Careful - that e-mail may be virus in hiding

March 19, 2001|By MIKE HIMOWITZ

THERE NEVER SEEMS to be enough space in a column for everything I want to write. There are a couple of reasons for this. First, as an old hard-news guy, I have trouble with the notion that anybody wants to read more than 1,000 words at a time about any particular subject. Second - and more important - newsprint is expensive. Even when I want to write more, there isn't room for it.

As a result, I usually have to cut my column to fit the space available; and, occasionally, readers notice that I've left something out. That's what happened recently when I wrote about the Anna Kournikova virus, an e-mail attachment that masquerades as a picture of the sexy Russian tennis star.

Recipients using Microsoft's Outlook e-mail program who double-click on the attachment, hoping to see a photo, actually launch a program that forwards copies of the virus to everybody in their address books. The virus does no other damage; but, in this case, the resulting flood of messages overwhelmed e-mail servers around the world.

This brought a query from an America Online subscriber who wanted to know whether viruses like this are a danger to him and other AOL e-mail users, and whether they can affect users of Web-based mail services such as Hotmail and Yahoo. Why didn't I mention them?

Actually, I just ran out of space, but because so many of us use other e-mail programs, I should deal with the issue.

The answer to the reader's question, as usual, is Yes and No. The Anna virus took advantage of programming "hooks" Microsoft built into Outlook that allow other programs to access its e-mail functions. The virus won't replicate itself with other e-mail programs, including AOL mail, Eudora, Pegasus, Lotus Notes and Web-based mail systems. But similar viruses can be a lot more malevolent than Anna. They can do serious damage to your computer, even if they can't use Outlook or Outlook Express to spread themselves.

A good example is the "Naked Wife" virus, which made the rounds of corporate e-mail systems earlier this month. With a subject line that reads, "Fw: Naked Wife" and text that reads, "My wife never looked like that! ;-)," the message entices recipients to open an attachment that appears to be a salacious photo. When a mark takes the bait, this nasty little two-stage number tries to replicate itself by sending copies to everyone in the victim's Outlook address book. Then, it searches the user's hard drive, deleting critical system files and turning the computer into an expensive paperweight.

While users of programs other than Outlook don't have to worry about this type of virus using their computers to propagate, they do have to worry about the damage the second part can deliver.

Meanwhile, AOL users have their own viruses to worry about. The most common these days is known technically as "APStrojan.qa." In various forms, it masquerades as an e-mail attachment with the file name MINE.EXE, which purports to be a compressed archive of photos from a friend.

When the recipient downloads the file and double-clicks on it, the program goes to work. It sends copies of itself to everyone in the victim's AOL "Buddy List," steals the user's AOL password and forwards it to the author of the virus. Then it makes a variety of changes to the victim's system that can make it impossible for him to log on to AOL again. While he's unable to log on, the virus writer is merrily hijacking the victim's account.

This is a particularly nasty virus to remove because it has five ways to reinstall itself. If you don't get them all, you're out of luck. You'll find good advice for dealing with the program on AOL's virus forum, but if you get hit by the trojan and can't log on, you'll have to find another computer to re-establish contact. Even then, you might not be able to log on to your AOL account - in which case, your best bet would be to have someone download a removal program from another Web site and store it on a floppy disk for you. You'll find a collection of Trojan hunters on Cnet's Web site at http://aolcom.cnet.com/down loads/. Just enter the word "Trojan" in the search box.

All of these viruses, by the way, are known in the trade as "Trojan Horses" because they use a seemingly innocuous gift to hide a malicious program. To do their work, they rely on a combination of software engineering and "human engineering." The latter is more important, because a Trojan Horse can only do its mischief if the human who receives it is gullible enough to open an unfamiliar e-mail attachment.

If you get an attachment you're not sure of, even if it appears to be from a friend or business associate, don't open it or save it to your hard drive unless you run it through a virus checker first.

If you don't have a virus checker, buy one now. Both Symantec and McAfee have good ones that are available in any computer store or online from the companies' Web sites. Once you've installed the virus checker, update it regularly online.

Even these safeguards might not catch some viruses, especially new ones. So you still have to be on guard. The main thing to look for is attachments whose file names have the extensions "VBS" or "EXE." These designate programs, and you should never click on one unless you know what it is.

If you have any doubts at all, contact the person who mailed it to you to see if it's legitimate, or delete it without storing the attachment.

Web-based e-mail systems seem to be getting the message.

Many will now warn you about attachments that could hide viruses, and Yahoo mail will even run a suspect attachment through a virus checker before you download it.

The important thing to remember is that you can't be too paranoid when it comes to a pretty package that arrives unsolicited in the mail. If in doubt, throw it out.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.