Introduction

 

Spotting an Internet/e-mail virus can be very difficult, particularly to those of us that have very little computer knowledge. Consequently, those people new to the Internet and e-mail may be considered more vulnerable to virus', although it is still common for businesses with years of experience to fall victim.

 

Software available today can reduce (usually eliminate) the chance of being a victim to a virus. However, the following article will help you to understand the basics of spotting and dealing with e-mail virus' to help you reduce your chance of falling victim.

 

E-mail Virus' : Beware!

 

For those of you that have an e-mail account, it is likely that you will RECEIVE a (genuine) virus infected e-mail at some time. However, the real danger is not in receiving or reading the e-mail - unaware of its intentions - but actually OPENING any attachments included.

Many of us are still timid about opening unfamiliar e-mail messages believing that a potential virus will infect your computer on opening. Rest assured that virus' cannot be contained in the e-mail text itself and therefore there is no danger in reading an e-mail: however suspicious.  Virus' are commonly placed into attachments with extensions such as .exe (execute) where attachments are executed to perform a function on opening.  Nevertheless, you should never open any attachments to unfamiliar e-mail without approval from a quality virus checker.

 

Some e-mail accounts can be configured so that any attachments are automatically opened on opening of the original e-mail message.  This is not recommended as you will have no control over identifying potential virus' before you open any attachments: it will be too late.

 

Every day, thousands of e-mails with attachments are received and forwarded to friends, family and work colleagues and from personal past experience of a being a hotmail account holder, you overlook the danger of virus' and freely open attachments (funny pictures, jokes, etc) from e-mails where the original sender is hard to identify. Conclusion: If its not from a reliable source - DELETE the e-mail all together!

 

Some e-mails usually give instructions to, for example, "speed up your processor by 50%". The message will list a few short commands such as ''hold Control, G and D and then press...".  This may be a virus, if not a simple time-wasting e-mail that has no intentions of working. The instructions listed on the e-mail may well be another way of opening/executing a virus that is in a hidden attachment.

 

Do not be fooled by those e-mails claiming to, for example, "make your wish come true if you forward this e-mail to ten of your friends". It is usually just an opportunity for spamming, but occasionally, it is a way of spreading a virus beyond its original mailing list...yes, you may be a key hub to spreading a virus further!

The following content on this page has been reproduced from a ScamBusters newsletter: a leading authority on web scams and security.

Internet ScamBusters

By Audri and Jim Lanford Copyright (c) 2000 Audri and Jim Lanford

Issue #40 - Part B December 15, 2000

Real Virus to Watch For...
http://www.mcafee.com/anti-virus/viruses/Navidad/

Be on the lookout for a new virus call W32/Navidad@M. It's an Internet worm that spreads using the Windows email program Outlook. The email can come from addresses that you will recognize.

A file is attached to the email named NAVIDAD.EXE and when run, displays an Error dialog box which reads "UI." A blue eye will then appear next to the clock in the lower right corner of your screen and a copy of the worm is saved to the file "winsvrc.vxd" in the SYSTEM directory.

If your PC is infected, then all emails addressed to you will be automatically responded to with an email from your address with the attachment.

McAfee recently upgraded this virus to a Medium On Watch risk because of an increase in infection levels worldwide. Use the above URL for detection and removal directions. 

Urban legends that have made the rounds...

1. Subject: Gift Certificate from Cracker Barrel

My name is Junior Johnson, founder of Cracker Barrel. In an attempt to get our name out to more people in the rural communities where we are not currently located, we are offering a $50 gift certificate to anyone who forwards this email to 9 of their friends. Just send this email to them and you will receive an email back with a confirmation number to claim your gift certificate.

Sincerely,
Junior Johnson
Founder of Cracker Barrel

2. A new drug called Progesterex is being used to permanently sterilize young women.

This email claims that there is a new drug on the market that has been out for less than a year called Progesterex. This drug was supposedly designed to sterilize horses, but it is now supposedly being used on young women.

