Email - Security and Viruses

Email is the way most people get their computers infected with viruses. In this section we will discuss how to recognize threats to your computer, what to do about them, and how to keep your computer clean.

What is a virus?

A virus is a program you don't want, that someone else installs on your computer without your permission. Viruses usually have the ability to pass from one infected computer to another.

A virus is usually part of some evil person's marketing campaign.

The most common viruses hijack your computer to make it a robot mail server. When your computer is infested, they use the virus to take over your computer to use to bomb other people with spam. This annoys them and causes your computer to work very badly. Computers infested with this kidn of virus become almost unusable.

There are also other viruses that allow people to harness your computer as part of a network of servers used in "Denial of Service" attacks. Or it may just be a self replicating virus with no other purpose except to attack other computers and attempt to attack them too.

Regardless of what the purpose of a virus, it will usually incapacitate your computer. Viruses are really bad, and the people who write them belong in jail. Contrary to the charming people portrayed in movies, I don't think "hacking" with viruses is cute, or charming, or defensible, or clever. It's a violation of my privacy, it's theft of the use of my computer, and is is expensive and harmful vandalism.

What to do about viruses?

Unfortunately, the situation is largely out of hand, and you pretty much have to protect yourself.

Most of the time people viruses in email, so that's where you should be on the defense.

Most viruses are on windows computers. The following discussion is mostly academic as far as Apple computers. I've never seen an Apple virus.

Why is this? It's because Windows has a large number of virus friendly features, that allow programs to embed themself in the system and not be detected. Windows has tens of thousands of files, and nobody knows what most of them are. Windows programs use "dlls" which are little pieces of programs, and lots of windows programs have poorly regulated scripting features. Anything that can be scripted can potentially be used to create a virus. All of the features were originally created with good intentions, with the desire to create fun and friendly features for Windows that users would enjoy.

But the cost is way too high. And Windows has such a large installed base, they're reluctant to rethink the whole security thing, and instead respond with a buch of "patches" every time a virus is found, instead of designing their software from the ground up to be virus free.

Well, that's my rant on viruses, but suppose you have a Windows computer, and you want to keep it virus free. What should you do?

On Windows computers, viruses are usually some kind of program, such as an EXE file, a COM file, a PIF file, or a ZIP file containing one or more of the above. Usually the virus will install itself in the background on your computer, and then start doing one of the following annoying things:

• Start using your computer as a spam host, sending billions of spams to everyone on the planet. Everyone will think you are responsible and the real spammer is safe. This is a truly evil thing to do and it is very common.
• The hacker may be using your computer to participate in games or chat groups, and cheating.
• The hacker may be using your computer for "denial of service" attacks by bombing other computers on the net with garbage data until they crash.
• The hacker may use your computer as a launch pad for attacks against other computers. By attacking from your computer, if he gets caught, you get blamed. Not good.

How can I spot infected Email?

A virus will come as an attachment. All emails with attachments should be viewed with suspicion, and if the source cannot be confirmed, they should be immediately and permanently destroyed.

Here's an example of an email that is attempting to infect me with a virus:

Note at the bottom that there is a file called "transcript.pif". This is a virus. You're safe in reading this page because what you are looking at is a picture of the email, and there is no virus. But if you were looking at the real email, and clicked on that file, you'd get infected.

I'm safe, for several reasons. First, I didn't click on the file. Second, I am reading my email on webmail, so the file is not on my computer, it's on the server, where it can do no damage unless I download it, and I'm not going to. Third, I'm on a Mac, and most of these viruses are targeted at Windows. That does not mean Macs cannot be hacked, they can. But statistically virtually all viruses are for Windows.

