Virus

There has been a considerable amount of discussion recently about the rash of e-mail viruses that have been flying around the Internet. While everyone agrees that viruses that spread via e-mail (also known as computer worms) are a “Bad Thing,” the solution to this problem seems to have escaped many people. The solve for this one is really very simple: Self Control. This document contains simple instructions on how to stop e-mail viruses and computer worms cold.

  1. Beware ALL email attachments. An attachment is a part of an email that’s not the text. Attachments can be anything; a picture, a word processing document, a program, a video file, or anything that’s not just text. Depending on your email program the attachment can show up in different ways but it’s usually an icon somewhere on the email. In most email programs, look for a paperclip icon.
  2. Don’t depend on virus scanners to kill email viruses. Many of the viruses that get disseminated through email do so before the people who maintain the scanner programs can update the program to detect the virus. It’s a pretty good bet that you have not updated your virus definition file in a while either. Virus scanners offer very little protection against computer worms and email viruses.
  3. Look at the attachment name. The first part of the name is unimportant. It’s the LAST part after the last dot “.” that tells you what kind of file it is. This is called the file’s extension. Some people have their computers set to not show extensions for certain files. Windows users should make sure that this option is turned off. The easiest way is to double click on “My Computer” and look in the “View” menu for “Folder Options”. If it’s not there, look under the “Tools” menu. Once that is opened, look for the “View” tab – in there is a series of checkboxes. Make sure that “Hide File Extensions for Known File Types” is unchecked.

Here’s a basic rundown on file types and what danger level they pose to your system. Be careful of filenames that have more than one dot in it: GreatPic.jpg.vbs is a VBS file and is very dangerous.

“The Safe Ones” are files that the people who write viruses have not yet found a way to damage your system with. As I write this (July 2005) these files are safe to click on and open with no chance containing email viruses or computer worms, or of causing damage to your system.

“Caution” are ones that are not generally used to transmit a email virus. These SHOULD be safe but care should be taken if you are not expecting to receive this file. If in doubt don’t open it.

“No way, No How” This is the easy one, folks: Don’t open these. Delete the email and empty your “Deleted Email” folder. Even if you trust the person that sent it to you, don’t open them. If the Pope sends you an email with one of these, don’t open it. Even if the email says that this is the cutest/funniest/sexiest/weirdest/whateverest that ever was, don’t open it. If you open it you are exposing your system to extreme danger. THESE are the files that virus writers use to propagate email viruses through the Internet. If you ignore this warning and you open the file you only have yourself to blame. Don’t blame the nasty virus writer; don’t blame the person that sent you the computer worm, don’t blame Bill Gates (or Steve Jobs, take your pick) – blame yourself. YOU are the one that opened it and you are the one that made your (and possibly everyone else’s) system go bad. If everyone stopped opening these, email viruses would stop cold. The reason that the Swen virus and ‘its variants did all the damage that they have done is that people opened these kind of files. Read this, print it out, check the list and you’re well armed against email viruses.

By the way, it doesn’t matter who sent you this file – treat everything with caution. Some of the more recent viruses have been transmitted without the person that sent it ever knowing. The virus looked at the address book of the infected person and automatically sent itself to everyone on the list. The person who got infected with the virus never even knew it was doing it. Because of this, you cannot trust a file because you know who it came from. Some even more recent viruses will disguise who they come from so you can’t tell the person that sent you the virus that they have a virus. If you aren’t expecting it or you don’t know what the content of the attachment is before opening it, don’t open it.

If an extension is NOT on the list – treat it as unsafe. I’ve tried to be as complete as possible with the common files that get transmitted but I have not covered everything. Be safe and don’t open anything that you don’t know.

Recently, programs like Outlook Express and Outlook have gone a long way to make it difficult to open the “No Way, No How” ones. However, that doesn’t mean that everything else is safe by default. The rules below still apply.

