How to Kill Ugly E-Mail Viruses D-E-A-D
By George Bigham
Printed in Practical Homeschooling #49, 2002.
What's that in my email? Oh, no! I really shouldn't have opened that attachment or passed on that chain letter...
Most homeschoolers by now have discovered the joy of e-mail. It allows you to keep in touch with friends and relatives, participate in online discussion groups, and even take online courses.
But there's a price to be paid for all this online connectivity. You can reach out to others, but that also allows some less-than-sociable types to try to mess with you.
So what are you going to do? Disconnect your modem? Disable your e-mail? Let those online bullies throw virtual sand in your face?
Don't live scared; get prepared!
There are a number of different kinds of bad e-mail things. Let's find of what to do about them by starting with the easiest types and working up to the more difficult ones.
Pranks and Hoaxes
A recent example of an e-mailed prank is the "A Virtual Card for You" virus. It claims that if you read any e-mail with "a virtual card for you" in the subject line, your computer will die a terrible death. (Note that by the time you have gotten this far you have already opened this message, and your computer is still working!) The message further indicates that "There is no vaccine!" and strongly suggests "Please forward this message to everyone in your address book RIGHT AWAY!"
What makes this type of e-mail a bad thing is that the well-meaning but gullible people who follow its instructions send hundreds of e-mails to their friends, some of whom send hundreds more, and the mail-server computers at AOL, MSN, EarthLink and other e-mail providers start crashing because they are overloaded with incoming e-mail.
So even though there is no evil code in a prank or hoax type of e-mail message, its intended use is to bring down e-mail systems and so it is definitely a bad thing.
A famous older example is the "Penny Brown is missing" plea, in which people receive an e-mail something like this: "I am asking you all... begging you... to please forward this e-mail on to anyone and everyone you know, PLEASE. My 9-year old girl, Penny Brown, is missing. She has been missing for two weeks. It is still not too late; please help us. If anyone anywhere knows anything or sees anything, please contact me at email@example.com. I am including a picture of Penny. All prayers are appreciated! It only takes two seconds to forward this on. If it was your child, you would want all the help you could get. Thank you for your kindness; hopefully you can help us."
Needless to say, if you forward this to everyone in your address book you are propagating the hoax. All e-mail chain letters also fall into this category. Have you perhaps seen the ones supposedly from the Make a Wish Foundation or the ones saying Bill Gates or AOL will pay everyone who forwards this test message to others some amount per name? Do not forward!
Hurt Your Computer By Following Orders (Received in an E-mail Message)
JDBGMGR.EXE is a real file that your Windows computer needs. When people get a message to locate and delete it because it either is a virus "hiding" on their computer's hard drive or is infected with one, the result is a damaged Windows operating system and consequently a malfunctioning computer.
SULFNBK.EXE is another fairly recent example of a real file that people were encouraged to remove. It is actually a file that Windows 95/98 versions use to rename long files. The hoax about SULFNBK.EXE has been reported in English, Spanish, Portuguese, Dutch, Danish, and Norwegian.
The first bad thing about this type of e-mail is that it attempts to get novice and gullible computer users to damage Windows on their own computers by removing needed files. These e-mails also usually implore to you e-mail everyone about this problem, so a secondary bad thing can result by by overloading mail server computers, as in the first example above.
Note that these two types of bad thing e-mails only require that a plain text e-mail message be received and acted on. No enclosure or attachment needs to accompany these types of e-mails. But if a real virus (see below) infects your computer, it may be that files like JDBGMGR.EXE or SULFNBK.EXE can be among the files infected.
One of my favorite computer jokes is the Amish e-mail "hoax." It goes like this:
"We have no computers, so we cannot e-mail you. When you read this message, you are on your honor to delete all files from your hard drive. Thanks... "
Worms and Trojan Horses
Microsoft has arranged for applications like Word and Outlook to talk to each other behind your back. When, for example, Windows users go to the File menu in Microsoft Word and e-mail a Word file to someone using the "Send To" command, they are taking advantage of this functionality. If only Microsoft had the ability to require all the programmers, hackers, and others similarly inclined in the world to use this power only for good. Alas, that is not the case.
