With the massive onset of new viruses, especially
email/worm viruses, I thought it necessary to dedicate this newsletter
entirely
on how to recognize email viruses and deleting them before they
can infect. I have put together a few guidelines to help you identify
a virus along with some
general
information on how to safeguard your computer. These new viruses
such as Bagle and Netsky are overwhelming inboxes everywhere, it is
important
you
know how to recognize them and future viruses that may arrive in your
inbox.
1. EMail Addresses can be Spoofed!
Just because a message comes from someone you know doesn't
actually mean they sent it. It is very simple to send out email messages
having the "reply to" address as any address you want. Most worms will
peer through address books and other files on the infected computer
and choose random email addresses which they will use as the sender
and
recipient.
2. View Extensions in Windows
By default, the settings in Microsoft Windows have file extensions
hidden (the last three letters following the period of a filename).
To be able to recognize files as what they really are, I recommend
that you
change
the settings in Windows to view full file extensions. To change these
settings follow these instructions :
Start from either Windows Explorer or "My Computer" on
your desktop.....
a) From the View menu choose "Folder Options".
b) Select "View" from the tabs.
c) In Advanced Settings > Files and Folders (which should now
be showing) deselect "Hide file extensions for known file types".
Click on the tick to turn the box blank.
d) While you're there, it's also worth looking at the "Hidden
files" section, just above, and selecting "Show all files".
Some virus maker is bound to abuse the hidden files system one day.
So it's worth protecting against that in advance.
When using My Computer
or Windows Explorer files will now appear as "filename.ext" instead
of just "filename". This is important for
the next step.
3. If You Don't Open the Attachment You Won't Get the Virus!
Whatever email program you use, including webmail, look at
the attachment name before you open it. The best way to recognize
what a file contains, is to
look at the file extension.
Here is a list of the most popular file extensions and what file types
they correspond to :
| Extensions |
Description |
Safe to Open? |
|
|
|
 exe,
com |
Program Executables |
No, executable
files can do just about anything to your computer. Do not open
these unless you are 100% sure of where the file originated. |
| scr,
pif, vbs, js, jse |
Script Files |
No, script files
can do just as much damage as an executable. |
| mp3,
wav, wma, ra |
Audio Files |
Yes |
avi,
wmv, mpg,
mpeg, asf, divx, mov |
Video files |
Yes |
| doc,
rtf |
Microsoft Word documents |
Depends, some Word
Documents can contain Macro viruses, make sure you are expecting
this
attachment before opening it. |
| txt |
Plain Text files |
Yes |
| xls |
Microsoft Excel Documents |
Yes |
| htm,
html |
Hypertext Documents
(Web documents) |
Yes |
bmp,
jpg, jpeg, gif,
png, tif, tiff |
Images and Pictures |
Yes |
| zip,
rar, arj, ace, tar |
Archives
(Compressed Files) |
Depends, these archives can
contain any files from above. You can usually look into the
zip without problems to see what it contains, just don't extract
anything suspicious from the archive. |
Keep in mind that some viruses will have multiple extensions, ie
"filename.txt.exe".
Always go by the final extension as the valid one. Keep this in mind
when
downloading files through any file sharing application as many
of these new viruses infect shared folders by creating files
with multiple extensions to fool you.
For an expanded list
of dangerous file extensions
click here.
4. Install an updated Virus Protection Program with Real-Time
Protection
I recommend using one of the following programs for virus
defense (no particular order) :
AVG AntiVirus
(www.grisoft.com)
McAfee AntiVirus
(www.mcafee.com)
Norton/Symantec
AntiVirus (www.symantec.com)
Panda AntiVirus
(www.pandasoftware.com)
Protector
Plus (www.protectorplus.com)
Real-time protection is when the AntiVirus program is loaded into memory
and will be actively scanning your computer while it is running. This
mechanism will prevent you from opening any viral attachment.
General Rule of Thumb:
Use common sense, if you are even a little suspicious of an
email message don't open it. You can run a virus scan on it before
you open it or even call the
author for verification. These viruses can even come in the form of
a Microsoft Update bulletin that may look authentic but isn't.
Visit Symantec Security
Response for more information on the latest
viral threats.
If you have any questions, comments or future topics
for this newsletter, please email news@tbayit.com
If you wish to be removed from this email list please email news@tbayit.com with remove in
the subject line.
Return
to TBayIT Newsletter Home Page
Return
to TBayIT Home Page
