without express written permission.