Computer viruses: a cautionary tale

Computer viruses: a cautionary tale
by Graham Davies

This page is an introduction to the essential security measures you need to take in order to protect your computer against viruses and other intrusions. If you work in a business or an educational institution, computer security is normally taken care of by specialists in an ICT services unit, but if you use your own computer system then you need to undertake essential security measures yourself. The information on this page is based on my personal experiences.

Anti-virus software

It is all too easy to get blasé about computer viruses and other nasties, e.g. trojans and worms, that seek to invade your computer. Many computer users think that stories of viruses devastating computer systems worldwide are no more than publicity stunts created by companies that produce anti-virus programs. But we have seen computer viruses wreak havoc on a massive scale, causing millions of pounds worth of damage to businesses, bringing airlines' booking systems to a halt, and locking up hospitals' record systems. Anti-virus software is therefore an essential component of your computer system. I use Grisoft's AVG anti-virus software on my home network.

I receive dozens of viruses every day. Most of them used to arrive on floppy disks sent to my business by schools and universities. Now the majority arrive in email attachments from people who can't be bothered to keep their anti-virus software up to date.

Two pieces of important advice:

* First, check for updates to your anti-virus software as soon as you connect to the Internet. My virus definition files were less than seven days old when my computer was contaminated by the Funlove virus in October 2000 - the only serious contamination that I have ever experienced. Now I always run my anti-virus software in auto-protect/auto-update mode, and I manually check for updates to my anti-virus software every day as soon as I connect to the Internet.
* Second, make regular backups of everything important that you create so that you can retrieve valuable files if you have the misfortune to be hit by a virus.

Hoax viruses

I receive frequent warnings by email about non-existent viruses, known as hoax viruses, which - it is claimed - can be sent to you in messages headed by an exhortation such as "Join the Crew!", "Win a Holiday!" or "Let's watch TV". The following advice is given by CIAC (Computer Incident Advisory Capability) if you receive a virus warning that you suspect is a hoax:

See if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus.

Websites maintained by commercial virus protection companies contain lists of genuine and hoax viruses: see Useful links.

Hoaxers have two main motives:

1. to create unnecessary anxiety about viruses,
2. to get you to delete important files from your system - in effect a do-it-yourself virus!

Attachments

Attachments to email messages can be deadly. I once received a copy of a virus via an email attachment sent to me by an old friend. I knew the email was suspect, as it referred to an attachment containing a sample of rock music in an MP3 file - definitely not my friend's style - so I zapped it before downloading it.

I reject all attachments that arrive without a clear indication of their origin and contents.Whenever I send an attachment to someone I prefix it with a separate plain text message, e.g.

Hi, Joe

I am sending you an attachment called REPORT 01. It’s an RTF file containing a report on our meeting last week. Let me know if the attachment arrives safely.

Regards
Graham

I expect other people to do the same.

I am completely ruthless when I see an unidentified attachment to an email in my mailbox. I read all my mail offline and zap all suspicious-looking emails - even those from friends and colleagues.
Holes in Windows

Some years ago a new strain of virus appeared: the Web virus. Web viruses can initiate an attack while you are just browsing the Web. Web viruses can bypass anti-virus software by slipping in through “holes” in the Microsoft Windows operating system.

Over a period of two weeks in October 2000 I contracted four viruses just by browsing the Web, but only one did serious damage: Funlove. Several computer specialists I spoke to said this was impossible to contract a virus by browsing the Web, but I was adamant that this is how the viruses got into my system. Finally, a colleague drew my attention to a message displayed at the SANS computer security website.

Email viruses are now spreading without the user opening any attachment. Personal computers running Internet Explorer (IE) version 5.0 and/or Microsoft Office 2000 are vulnerable to virus attacks using most HTML-enabled email systems, even if the email recipient opens no attachments. You don't even have to use IE; just have it installed with the default security settings. If you have not closed the hole, you can receive viruses (and spread them) by viewing or previewing malicious email without opening any attachment, or by visiting a malicious website.

It is therefore important to patch all holes in the Microsoft Windows operating system:

* Check the Microsoft website for regular updates of Windows that include patches for holes: http://www.windowsupdate.com
* Check the Microsoft website for information about security threats: http://www.microsoft.com/security/

Whatever you do, don't install a patch that comes from an unknown source. I have been sent so-called patches in email attachments that actually contained viruses!

Firewall software

You are always vulnerable to hackers connecting to your computer while you are online, and some websites contain invisible scripts that can do untold damage to your computer. I am connected to the Internet most of the day via my ADSL phone line. I have therefore installed the ZoneAlarm firewall on my computer to keep out potential hackers and other unwanted intrusions. The basic version of ZoneAlarm is free, but the professional version, ZoneAlarm Pro, gives you greater security at a reasonable price. ZoneAlarm Pro warns you if it sees information going out of your computer by any route other than those that you have designated as "legal", e.g. your email system or your browser. It also warns you if someone is trying to hack in. At least half a dozen attempts are made every half hour to hack into my computer while I am connected to the Internet. Most of these attempts are harmless, e.g. Microsoft checking to see if I require updates to Windows, music sites trying to find out my tastes in music, etc., but I have noticed several malicious attempts to hack into my computer.

