Real alarm? Hoax?

Computer Security, FAQ - Email

E-mail “chain letters” are a plague to e-mail users because they waste time and can cause unnecessary panic. The truth is that they are almost universally hoaxes. By applying a little bit of knowledge and common sense, you can know for sure. Here are some telltale signs of an e-mail hoax.

They all reference an Internet authority; sometimes it’s IBM, or Microsoft, or America Online – in some cases, it may be all three. The author promises that a catastrophic virus will arrive as e-mail and wipe out a computer’s hard drive. The message will also encourage the recipient to spread the word about the impending evil that’s about to descend on a hard drive. That line is one giveaway to the hoax. It is the reason for the e-mail’s existence and the means by which it is replicated over the Internet. Basically, the author of the letter/e-mail is taking advantage of people’s good nature and concern, and the Internet’s ability to quickly disseminate information.

E-mail is a text file that arrives from the Internet. Unlike a piece of software, or a command, it is not executed or interpreted by your computer system. In order for a computer virus to spread, it needs to execute some code or programming instructions within it to wreak the desired havoc. Since e-mail is purely a text file, it cannot be executed. Even if it’s a Web document arriving in e-mail – called an HTML file in web lingo – it is unlikely to do much harm because Web page technologies like Active X or Java are a difficult medium to build viruses in because they have been designed to be secure.

There are, however, a couple of important exceptions to this rule. If an e-mail has a file attachment, such as a game or a file saved as a word processing or spreadsheet document, that attachment could contain a virus as an executable program buried in the file format. To spread the virus, all the recipient has to do is open and run the file in question. Secondly, if the attached file is a document from an Office suite program, such as Microsoft Word, then it may contain a macro-virus. Today’s advanced Office packages often have macro file capabilities, and virus writers like to take advantage of them.

Not every macro is bad – in fact, most of them time they’re helpful. Think of a macro as a sort of mini-program that can be embedded into a document to perform simple tasks like math or mini-tools that help with the file format. Unfortunately, this same functionality can be used to cause trouble.

Should a system become infected through a virus embedded in a legitimate file’s macro, in most cases it’s relatively easy to get rid of it using virus clean-up software. Getting rid of an e-mailed virus hoax is not as easy. It can be deleted from a mailbox, but, just like a real virus, it is likely to show up again because some well-meaning person or friend on the Internet will fall for it and will send it to everyone on their mailing list, which includes you. Their intentions may have been good but it means the problem’s back in your inbox.

A worm called BubbleBoy changed the rules of the game for the viruses via e-mail: All a user had to do to get this virus is to open an infected e-mail, and the entire system was infected – opening the attachment was not required. This flies against all the rules.

Users of Microsoft’s Outlook Express may be infected by simply having a feature called AutoPreview enabled. AutoPreview is an Outlook option that shows you the contents of an e-mail in a program window before you open it. BubbleBoy, for instance, inserts a script file into the Startup directory of a Windows 98 computer. When the computer is restarted, the script runs. BubbleBoy will only work on a computer system with Internet Explorer 5.0 using Windows Scripting Host. It will not run on a Macintosh, Windows NT or default settings for Windows 95.

Luckily, BubbleBoy is considered low risk because the virus was not released into the wild. It was sent to an anti-virus software maker to show that it could be done. (It makes you wonder whether we’ll be as fortunate the next time someone has something to prove!)