What to look for
Most malevolent software won’t infect your machine unless you open an e-mail attachment. So virus distributors use various tricks, which experts call “social engineering,” to con you into clicking. A common way to draw you in is to have the e-mail come from a family member or friend.
These illustrations show other basic types of tricks that have been used by well-known viruses and worms. Antidotes were developed for all of them. If you receive messages like these, delete them and run a virus check before doing anything else with the computer.
THE INFECTED DOCUMENT
Here, the subject line includes the name of the sender, probably someone you know. The message itself tempts you to open the attached Microsoft Word document (“don’t show to anyone else”). The attachment is a legitimate Word file–but infected with a macro, an invisible, embedded program that runs when Word opens the document.
THE MISLEADING FILE NAME
If you aren’t familiar with the way Windows names files, you can easily mistake the attachment’s name, “LOVE-LETTER-FOR-YOU.TXT.vbs,” for that of a harmless text file. In fact, the file’s “vbs” suffix is the real one, which identifies it as a type of program known as a Windows script–a rudimentary computer program that an intruder writes to run on your Windows operating system. The suffix may be hidden entirely on your computer, thus appearing to be a type of file you’d willingly open, such as a JPEG image, MP3 music, or PDF document.
THE OFFER YOU CAN’T REFUSE
This example relies on a message so compelling–an offer to rid your computer of a virus–that it doesn’t need to disguise the fact that the attachment is a program. Unfortunately, the program is a worm that sends itself to e-mail addresses it finds on your computer.
THE FAKE WEB LINK
This example uses several tricks. The subject and message suggest that opening the attachment will take you to a web page containing party photos. The attachment’s name resembles a web address, but there’s no web site involved. This is actually a program that sends itself to your friends and colleagues. This particular intrusion was designed to tie up your e-mail; it could easily have been designed to destroy data.
Computer hygiene 101
Regular backups of important data, plus use of antivirus software and a firewall, are the most important ways to protect your computer’s contents. You can also make yourself less of a target by using applications that aren’t as widely adopted as Microsoft products–Eudora e-mail, say, or WordPerfect word processing. The following measures also help ensure that important information or programs on your computer won’t easily be damaged or stolen.
* Regularly update your operating system, web browser, and other key software, using the manufacturers’ update features or web downloads.
* With a DSL or cable connection, staying online increases exposure. When you aren’t using the computer, shut it off or unplug the cable or phone line.
* Don’t open an e-mail attachment, even from someone you know well, unless you know what it contains.
* To foil password-cracking software, make sure your passwords are at least eight characters long and include at least one numeral and a symbol, such as “#.” Avoid common words, and never disclose a password to anyone online. Avoid using the same password for, say, an online discussion group and a critical task, like online banking.
* Run programs such as America Online’s Instant Messenger only when needed. Be very careful with the file-transfer feature; a firewall won’t block files sent to you this way because they piggyback on the file-transfer application itself, so you’re creating an entree for a virus.
* Don’t forward any e-mail warning about a new virus. As many of our survey respondents learned, it may be a hoax or outdated. Check for hoaxes at www.vmyths.com. The four companies whose antivirus software we rated offer an e-mail virus-alert service.
IF YOU’VE BEEN ATTACKED BY A VIRUS
What to do first. Unplug the phone or cable jack from the computer. Before anything else, scan your whole computer using fully updated antivirus software. If you don’t have it, buy it and install it to try to eliminate the virus before you do anything else with your computer. On the other hand, if you choose to stay online, do a free scan via the web at http://security.norton.com.You can also download a free trial version of antivirus software at www.mcafee.com/eval.
What NOT to do. Don’t delete files, even infected ones. Viruses can infect files your computer needs, which can often be disinfected by antivirus software. Don’t reformat your hard drive or run your e-mail program until you have run an antivirus scan. If antivirus software doesn’t fix the problem, contact the antivirus manufacturer.
IF YOU’VE BEEN HACKED
What to do. Immediately disconnect the phone or cable jack from the computer. Run a complete virus scan on your computer to remove software such as a Trojan Horse, which hackers may have planted. A free trial version of a Trojan-cleaning utility is at www.moosoft.com.If you don’t already have a firewall, install one. Before reconnecting to the Internet, try to find out why your computer was vulnerable.
WHOM TO CALL FOR HELP
The intruder’s Internet provider. If your firewall provides the intruder’s numeric Internet (IP) address, look up his Internet provider (via Network Lookup at www.network-tools.com) and e-mail documentation of the incident–copied from your firewall’s “log file” to the provider’s “abuse” mailbox, for example firstname.lastname@example.org.
The authorities. Except in large cities, the chances are your local police won’t be able to help. A number of state police departments or attorneys general have a computer crime unit. You can also report serious incidents to the FBI (www1.ifccfbi.gov)or the Internet’s emergency response team, CERT (e-mail: email@example.com),but don’t expect much help.
What NOT to do. Don’t try to track down hackers or get even with them. You’ll merely disclose your presence and Internet address, inviting further intrusions.