Viruses that spread through e-mail have a common method of spreading. This page will discuss how common e-mail viruses currently spread.
The Virus Lifecycle
Viruses begin their life when someone releases them on the internet. They begin to spread. At this early stage of their lifecycle, no one is aware of their presence. As the virus becomes more widely spread, someone will recognize an abnormal problem with their system and investigate. Eventually a computer expert will conclude that a virus exists and notify companies that write anti virus software. The companies will research the virus and come out with an update to their database of viruses that includes information about the new virus and has information about how to recognize it. They may also release a tool that can be used to automatically remove that virus from computer systems.
Therefore the cycle is:
- Release - The virus is released.
- Recognition - Someone recognizes the virus.
- Virus recognition database update - Antivirus programs will now recognize the virus.
- Antiivirus update and removal tools
The time between step one and step three above can be significant. During this time you are vulnerable to getting the virus because your anti-virus software will not recognize it as a virus. This is why you should be careful about the e-mail attachments that you open, even if you are actively running anti-virus software.
How Viruses Work
- When a victim of a virus double clicks on an infected attachment, the virus will run.
- The virus will modify the victim's system so it will always be active when the system is turned on.
- The virus will scan the victim's address book in their e-mail client program such as Outlook or Outlook Express.
- In the past, viruses would then mail themselves to addresses found in the victim's address book. But today many viruses choose random recipients and senders from the victim's address book. This means that although the e-mail is sent from the victim's machine, the e-mail sender address is faked to appear as though someone else in the victim's address book sent the message.
What to Do
- Always run anti-virus software and be sure it gets updated at least twice per week.
- If you get a virus in an e-mail attachment and you are sure it is a virus, delete the e-mail message.
- If you get an attachment from someone you know, consider whether there is enough personal information in the e-mail which a virus program would not know. If you are not sure your acquaintance sent the e-mail call them and be sure before opening the attachment. Do not count on your anti-virus software being able to stop you from getting infected if you open the e-mail attachment. Remember, viruses are not recognized right away by your anti-virus software and you could get a new unrecognized virus before your virus definition updates are released.
- If you get an e-mail saying a message you sent was undeliverable and you did not send the message, consider whether your system is behaving abnormally. You probably do not have a virus, but if you are not sure, use your anti-virus software to perform a system scan for viruses and remove any viruses found using the procedure in the section about "Removing Viruses", then delete the e-mail.
- If you get an e-mail saying a message you sent contained a virus, consider whether your system is behaving abnormally. You probably do not have a virus, but if you are not sure, use your anti-virus software to perform a system scan for viruses and remove any viruses found using the procedure in the section about "Removing Viruses", then delete the e-mail.
Below is shown an e-mail from a virus as an example of how a virus writer will try to fool computer users.
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Wednesday, March 03, 2004 4:41 AM
Subject: Important notify about your e-mail account.
Dear user of e-mail server "Yourorganization.org",
Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.
For further details see the attach.
For security reasons attached file is password protected. The password is
The Yourorganization.org team http://www.yourorganization.org
Of course there is an attachment. In this case the virus sent a zipped file (.zip) and instructed the user how to open it. It was encrypted in a zipped file so the anti-virus scanner could not detect it!