How to fool e-mail worms and stop them cold

Computer Security, FAQ - Email

Question: I’ve heard of a trick to stop e-mail viruses. You’re supposed to add an address entry in your e-mail address book called !000. Does this work? –P.C.

Answer: This is a clever trick that will work for some worms but not others. It will work for Outlook 98/2000/2002 and Outlook Express. Owners of Netscape Mail, Eudora or Hotmail or any other web-based e-mail program need not worry — worms generally don’t have the programming to attack non-Outlook programs, though that could change if new worms are released to target those applications.

First, a little background. A worm is a kind of computer virus that spreads by exploiting network connections. It uses the Internet or connections to a home or office network to spread itself. Classic examples of these are worms like Melissa or The Love Bug, which spread by e-mailing copies of themselves via the Internet to people in your e-mail address book through Microsoft Outlook or Outlook Express. This kind of “wildfire” spreading can put significant burdens on systems everywhere.

Here’s the trick the reader mentions to thwart some of these worms.

  1. Open your e-mail address book and click on new contact just as you would do if you were adding a new friend or colleague to your list of e-mail addresses. In the field where you normally type your friend’s first name, type !000 (that’s an exclamation mark followed by three zeros).
  2. Where it prompts you to enter an e-mail address, type in WormAlert. Then save it by clicking OK.
  3. Now, if you look in your e-mail address list, the first item will show up as “!000”. When a worm tries to use your e-mail address list to spread itself to your contacts, it will fail because WormAlert, the fake e-mail address, is invalid causing the worm to stop in its tracks.

The other useful feature of this trick is that, when an e-mail can’t be delivered, your e-mail program alerts you by default. So if you ever get an alert telling you that an e-mail addressed to WormAlert could not be delivered, you know that a worm has infected your computer, and you can remedy it by updating your anti-virus program with the latest signature file (downloaded from your anti-virus program maker’s website).

So does this trick work all the time? The answer is no. I checked with Symantec, makers of Norton AntiVirus, and they say that this will work to block e-mail worms that work their way through the address book as long as they start at the first entry and work down the list. These include Melissa and the LoveBug. The trick would not work with worms that select random e-mail addresses from an address book unless, of course, in the random address selection process the !000 entry is chosen.

It would also fail to work with parasitic worms, which piggyback themselves onto valid e-mail messages that you send out.

Worms that have their own built in e-mail mechanisms would also fail to work, as they don’t use your computer’s e-mail program to send themselves. They have their own outbound e-mail program built into the virus programming. Both SirCam and Nimba use this infection method.

My Symantec expert said there also one other downside to using the !000 trick. If you send a message out to everyone in your address book, you’ll be tripped up by the same error message the worm would be fooled by.

Of course, it’s a handy trick that may help detect some worms, but the usual advice stands: Make sure that you have an anti-virus program installed on your computer and that the signature files that identify new worms and viruses are downloaded regularly to your computer. Software industry statistics show that six out of every 10 computers don’t have anti-virus programs installed. Make sure yours is one of the four that does.

MORE LINKS ABOUT WORMS AND VIRUSES:
How to remove a virus

ANTI-VIRUS SOFTWARE:
Norton AntiVirus
McAfee VirusScan

BOOKS ON HACKERS AND VIRUS WRITERS:
Cyberpunk – Outlaws and Hackers on the Computer FrontierRead the review.
Masters of DeceptionRead the review.
The Hacker Crackdown: Law and Disorder on the Electronic FrontierRead the review.
At Large: The Strange Case of the World’s Biggest Internet InvasionRead the review.
Featured Book: The Fugitive Game introduces Kevin Mitnick moments before the fugitive hacker surrenders himself to FBI agents who have located him with the help of so-called cybersleuth Tsutomu Shimomura. More…