Virus making the rounds
Jamie (Tue, 27 Jan 2004 22:22:26 PST)
At 09:49 AM 1/27/2004 -0800, you wrote:
Please everyone get virus protection and never open attachments that you
have any questions about. Beware of any emails you receive that have
attachments with these extensions:
.bat, .cmd, .pif, .exe, .scr, .zip
Dear all,
My resident better half and technical expert has provided a few comments
regarding attachments.
Due to recent 'improvements' in the Windows operating systems, it is now
possible for filenames to have 256 characters. Also, many previously
'illegal' filename characters are now allowed, and Windows operating
systems default to a setting which makes file extensions invisible to the
user. Because of these factors, it is no longer safe to classify email
attachments by filename, because there are many ways to 'spoof' a harmless
looking file extension.
For example, we received an attachment today consisting of a normal Zip
file archive, containing a file named;
readme.txt
.scr
This malicious screensaver file (identified by the true extension '.scr'
seen far to the right) will show up simply as readme.txt in the Windows
Explorer and most other dialog boxes in the Windows system, unless the user
is extremely observant. This is an example of a very simple, low-level name
spoof -- there are schemes in circulation which are much more sophisticated.
Unless you have requested something and the email is in response to that
or you have downloaded something you wanted from the Internet it seems
wise never to open any attachment with these extensions just as a
precaution. And remove the message and the attachment from your computer
without opening it. We have also written code so files with these
attachments cannot be uploaded to the wiki.
Since most new viruses and worms will harvest email addresses from the
victim's email address book, or the victim's stored email, it is likely
that you will receive harmful attachments from (apparent) 'friendlies'.
Anti-virus programs are not an effective panacea, since, on the average, it
takes at least two weeks for anti-virus software writers to incorporate
filters for a new virus into their software. The screensaver I received
today checks out as 'safe' with all of our current anti-virus programs,
however, there is no doubt in my mind that it is some sort of malicious
software, and it will be correctly identified as such in the next software
update.
If you absolutely must test a suspicious attachment, there is one safe way
to open and check them. Right-click on the attachment link and save the
file to the hard drive. Open the Windows explorer, navigate to the folder
with the attachment, and right-click on the filename. A menu will appear.
If one of the menu choices is 'Open with', select that option, and you will
be presented with a short list of applications that your system normally
uses to open that type of file. Choose the application which is appropriate
for the type of file it appears to be. For instance, if the file is
masquerading as an image file, (.gif or .jpg), select your image viewer or
editor to open the file. Using this technique, the questionable file will
always be treated as data, and opened WITHIN an application, but not
executed on your system. If the file is bogus, the chosen application will
generate some sort of error, but the file will not be able to run, or
damage your system.
If, after right-clicking on the filename, you do NOT see "Open with", but
only see choices like 'Open', 'Run', 'Test', 'Configure' or 'Install', it
is some sort of executable file and you should probably delete it.
Best regards,
Jamie