Email Danger Checklist

How to recognize an email that may contain a security threat or virus

• Do you know the person who sent the email?
  99% of the email that comes from people I don't know are either spam or viruses.
• Does the return address of the sender match the subject of the email?
  For example, if the email claims to be about Bank of America, is the return address at Bank of America? If not, problem.
• Does the email contain mislabeled web links?
  Hold your mouse over the links and see whre they go. If the links are suspicious, watch out.
• Does the email address you by name?
  Most of the time legitimate emails from your bank or other business assocaites will know your name. If not, it's usually a virus or phishing of some kind.
• Does the email contain links to wrong websites?
  If you see bogus or misleading web links like http://bogusvirus.com/bankofamerica.com then
• Does the email contain an attachment?
  This is always a red flag. I don't want people I don't know sending me things that are security risks, and ANY file that you get sent is a security risk. If you see an attachement, this is a red flag and you should start worrying.
• Is the attachement some kind of program?
  (exe, com, pif) or a zip file containing one of these things? If I get any kind of attachment in the mail, and I don't know who sent it, I throw it away because it's almost certainly a virus.
• Does the email advertise a scam?
  Bogus advertising does not mean that an email also contians a virus, but it might.
• Does the email advertise virus checkers
  Virus checkers are generall obsolete and email about them usually contain viruses. If you need a virus checker goto micosoft.com but the program provided in an email is probably a virus. They're just trying to fool you into installing the virus. If you are on a Mac, you don't need virus checker software.
• Does the email promise that it is not a virus?
  Uh oh. These are usually viruses.
• Does the email demand your username and password?
  Most of the time this means that you have someone trying to steal your information. Quite often you will see emails that say there is a problem with your email account which then ask you to provide them your username and password. Wait a minute, if they were your email provider they would already know your username and password. Do not give out your password.

Does the email make no sense? For example, the email above claims to be from the "brandx.net technical support team" but there is no such thing. I myself do the technical support for BrandX.net and I didn't send this email. And it's written to "sales" which is not a place "Support Team" would be writing. Also, the person who wrote this is not a native English speaker and is unfamiliar with English grammar and capitalization rules.

What can you do to avoid Email Viruses?

• Don't download any attachments at all, ever, unless you have contacted the person who sent it and confirmed that it is legit. Do not download and install attachments unless you are sure, even if it seems ok. Just don't do it.
• When in doubt, don't download an attachment if it's from someone you know. A virus can infect someone's email and then spread itself by mailing itself to you as an attachement with your friend's name on it. This is really, really common. Your friend may be real, but they may have been hacked or infected, and the virus may have hijacked their address book. It happens all the time. Call your friend and ask. Did you send me a file? If not, then you are looking at a virus.
• Don't download a virus "just to see what it is". You are not safe. A little curiosity can cause you days of misery and work fixing a hacked and infected computer. When in doubt, until you know otherwise, assume that every attached file is a virus.
• Webmail is in general safer because the email is kept one step away from you. When you read webmail, it's still on the server, and is never downloaded to your computer. A file that is on a server is not on your compute. You are in less risk. As long as you leave the attachment on the server, all should be fine.
• If you use Outloook or another email program that downloads email onto your computer, and you see a possible virus, delete it, and empty the trash. Do not leave any chance that the file may accidentally get downloaded.
• Even files that seem safe, may be mislabeled. Just because something pretends to be a picture, doesn't mean it's safe. Any file can be a virus.

Avoiding Viruses In Downloaded Files

The same general rules apply to files that you download off the internet.

• Resist the temptation to install lots of program on your computer. You probably don't need them.
• Do not install special "video codecs" or helper programs that you don't need. There are only a few types of video and you should not need strange and unusual programs to watch them. If something says it's going to help you watch videos, it's probably a virus.
• Do not install virus fighting programs from places you have never heard of. One of the most popular Mac viruses is a program called "Mac Cleaner". It says it fights viruses, but it is a virus.
• If you download something to look at, such as a video or a picture, and it asks you to install something, there is a problem. You should not be installing things you didn't ask for. It's ok to install Adobe Photoshop from original disks. It's OK to install Micosoft word. But if a downloaded file starts asking you to press buttons or install something, you are probably installing a virus.
• If you download software, make sure you are getting it from the right source. Download.com is one good source. Or go to Wikipedia, look up the program, find the original source, and download it from there.
• Illegal softare often contains viruses. Use at your own risk.

Summary

In general I keep my Windows computer virus free by doing the following things:

• I keep up to date on all my Windows updates. I have it set on automatic.
• I very seldom install any software, other than the things I use every day, such as Photoshop and Firefox. If I have too many programs my computers slows down, and each one has a risk of virus infestation. Better to just keep things simple.
• I assume that all attached files on email are viruses, unless proven otherwise. If someone sends me something, I make sure it's legitimate before I download it. I am very careful about this.
• I don't download random programs from the internet. Most of them are junk anyway. The risk is larger than the benefit.
• I do regular backups to my computer, so that I can restore if my computer gets infected.

Remember, most viruses require some help from you to get themselves installed. If you don't install them, then they can't work. No virus checker will be as effective as just using some common sense. Don't download anything, don't install anything, and you can avoid 99% of all viruses.

Some Sample Emails

I've collected a few emails for you to look at and see if you can tell which are legitimate and which are fraudulent.

Excercise - Sample Emails