|
BOOT CAMP 128
VIRUS ATTACK!
Conspiracy theorists have been having a field day with the
latest outbreak of email viruses. Everyone from anti-virus software
manufacturers drumming up business to the FBI and dark forces within the music
industry has been blamed for spreading them. But wherever they come from the
bottom line is that your PC is under attack, and Mac, Linux and even palmtop PC
users needn’t look so smug, there are plenty of little nasties on the loose out
to get you too!
Nevertheless, up to now the main target has been Windows 95
and 98 PC owners and in particular those using Outlook and Outlook Express
email clients. In adding extra functionality to these programs Microsoft has
inadvertently created a number of security loopholes that virus writers have
been quick to exploit.
Providing you take sensible precautions the chances of being
infected are relatively small; this week we’ll be looking at some simple
commonsense measures you can take to protect your PC and the data stored on it.
Most viruses have clearly identifiable behaviour patterns or ‘signatures’ that
anti-virus software can be programmed to recognise. If you haven’t got a virus
‘scanner’ on your PC you are just asking for trouble get one now, and make sure
you regularly back up all non-replaceable data. The effectiveness of anti-virus
programs depends entirely on how often you update the software. It’s no good
hoping that the freebie anti-virus software that was loaded on your machine
when you brought it will protect you; it was out of date long before you got
the computer home!
An estimated 300 new viruses are created each week and as
recent events have shown they can spread like wildfire. The ‘ILOVEYOU’ virus
infected several million PCs and systems around the world in a matter of hours;
anti-virus software companies respond quickly but it can still take them
several days to come up with counter measures and make them available to users.
The damage caused by viruses varies enormously and the good
news is that most are relatively harmless or benign. If you receive a lot of
email you may have one or two infecting your machine without you knowing it,
even if you follow the very sensible advice about not opening unsolicited email
attachments. E-mail viruses, or ‘worms’ can get into your machine just by
opening a message and this can be a very serious problem if you are using an
older version of Outlook Express 4 and 5 and haven’t downloaded the
self-installing security patch which can be found at:
http://www.microsoft.com/technet/security/
bulletin/ms99-032.asp
click the following link
to start the download:
ftp://ftp.microsoft.com/peropsys/IE/IE-Public/
Fixes/usa/Eyedog-fix/x86/q240308.exe
This will protect you
against the many variations of the ‘BubbleBoy’ Java Script worm, which was
released last year and continues to proliferate under a variety of different
names. Fortunately it rarely damages files but it is self-proliferating and
will attach itself to emails sent by you to others. One of the most virulent
strains is known as ‘Kak’. If your PC or email program has been behaving oddly
recently, unusual ‘Driver memory’ and Registry error’ messages have been
appearing on the screen, you’ve lost the ability print emails from within
Outlook Express or the PC switches itself off for no apparent reason, then Kak
or one of its cousins is a prime suspect. There are also suggestions there’s a
version that affects Netscape Messenger though we have yet to see any hard
evidence of this.
If you think you have
been infected don’t despair, it’s fairly easy to remove the files from your
machine, you’ll find full instructions and more details about the worm on the
following web sites:
http://www.datafellows.com/v-descs/kak.htm
http://vil.mcafee.com/dispVirus.asp?virus_k=10509
http://www.symantec.com/avcenter/venc/data/
wscript.kakworm.html
The trouble is a worm
like Kak can be sent to you quite innocently inside an email from someone you
know and trust. Simply reading the message activates the worm and the first you
know about it is an error message or an on-screen prompt asking you if you want
to run an ‘ActiveX Script’, but by that time it’s too late. Once the patch is installed
you will see ActiveX warning messages if you receive an infected email; don’t
worry, it can no longer damage your machine, just make sure you alert then
sender.
The infamous ILOVEYOU
virus, also known as the ‘Love Bug’ and the ‘Killer from Manilla’ makes use of
another Windows feature called Visual Basic Script. Unlike BubbleBoy and Kak
this one gets into your PC via an email attachment with the extension *.vbs. It
can do nothing unless the attachment is opened, so NEVER open attachments
unless you are absolutely sure they are safe! If you are in any doubt delete it
and contact the sender.
News of the Love Bug
virus spread quickly and most PC users are on the alert for bogus messages of
affection, but within days of the original outbreak the code had been modified
and there are now dozens of variations, riding on the back of emails
attachments with plausible headers, like ‘Check this out’, ‘Very Important
Please Read’ and so on. It takes a great deal of self control not to open an
attachment with an innocuous or intruiging messages, especially if it has been
sent by a friend or colleague.
The latest anti-virus
updates should be able to identify and disinfect most strains of the Love Bug
but you can reduce your chances of being infected, or if it does, stop you
passing it on to others by disabling the Visual Basic Script feature in
Windows. It’s unlikely to cause any problems if you’re using a stand-alone
machine running standard office type applications. The procedure is very
simple, in Windows 98 open Control Panel (Start > Settings) double-click on
the Add/Remove Programs icon and select the Windows Setup tab. Double click on
Accessories and scroll down the list to Windows Scripting Host, deselect the
check box and click OK. In Windows 95 open My Computer, select got to the View
menu, select Options and the File Types tab. Scroll down the list to find
‘VBScript Script File’, click Remove and in the confirmation
dialogue box that appears select Yes. For
more information on current virus infestations have a look at:
http://www.symantec.com/avcenter/index.html
Next week – the art of envelope printing
JARGON FILTER
ACTIVEX
Powerful programming tools used to add multimedia components
and features to Internet web pages
JAVA
A versatile Internet programming language used in a wide
range of applications, including creating animation and web page forms
WORM
A type of virus, usually hidden inside another program,
designed to penetrate a computers operating system. Once activated it is
programmed to replicate and attach itself to other programs or emails
TOP TIP
If you’re too mean to buy anti-virus software, or you’ve
relied on luck until now , try a free on-line scanner from Trend Micros. It
only takes a few minutes, to download after which it will search through all of
the drives on your machine. If any infected files are discovered it will offer
to clean or delete them. You can re-run the check simply by adding the web page
to your list of favourites. We were amazed to discover one moderately well used
office PC contained no less than three Visual Basic Script virus files that
other virus scanners had overlooked. Give it a try!
http://housecall.antivirus.com/
|