What is a Computer Virus?
Apparently some hackers, with some really evil intent, have read this article and are preying on some less suspecting users who are not fully knowledgeable of file extensions and what the imply. They are sending out new versions of the Melissa virus in Microsoft Word document attachments, and labeling these items as pictures and putting "My Pictures" in the subject line. See one of the recent warning from NAI Labs.
So let me reiterate. Data cannot harm you. Only programs contain viruses. There are some exceptions. In this mixed up computer world, it getting harder and harder to differentiate data from program. Because E-mail can contain HTML; and, HTML can contain programs in Java, JavaScript, VBScript and the like. Some of this stuff can invade your system as an ActiveX control using the privileges you have to invade other systems.
Microsoft in its infinite wisdom has made the computer easier to use; but, by the same token they have made it easier for hackers to reek havoc on your system. For example: programs like Microsoft Outlook Express are setup in three views: 1. Folder List. 2. Mail List. 3. Mail Preview Pane. The first thing I do to protect a user's system when I visit with them, is turn the preview pane off. It is an open invitation for problems, because you lose control over the mail viewing process.
If you are like me. You get enough of this garbage in the mail. And, I don't want it entering my eyeballs, unless I decide to. Also, I don't want to give the programs that may be contained within it the opportunity to enter my computer until I have a chance to check them out.
You can preview messages in plain text format, which is totally safe, by right clicking on the item in the mail list and selecting properties. The message can be displayed in text mode from there by selecting the "Details" tab. Messages in text mode are pure data, nothing else. Text is nothing but data and totally safe. HTML on the other hand is program data that is read and interpreted by the browser. HTML was designed with safety in mind. The extensions provided it by Java and other languages leave some doubts.
Again I cannot emphasize how important it is to be suspicious of file attachments. Do not open attachments unless you are familiar with the source, have your resident virus checker turned on (with a updated set of virus definitions) and recognize the file extension and how your system is going to treat it. It could turn out to be a program like the HAPPY99 virus... A Microsoft Word document can actually be a program too. This happens to be an area where most users are susceptible because we all think of a word processing document as data.
Again I should state that a picture is normally safe when used with a standard picture editor or viewer. Typically, most HTML enabled e-mail browsers, Outlook Express included, will open picture attachments automatically, if they recognize the extension (JPG or GIF). This is normally an innocuous activity. There is one exception to this rule. Microsoft office products treat data as programs,. If the file is masquerading as something else like a Word document or you use Microsoft Office XP/2003 to view the picture it could infect your computer. If you use Microsoft products, make sure you check for updates regularly. In September 2004 there was a vulnerability discovered when JPEG files are used with Office XP and Office 2003. See article about JPEG Security Update for Microsoft Office.
If you are the least bit suspicious, DO NOT open the attachment. Even if you have an up-to-date, first class virus checker resident in memory that can prevent your system from being infected, it may not save you. Over 1,000 new virus are created each month, and unless your name is Murphy, it will just be your luck that you picked up the new virus before receiving the necessary inoculants. Once in your system, some of these virus mutate, making them very difficult, if not impossible to find and remove; and, by then the damage is already done. If you get infected, your only recovery option may be to reformat your drive, reinstall all your programs and restore your data, which could take several days to complete. Better hope you are backing up your critical data.
All about Viruses
On March 14th, 1999, I received the following inquiry from one of my sisters about some e-mail I sent her with some picture attachments. I get so many questions about viruses, that it becomes difficult for me to address each one of them individually. It is just amazing how many people are connected to the net these days. During the Windows 98 launch, Bill Gates equated the rush to the Information Superhighway to the automobile craze during the last century. Now, it seems everyone today is attempting to demonstrate their computer literacy.
Fortunately, for most of these folks it takes virtually no skill today to get a computer, hook-up it up and make a connection to the internet. In fact they are giving away computers to get you connected. Nothing like this ever happened with automobiles, radio or television (i.e. no one yet gives away television with cable service). What is going on?
No one has ever anything like this before. Unfortunately, with all of Airheads Online, their is allot of confusion going around. I have seen an unbelievable number of E-Mail notifications from people who subscribe to AOL, which is now the number one internet service, warning people of viruses that were nothing but a hoax. Unfortunately, these hoaxes scare the pants off of most folks who don't know what they are doing. Therefore, I though it would be a good idea to publish this response in hopes that it would satisfy everyone's curiosity.
Q: All the downloadable pix you've sent me say that if I choose to open them I may be importing a virus. Is that a standard message? I haven't downloaded since I got that message for fear I was doing something wrong.
A: As for the pictures... Are you getting this message from your mail
reader? If so, it is only a warning, and yes it is possible to get a virus from an e-mail
attachment. However, there is one thing that I can share with you that will help you
recognize the risk without a doubt. VIRUSES CAN ONLY BE TRANSMITTED TO YOUR COMPUTER
BY RUNNING AN INFECTED PROGRAM. You cannot get a virus from data. So things
like pictures are perfectly safe unless you are using a Microsoft Office product
to view them.