When you find a file from a stranger in your inbox it may be (a) legitimate, and most likely it is, or (b) spam. Spam can just be deleted. But if it is from a stranger and has an attachment with it, you should NEVER, NEVER open that attachment. Here is why:
If the attachment contains a Worm or Trojan Horse, when you open it, code can start to execute that will accomplish lots of bad things. For example, the message can:
- Forward itself to everyone in your Microsoft Outlook address book, causing all their computers to become infected, if and only if they open the attachment when they receive it.
- Start modifying the Windows Operating System file your computer needs to operate, causing your computer eventually to become unusable.
- Start infecting Word template files, so that every word data file you create and e-mail infects the computers that receive it.
Note that the ability for programs like Word and Outlook to talk to each other behind your back is a legitimate feature of those programs. When the feature is used for evil purposes the resulting code is called a Worm or a Trojan Horse.
The newest variety of these bad e-mail things has a special ability to "spoof" the "from" e-mail address when it sends e-mail from your infected computer. So if you are Curly and you know that Moe and Larry are in your Outlook address book, if your computer gets infected, Larry will likely get a message that appears to come from Moe that carries the infection, when the message actually originated from Curly's computer. This is a fairly new "innovation" and is found in the recent variations of the Klez worm such as W32/Klez-H, W32Klez.F, et al.
Because Microsoft has made it so easy to create Worms, Trojan Horses, and similar VBS (Visual Basic Scripting) based bad e-mail things, real viruses are less frequently found these days. But several years ago, the CIH virus had its moment of fame - it worked like this (from www.europe.f-secure.com):
"The most common version of the virus, CIH 1.2, activates on the 26th of April. At this time, it can overwrite the hard disk and the flash BIOS of an infected computer - causing complete loss of data and possibly rendering the computer unusable. F-Secure is advising all computer users to check their systems with an antivirus program and back up their data. CIH does not pose a risk to users of DOS, Windows 3.x, Windows NT or Macintosh users. It only replicates and activates under Windows 95 and Windows 98."
This is a "real" code-written-from-scratch virus. But these days all the kinds of bad e-mail things we have been discussing are being lumped under the term "viruses." I preferred the term "MalWare" because it was more technically accurate. But I didn't win that one.
Easy Ways to Avoid Bad E-Mail Things
Don't use Windows-based computers. This may sound silly, but using Macintosh computers avoids 98+% of the hassle. But Mac users take note - while most of these problems won't hurt your computer, you can forward infected e-mails to colleagues or friends with Windows computers, and they can become infected. Don't be a Typhoid Mary!
Don't use Microsoft Outlook or Outlook Express for e-mail. This may not be possible for you, of course. But it is a lot easier to use Eudora, an e-mail program from QualComm, or Netscape's e-mail function for your e-mail program than it would be to stop using Word and go back to WordPerfect or whatever. The "deadly embrace" between Word and Outlook under Windows needs to be broken somehow.
Use antivirus software and keep it updated with new virus definitions monthly. Norton Anti-Virus (from Symantec) and VirusScan (from McAfee) are the two most popular solutions [see URL information to the left].
Never, never, never open attachments, unless you know for a fact that a trusted person has sent them on purpose. Note the section above that describes how Klez can fake the "from" address so that when it looks like someone reliable is sending you an attachment, in fact the message may originate from some third infected computer. When all you know about that computer is that you and your friend both are in the Outlook e-mail address book for it, there can be lots of difficulty tracking it down.
Note that some e-mail providers are increasing their efforts to "strip" suspicious attachments from messages that pass through their system. This is a very good thing.
Have fun, and remember to be careful out there!
Was this article helpful to you?
Subscribe to Practical Homeschooling today, and you'll get this quality of information and encouragement five times per year, delivered to your door. To start, click on the link below that describes you:
USA Librarian (purchasing for a library)
Outside USA Individual
Outside USA Library