THE SAFE ONES
Extension File Type Notes
.ai Picture File (Adobe Illustrator)
.art Picture File
.avi Video File (Audio Video Interleave)
.bmp Picture File (Windows Bitmap)
.cgm Picture File
.dxf Autocad Drawing File (Generic)
.dwg Autocad Drawing File
.eps Picture File (Encapsulated PostScript)
.eml Email (another email message as an attachment – careful as there may be a virus in the subsequent email)
.gif Picture File (Graphics Interchange Format. Pronounced “JIF” – like the peanut butter. Think “Gin”)
.jpe Picture File (JPEG)
.jpg Picture File (sometimes .jpeg)
.mid MIDI Music File
.midi MIDI Music File
.me Text File (Usually the end of a Read.Me file)
.mov Video File (Apple Quicktime Movie)
.mp2 Sound File (MPEG 2 Audio)
.mp3 Sound File (MPEG 3 Audio)
.mpg Video File (sometimes .mpeg)
.pcx Picture File (PC Paintbrush)
.pdf Adobe Acrobat file  (portable document format file)
.rar Compressed file * special case – see below
.rle Picture File (Run Length Encoded)
.rm Sound/Video file (RealAudio – sometimes .ram)
.rtf RichText Format Formatted text document somewhat like a Word document
.sea Compressed file(s) * special case – see below
.sit Compressed file(s) * special case – see below
.tif Picture File (sometimes .tiff)
.ttf Font File
.txt Plaintext file
.uue Compressed file(s) * special case – see below
.wav Sound File
.wma Sound file (Windowsmedia Audio)
.wri Text File (Windows Write)
.zip Compressed file(s) * special case – see below
CAUTION
Extension File Type Notes
.asp Web Page File (can sometimes carry harmful information)
.doc Microsoft Word Document (not damaging in itself but can carry a macro [script] that can do damage
.htm Web Page File (can sometimes carry harmful information)
.html Web Page File (can sometimes carry harmful information)
.lnk Internal link to another file (Could point to a damaging program)
.url Web Page Link (Could point to a damaging web page [very rare])
.wk1 Lotus 1-2-3 (Could carry harmful macro – also .wk3 .wk4)
.wks Lotus 1-2-3 (Could carry harmful macro)
.xls Microsoft Excel Spreadsheet (See .doc)
NO WAY, NO HOW (Really!!!)
Extension File Type Notes
.pif Program (Currently popular for the SirCam and many other viruses)
.exe Program File (One of the most popular)
.com Program File
.vbs Visual Basic Script (Recently very popular – also .vb)
.bat Batch File (Rare)
.bin Mac Program
.dot Document Template (Could set up a macro in Word that does damage)
.reg Registry File (Could modify important system settings)
.js JavaScript (Script could contain damaging items – also .jse)
.scr Screen Saver (Could be a program in disguise)
.xlm Excel Macro (Could contain damaging instructions)
.wmz Skin (Windows media skin. Has been used for virus distribution)
.hta HTML Application (Kind of a program that runs on a web page)
.ocx ActiveX Control (Rare)
.wsf Script (Also Rare)
.wmf Picture file (Recent addition – first picture format to be able to carry a virus)Â

*Information on ZIP files (and other compressed files). Zips are a brilliant invention. A zip file contains one or more files that have been compressed to save transmission time and space. ZIP files are completely safe to your system. HOWEVER, the files contained within the zip files may not be safe. The rules that go for email attachments can also be said about the files inside a zip file. Again, be very cautious.

I hope that information helps prevent you opening a file that can be dangerous to your system.

This warning applies to attachments to emails only. If you are poking around on your hard drive and you see files that have these extensions, leave them alone. They are meant to be there. Deleting files from your hard drive of the types that are in the “No Way, No How” section may cause your computer to stop working. Again, this is for EMAIL ATTACHMENTS ONLY…

If you suspect you may have an email virus or computer worm on your system and would like it removed, please contact the professionals at www.yourtechonline.com