E-mail Viruses

Viruses that spread through e-mail have a common method of spreading. This page will discuss how common e-mail viruses currently spread.

The Virus Lifecycle

Viruses begin their life when someone releases them on the internet. They begin to spread. At this early stage of their lifecycle, no one is aware of their presence. As the virus becomes more widely spread, someone will recognize an abnormal problem with their system and investigate. Eventually a computer expert will conclude that a virus exists and notify companies that write anti virus software. The companies will research the virus and come out with an update to their database of viruses that includes information about the new virus and has information about how to recognize it. They may also release a tool that can be used to automatically remove that virus from computer systems.

Therefore the cycle is:

  1. Release - The virus is released.
  2. Recognition - Someone recognizes the virus.
  3. Virus recognition database update - Antivirus programs will now recognize the virus.
  4. Antiivirus update and removal tools

The time between step one and step three above can be significant. During this time you are vulnerable to getting the virus because your anti-virus software will not recognize it as a virus. This is why you should be careful about the e-mail attachments that you open, even if you are actively running anti-virus software.

How Viruses Work

  1. When a victim of a virus double clicks on an infected attachment, the virus will run.
  2. The virus will modify the victim's system so it will always be active when the system is turned on.
  3. The virus will scan the victim's address book in their e-mail client program such as Outlook or Outlook Express.
  4. In the past, viruses would then mail themselves to addresses found in the victim's address book. But today many viruses choose random recipients and senders from the victim's address book. This means that although the e-mail is sent from the victim's machine, the e-mail sender address is faked to appear as though someone else in the victim's address book sent the message.

What to Do

Example

Below is shown an e-mail from a virus as an example of how a virus writer will try to fool computer users.

From: staff@yourorganization.org [mailto:staff@yourorganization.org]
Sent: Wednesday, March 03, 2004 4:41 AM
To: usertofool@yourorganization.org
Subject: Important notify about your e-mail account.

Dear user of e-mail server "Yourorganization.org",

Our antivirus software has detected a large  ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to  clean  up
your computer software.

For further  details see the attach.

For security reasons attached file  is password protected. The password is
"22352".

Cheers,
   The Yourorganization.org  team                   http://www.yourorganization.org


Of course there is an attachment. In this case the virus sent a zipped file (.zip) and instructed the user how to open it. It was encrypted in a zipped file so the anti-virus scanner could not detect it!

Basic Computer Tutorial Contents Page