In reality, there is no drug called Progesterex, and the rest of the email is bogus as well. 

To read the email going around and the comments, see: http://www.snopes2.com/toxins/progest.htm

3. You can earn $100 from iWon.com by passing along a chain letter.

If you got this email you're lucky (don't delete). You have just won 100 dollars!....... You will only get the money if you send this to 5 or more people. A box will appear on the screen after you have sent it! It really works.... try it!

Take 5 min. out of your time and send this... believe me you won't be sorry!!

0-2 people: $10
2-4 people: $20
4-6 people: $50
6-8 people: $75
8-10 people: $100!!!!!!!! Keep on sending!!!!!
iWon.com http://www.iwon.com why wouldn't you?

Again, not true. Read iWon.com's rebuttal at http://www.iwon.com/ct/help/chainmail.html

4. The "5 cent surcharge on e-mail" hoax is making the rounds again.

Don't be fooled -- there is no Bill 602P, nor a "public-minded" lawyer named Richard Stepp.

Check out the facts at: http://www.snopes.com/inboxer/pending/email.htm

FTC's Crackdown on "Operation Top Ten Dot Cons"

http://www.ftc.gov/opa/2000/10/topten.htm

Con artists who have gone high-tech to peddle traditional scams online have been branded with a new name... "dot cons." The FTC, after a busy year working with international law enforcement, recently announced 251 law enforcement actions against online scammers in "Operation Top Ten Dot Cons."

We've included an excerpt below of the top ten targeted scams and what they involve from:

http://www.ftc.gov/bcp/conline/edcams/dotcon/index.html

(1) Internet Auctions
After sending your money, you may receive an item that is less valuable than promised, or nothing at all.

(2) Internet Access Services
You may be "trapped" into a long-term contract for Internet access, with big penalties for early cancellation.

(3) Web Cramming
You receive an invoice or charge on your phone bill for services you never accepted or agreed to.

(4) Travel and Vacation Fraud
Fraudulent companies lie about their travel packages or hit you with hidden charges.

(5) Investment Schemes and Get-Rich-Quick Scams
You may lose money using programs or services that claim to predict the market with 100% accuracy.

(6) International Modem Dialing
Unbeknownst to you, your modem is disconnected, then reconnected through an international long-distance telephone number.

(7) Credit Card Fraud
Fraudulent promoters ask for your credit card number for age verification, then run up charges on your card.

(8) Multi-level Marketing (MLM) and Pyramid Scams
You buy into an MLM plan and find your only customers are other distributors, not the public.

(9) Business Opportunities and Work-At-Home Scams
Con artists promise you big earnings, but can't back them up.

(10) Health Care Products and Services
Promoters offer "miracle cures" for your health problems.

Be sure to read up on these scams, the bait these "dot cons" use, the catch, and the "safety net" you need to avoid them.

And if you find you've been a victim of one of these scams, be sure to notify the FTC using their online complaint form at https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01

Survey Reveals Internet Fraud On The Rise http://www.CyberSource.com/fraud_survey/

CyberSource -- a leading provider of mission-critical eCommerce transaction services -- revealed in its second annual CyberSource Fraud 2000 Survey that 83% of the online merchants surveyed feel that online fraud is a problem. This is up from last year's results of 75%.

61% of the e-merchants are taking more precautions this year than last year to prevent fraud this holiday season. Measures include employing a fraud screening solution and displaying a  logo or icon from an online fraud solution provider on their sites to ease customers' fears about shopping online. 81% of the e-merchants feel that online sales would increase if shoppers were not concerned about fraud. Their biggest challenge to managing online fraud is the loss of customer goodwill. 