Everyone is vulnerable while they are online. If you think your system is secure from intruders then you can run a series of tests at the Gibson Research Corporation (GRC) site in the ShieldsUP! section. GRC will try to hack into your computer and report if they succeed: http://www.grc.com. My system passed with flying colours! There is a wealth of useful information on network security at the GRC site.
Spam, adware and spyware

Spam, adware and spyware are a growing nuisance.

Spam

Spam is the term for unsolicited email advertisements, the Internet equivalent of junk mail. A spammer can email an advertisement to millions of email addresses, newsgroups, and discussion lists at very little cost in terms of money or time. The term spam comes from a sketch in the Monty Python's Flying Circus TV series. A useful email filter that pre-processes emails for you and enables you to bounce back and delete spams from your mailbox before they hit your computer is MailWasher. The basic version of MailWasher is free, but I prefer the MailWasher Pro version, which is available at a modest cost and has additional security features. MailWasher Pro spots incoming viruses as well as spam.

Rule No. 1: Don't display your email address at your website and don't display anyone else's email address at your website. This is because there are programs (often referred to as robots or simply bots) that search the Web and harvest email addresses that can be used by spammers. Such robots may hunt for email addresses beginning with a common name, e.g. "robert", "ann" or "sue", or for a business address ending in ".co.uk" or ".com". These are then stored in mass mailing lists and sold to spammers who bombard the recipients with endless junk emails. See the WillMaster article Spam-proofing your website on different ways of hiding or disguising your email address to avoid it being harvested by spammers:
http://www.willmaster.com/library/web-development/spam-proofing_your_web_site.php

Some sites require you to enter your email address in order to buy goods or services or to "register" for their services. You can, however, fool the spammers by entering a death-dated or tracker address that is not your real address: see http://www.sneakemail.com

If you find that an email that you send out for a legitimate reason is blocked or if you suddenly begin receiving lots of strange bounced emails, then it may be due to the fact that you have been identified as a sender of spam emails as a result of the actions of spammers who use your ISP or even your personal email address as the sender's address. Millions of spam emails are sent out by spammers who use popular ISPs such as AOL CompuServe, Hotmail and Yahoo, and then legitimate users suffer for their inconsiderate actions. For further comprehensive information on this topic, see the Spamhaus and SpamCop websites. Both sites maintain a database of known spammers and offer spam blocking services.

Hijack risks

In July 2004 my business, Camsoft, had to take the unprecedented step of shutting down all our email addresses. This is because the addresses had been hijacked by purveyors of spam. We had been suffering from the effects of viruses and spam for several years but, thanks to the efficient mail filtering system that we use, these intrusions were no more than an annoyance. On 15 July 2004, however, we suddenly began to receive hundreds of bounced "undeliverable mail" messages per day and lots of irate emails emails of the "how dare you send me spam" variety. It is evident that our email addresses had been spoofed as senders' addresses by a number of different spam companies and we were perceived as the guilty party. We therefore no longer display our email address at our website. We use a contact form for people who wish to email us: see our Homepage. Let us hope that the politicians who have put in place completely ineffective legislation to combat spammers and hijackers will eventually realise that their soft-touch approach is wrecking e-commerce. It is small comfort to know that we are not alone: see "The Death of Email" by John Dvorak (24 May 2004) at:
http://www.pcmag.com/article2/0,1759,1599324,00.asp

Adware

Adware is software that has secretly been installed on your computer by a remote site. Many free programs (freeware and shareware) and plug-ins that you download from the Web install hidden software that sends details of the websites you visit and other information from your computer (which can include your email address) to advertisers so they can target you with pop-up ads and spam. See Ad-Aware, a useful program tthat keeps adware out of your computer.

Spyware

Spyware is similar to adware - it may be used synonymously - but it implies more sinister motives on the part of the person who has dumped it onto your computer, e.g. stealing private information such as bank account numbers, credit card numbers, passwords, etc.

Cookies

Cookies may be dumped onto your computer when you visit a website. A cookie is a piece of information that may be stored on a user's computer by a Web browser when the user visits a website for the first time. Websites use cookies to recognise users who have previously visited them. The next time that the user visits that site, the information in the cookie is sent back to the site so that the site can tailor what it presents to the user. Cookies may be used for innocent purposes, e.g. recording your preferences at an online shopping site, but they can also be used in more insidious ways.

Cleaning up your computer

Adware, spyware and cookies are also known as tracking software. You should clean up your computer to remove tracking software stored on your computer, especially after downloading and installing freeware, shareware or plug-ins from the Web. SpyBot Search and Destroy or Spy Sweeper will do a good clean-up job. When I first used SpyBot S&D it found no less than 14 tracking programs on my hard disk, dating back around three years! Spy Sweeper found one tracking program that SpyBot S&D missed. Most of these packages were probably ineffective, however, because I had set my firewall to a high level of security to block intrusions, and I am alerted each time a new program attempts to send information out from my computer.

Removing Web clutter

Finally, it is a good idea to get rid of Web clutter at regular intervals. Not only does it take up space on your hard disk, but it may contain harmful code. A useful piece of software is Window Washer, which enables you to remove caches, cookies and other clutter at regular intervals.