Someone didn't design that warning message with enough smarts. It should know that
pictures are safe. Any GIF or JPEG files are OK to open. They are not
programs. However, it is easy to be deceived. Some other types of data files
are not just that, because they can contain program logic. Microsoft Word documents
are a perfect example.
I was recently impacted by a Microsoft Word CLASS 97 M virus. In January, opened up
a Word document that someone sent me as an attachment. I made the mistake of not
having the auto-protect on my Virus Scanner turned off, because I was involved in doing
some reconfiguration on my machine. Some of the programs I was installing asked me to turn
this feature off. In my haste, I opened an read this mail without turning the
auto-protect back on. This gave the virus a chance to invade my system. My computer
was caught with its pants down, so to say, almost like our dishonorable President Clinton.
It took several days for me to notice my mistake. Most of these viruses do not
strike immediately. They have some kind of trigger mechanism. Mine was set to
go off at the end of the month. I didn't notice that I was infected until my
birthday on February 2. By then it had gotten into everything.
The following two weeks were quite unbearable. I tried everything to get rid of
it. When I scanned the system on my birthday, my virus scanner said if found the
virus and it killed it. Unfortunately, I think it had already done
significant damage. It was a stealth, polymorphic virus. Once it invades your
system, it is extremely hard to flush out. I tried everything. Eventually, it
came down to reformatting the hard drive and re-installing all the software. To make
matters worse, I may have had a memory problem too, because all the problems on the system
did not go away until I swapped out the memory chips as well.
If you want more information on viruses, I suggest you visit www.antivirus.com They will scan your
system for free their, directly from their web site, without loading any programs on your
system. Which brings up another subject. Do you read, you e-mail in HTML
format. This can present an opportunity for a virus to invade your system, just by
reading the mail. Certain mail readers like Microsoft Outlook support ActiveX
controls, which is a program. THERE IS AN OPPORTUNITY HERE FOR INVASION WHERE YOU
WOULD RECEIVE NO WARNING TO KISS YOUR ASS GOODBYE. FYI, this e-mail is not coming to
you in HTML format.
There has been this nasty worm, that allot of people have been passing around.
Unknowingly, one of my client's sent me this virus as an attachment. Luckily, I did
not open up the file. It is called HAPPY99.EXE. It got one of the AJC Tech
Editor real bad. I just happen to remember reading, an article he had written about
the virus, which alerted me to its presence. I got this email from the support
channel at www.antivurs.com, when I went looking for
information on the virus at their site.
>Hello,
>
>Your message mentioned the PE_SKA worm, also known as the Happy99.exe worm.
>If you are using a Trend product, you should be able to detect this worm if
>you are using pattern file 499 or higher. You can download the newest
>pattern file from http://www.antivirus.com/download/pattern.htm
>
>If you have found this worm on your system, you can remove it by deleting
>Happy99.exe and Ska.exe. If you find WSOCK32.SKA on your system, you
should
>delete WSOCK32.DLL, then rename WSOCK32.SKA to WSOCK32.DLL.
>
>If this e-mail has not answered your question, please e-mail me again at
>this address and place the following text in the subject line: *PE_SKA*
>Placing that text in the subject line will prevent you from receiving this
>auto-reply again.
>
>
>More info on PE_SKA:
>
>This worm does not attempt to alter or destroy user data, but will attempt
>to attach a copy of itself to any SMTP e-mail and to any postings to
>newsgroups. Happy99.exe was posted as an attachment to several newsgroups
>and sent to many e-mail addresses in January 1999. When an infected
>attachment is executed, the worm displays a fireworks graphic and the
>message "Happy New Year 1999!!" It then copies itself to the
Windows/System
>folder under the name Ska.exe. It extracts the file Ska.dll from itself and
>places it into the Windows/System folder, if the file does not already
>exist. It also checks for the existence of the file WSOCK32.SKA in the
>Windows/System folder. If that file does not exist, the virus changes the
>name of the file WSOCK32.DLL to WSOCK32.SKA. It then patches "Connect"
and
>"Send" exports in the WSOCK32.DLL, so it can check whether there is network
>activity. This file consists of a routine so that when the user is
>connecting to the internet, the virus will be activated. If the
WSOCK32.DLL
>file is in use and cannot be modified, the virus will create the Windows
>registry entry
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce=SKA.EXE
>so that the virus will be run upon next system reboot.
>
>
Follow up response from my sister:
>Got your e-mail about viruses and saved it. Stuart's computer (which is the
>one everyone uses including me right now because it is in the family room) had
>a big bad virus about 2 weeks ago and he was afraid it was because of all the
>attachments.
>
>I kept the virus information in case it shows up again. Ed came over and re-
>installed the hard drive last time.
Last Edited on Friday, December 18, 2009