Virus Information and Advice

There have been several hoax viruses this month (May-Jun 2001). Many people simply laugh not realising that the hoax can be just as deadly as the real thing. There’s much FUD - Fear, Uncertainty and Doubt - surrounding computer viruses, so this article is intended to help understand them a little better.

First, some simple advice: How can you tell the hoax from the real virus? The best way I can recommend is to use the following web site: http://www.mcafee.com/anti-virus. Their news articles are broken into real virus attacks and hoax virus attacks. You can also sign up to their newsletter and they will email you details of viruses. You could also install their virus checker.

Everyone who uses the internet should obtain and install a good virus checker. Even if you don’t use the internet, you can still pick up a computer virus from a disk borrowed from somebody else.

If you do receive an email from a well known anti-virus company, such as McAfee, telling you about new viruses or new hoaxes then you should also check on their web site in case the email did not actually come from them - it could be a hoax email.

A hoax can be just as dangerous as a real virus - many people followed the hoax advice and erased files from their computer causing just as much damage as a real virus might have done.

Here are some guidelines…

bulletBeware of emails containing attachments - those without attachments are usually harmless
bulletLook very carefully at the name of the attachment and see how it ends. Be especially careful where the name ends .EXE .VBS .DLL- do not open these attachments unless you know exactly where they came from and feel confident that they are safe
bulletIf you send someone an email attachment then always take the time to include something personal in the message so that they can tell that the email was actually written by you. Most email viruses send themselves to everyone in your address book so everyone thinks it came from you, and they usually simply say “thought you’d like this joke”. If it said something like “Hi John, Ruth and I were talking about this great joke this week, see attached” then no virus could be that inventive.
bulletIf you receive an email with attachments and the email does not contain anything personal in it, then it’s best not to open the attachment.
bulletIf you use Microsoft Office programs then set them to not open embedded scripts without asking your permission. Most documents do not need a script attached so always choose not to open the script unless you know why the document has a script - if you don’t know why you can always ask the sender.
bulletIf you spend a lot of time online to the internet then you may be the target of an attack using a probe - use a personal firewall such as ZoneAlarm - see http://www.zonealarm.com where, for personal/non-profit making use, you can download ZoneAlarm for free.

So what is a virus? A virus usually has two components…

Infection

This is how it spreads. The most common form of virus, because it spreads so quickly, is an email virus. This usually appears as an attachment to an email rather than an email itself - usually the actual email itself is harmless. The attachment has to have something that the program can execute. 

Mostly these things are…

bulletEXE files - computer programs. Many people distribute files in a compressed form - ZIP files - and often they make a self-extracting version of the ZIP file which will arrive as an EXE file. Games and other software come as EXE files. Don’t open EXE files unless you know for sure that they are ok.
bulletOffice files - just about all Microsoft Office programs have the capability to have a SCRIPT attached to them and these scripts can perform really useful functions and they can also carry viruses. Protect yourself by using the MS Office option to prompt you if you are trying to open a file that contains a script (for example: Word - use Tools / Macros / Security and set the level to high). If Word says that the document has a script then don’t let it open the script unless you know why the document has a script.
bulletVBS files - these are Visual Basic scripts and should always be viewed with suspicion - don’t open anything that has a VBS file extension (I.e. ends with .VBS). There is very little good reason why an email should have a VBS file attached. Sometimes people don't look too closely at the attachment - for example the file name might be MyGranny.JPG.VBS and people see the JPG part and assume it's a picture - it's the very last part that counts.

Viruses other than email viruses usually alter files on your PC so that they can hide in those files. Often those files are EXE, DLL, VBX and other executable files.

The Trojan Horse principal is often used too. For example: someone offers a free internet game, whilst you are having fun playing the game, which needs to be online, it opens up a portal into your PC through which the author can access your PC and do whatever: damage things, copy files, nose around your system looking for passwords and credit card numbers, etc.

Virus checkers spot the viruses by examining such files, as you ask for them to be opened or used,  looking for a pattern, known as a virus signature, and they only let your program have the file, or let your PC execute the file, it is appears to be OK.

If a virus signature is found, then the virus checker will alert the user and offer to clean up the file. If the clean up is successful, then the file will be available for use. If it cannot be cleaned up then the virus checker will usually quarantine the file into a separate directory reserved for that purpose and recommend that you delete the file.

New viruses appear all the time, so most virus checker licences include free updates for a year, and the virus checker will automatically check regularly for the updates.

Some viruses hide in the boot sector of your hard disk. Each time you give an infected file to someone else and they trigger it, then the virus hides in their boot sector too. Each time you use a floppy disk then the virus infects the boot sector on that disk too. If someone accidentally (or otherwise) attempts to boot from that floppy disk then they will become infected too as the virus migrates to the boot sector on their hard drive.

Unless you have a need to boot up from floppy disk or CD-ROM then you are best to alter your BIOS settings to only boot from your hard drive. If your hard drive fails then you can always alter the settings back again later. This would prevent your PC becoming infected where you have shut down and forgotten to remove a floppy disk - next time you power up, your PC would normally have a go at booting up from that floppy disk, but with the BIOS settings altered as described then your PC would ignore the floppy disk.

Payload

The Payload is the part the wrecks your system. It is usually triggered some time in the future - after all, the virus wants plenty of time to spread before you realise that you have been infected with it. Ideally, it would like to be around long enough to ensure that all of your backup files - assuming you make backup files - are also infected, meaning you cannot recover by relying on your backup files.

Something usually triggers off the payload. It often is a particular date or anniversary. The payload then does the damage; it may destroy your system completely, it may send prank messages to people, it may delete all of your documents but leave your system intact. It all depends on how vicious the designer was.

Hopefully this advice will help increase awareness of what viruses are and how to protect yourself from them.

There is nothing that would make you 100% safe other than being totally insular: don't use the internet or email, don't accept disks from anyone at all, buy little software and only from big name manufacturers where the product arrives shrink wrapped and sealed.

Obviously, I as the author, have to say that I cannot accept any responsibility or liability from any harm or damage that may come about from following the advice given here. It is given freely with the best intentions.

horizontal rule

Back to Site Map