Roger Rosenblum
In November 1988, the first "Internet worm" spread across the net like wildfire (see A Tour of the Worm [http://www.mmt.bme.hu/~kiss/docs/opsys/worm.html] for more information). In March 1999, we saw the dawn of the first known email virus and worm, Melissa, which also spread across the net so quickly that it forced several large companies to shut down their email servers to stop the proliferation. Melissa spread by sending copies of itself to the first 50 addressees in a user's email address book (if they used Outlook -- not Outlook Express -- as their email client program). The Zipped.Files virus (also known as Explore.Zip or Worm.Explore.Zip) came along a couple of months later and spread similarly. All a recipient of the infected attachment had to do was click on the attachment to get infected and spread the virus on to the next 50 or so users. A very large number of people contracted these infections in a very short period of time. "We're at a turning point in the history of viruses," said Steve R. White, head of anti-virus research at IBM's Thomas J. Watson Research Center (quoted in the Los Angeles Times, October 4, 1999). "They have automated the process of spreading so that it doesn't depend on you or me anymore. Now all the old methods of dealing with viruses just won't work."
Today, by far the largest percentage of computer virus infections appear to be by macro viruses. See Virus Bulletin's Index of available VB Prevalence Tables (http://www.virusbtn.com/Prevalence/).
Today, we need to consider the consequences of clicking on attachments we receive before automatically opening them. Here are some things to consider before clicking on the attachment: Who sent it? And for what possible reason? Should you contact the person who sent it to you and find out exactly what it is before opening it? If you are unsure about the attachment you received, contact your system administrator before opening it, or just delete the message and contact the sender directly to verify the message was authentic.
Consider the message that is associated with the attachment. Words and phrases like "urgent", "important", and "for your eyes only" are clearly inducements to get you to open the attachment. Is it really necessary to open the attachment? Is it important enough that you're willing to infect yourself and others if it is a virus?
Do you need to send an attachment? Are there other means you could use to make the information available to the recipient? For example, could you post it on a web page and let others download it for themselves? Avoid sending messages with attachments that contain executable code (programs), like Microsoft Word documents with macros.
You can view any macros contained in a Word document and delete them before you send the document. Go to Tools > Macro > Macros > Organizer. This will list any macros in the document, and there is a delete key to remove macros from the document.
You can propagate macro viruses even if those particular viruses don't infect the type of computer you use (e.g., an Apple Macintosh may not be susceptible to all the same macro infections as a PC).
There are other ways to protect yourself from macro viruses in Word, such as disabling auto macros. See the Free Macro AntiVirus Techniques paper (http://depot.berkeley.edu/Software/Anti-Virus/free_en.html) that discusses various ways you can help protect yourself from macro viruses with Word.
It is important to use good anti-virus software and update it frequently. Anti-virus software can only reliably detect viruses, Trojan horses, etc., that it already knows about. When a new virus is discovered, anti-virus vendors will add detection for that virus. Only after you've updated your anti-virus software will your software detect that new virus. Scan any attachments you receive with your updated anti-virus software.
You can get campus site-licensed anti-virus software from Workstation Support Services' Software Topics web page (http://wss.berkeley.edu/topical/software.html).
Software vendors will supply updates whenever security holes are found in their software. Be sure that you or your system support staff keep current on such updates. You can view security bulletins or sign up for email security alerts for Microsoft, Eudora, and Netscape products at their Security Advisor Program (http://www.microsoft.com/security/), Email Security Advisor (http://eudora.qualcomm.com/security.html), and Security Center (http://home.netscape.com/security/) pages, respectively.
There is also a class of email called the Internet hoax. Someone sends email to another person or persons claiming that there is a new virus spreading via email and that you should notify 20,000 of your closest friends via email about this. Educate yourself and always verify reports like this before you decide to cause mass hysteria. Check with an authoritative source if you are unsure about the email's authenticity. Check the Computer Incident Advisory Capability (CIAC) Internet Hoaxes web page (http://ciac.llnl.gov/ciac/CIACHoaxes.html).
Other useful web pages containing similar information include Information Systems and Technology's Computer Hoaxes page (http://socrates.berkeley.edu:7015/hoaxes.html) and the Computer Virus Myths page (http://kumite.com/myths/).
The Internet is like any other social stew of people, places, and things, and the problem of viruses is not likely to go away. We need to consider the consequences of our actions, as we do when locking our doors or driving in traffic.
[ Next Article | Contents | Search BC&C | BC&C Main Menu | IST | UC Berkeley ]
Berkeley Computing & Communications,
Volume 9, Number 5 (November-December 1999)
Copyright 1999, The Regents of the University of California