A past issue of ScamBusters covered this same subject. You can read more about it at http://www.scambusters.org/Scambusters39.html

The 809 Phone Scam is Back... Again

We've had several reports from observant viewers that the infamous 809 scam is making the rounds yet again, this time claiming to charge up to $2425 per-minute which, if you've been reading ScamBusters, you know isn't true.   For the true story behind the 809 Scam -- and the scam IS real -- check out one of our past issues at http://www.scambusters.org/809Scam.html   David Emery at About.com's Urban Legends brought this new round to his reader's attention and mentions ScamBusters in his Sightings, Notes & Updates: http://urbanlegends.about.com/science/urbanlegends/library/blnote11.htm

--------- [ Please Support our Sponsor ] ---------

BUY EVERYTHING WHOLESALE

Save up to 90% on top quality brand-name merchandise when you buy directly from wholesalers, distributors, and vendors. Everything from computers & accessories, jewelry, sporting goods, household goods, brand name clothing and electronics.

----------- [ End of Sponsor Message ] -----------

About Internet ScamBusters - Administrivia

To unsubscribe, simply reply to this email. (Yes, we know the return address looks funny.) This will remove you from the ScamBusters list.

To subscribe, go to http://www.scambusters.org/ and enter your email address in the box on the right
and click Subscribe.

Or send a blank email to

To change your email address, simply unsubscribe and then subscribe again, as described just above.

If you click reply, you will be removed from this list.

To send an email to a human, please email It may take awhile for us to respond - we do this as a public service.

Please do not send vacation notices or other autoresponders to us. This will remove you from the ScamBusters list.

The disclaimer located at http://www.scambusters.org/disclaimer.html applies to this ezine.

Internet ScamBusters

By Audri and Jim Lanford, NETrageous Inc. Copyright (c) 2000 NETrageous Inc.

Issue #38  May 31, 2000

First, a quick thanks to everyone who contributed their fraud stories to our database. If you've been scammed but haven't yet shared your story and you'd like to help us build this resource to help prevent future victims, please send an email to with your name, location, the scam and a detailed description of the scam. Or you can fill out the form at http://www.scambusters.org/ScamDatabase.html We'd really appreciate your taking the time to do this.

With all of the new viruses, it seemed appropriate to dedicate this month's issue to helping you avoid getting hit by a harmful virus.  To that end, we've asked our friend Paul Myers if we could reprint the part of his article on Data Security 101 that focuses on viruses. Paul's data security article is a bit more technical than we usually publish in Internet ScamBusters. However, the part on viruses is less technical than the rest - and it contains a lot of great information. So, let's focus on.... 

Virus Security 101 By Paul Myers < > Copyright 2000 Paul Myers. Reprinted with Permission.

If anyone had any doubt about the ability of viruses to wreak havoc, Melissa should have cured that. But, of course, it didn't.  Viruses can do all sorts of interesting things. They can send email to everyone in your address book. They can email your entire address book to someone else. They can make your computer do all manner of odd things. They can wipe out your data files, or even format your hard drive.

They can even plant RATs in your system.

RAT is short for Remote Access Trojan. These nifty little virtual gizmos are the cracker's equivalent of the remote control.

Note: Cracker is the right word. A hacker, despite the media's misuse of the word, is not a malicious person who'll try   to abuse strangers. Hacker is a term of respect. Crackers are the creeps who play these nasty games.

So, how does your computer get viruses?

It's amazingly easy, actually. Any time you run code that you got from someone else, you run *some* risk of getting a virus. With commercial software obtained directly from the manufacturer, the risk is minimal. Still there, but minimal.

There are other ways, but these account for the vast majority of cases:

Loading files with macros without checking for viruses. This is probably the most common these days. There are    thousands of macro viruses out there that are spread through sharing of Word documents, Excel spreadsheets, etc.

Downloading and running many games that are distributed through private sites. (The major download sites are usually pretty safe.)

Opening infected emails in an HTML capable mail reader without having disabled ActiveX and the like. (Yes, Virginia, you CAN get a virus just from reading an email on a PC. If your system is set up wrong.)

Running programs that are sent to you as attachments.

Downloading and running pirated software. (If that's how you got it, you deserve it!)

Have you ever done any of those?

So, how do you NOT get viruses? It's pretty easy, actually. Just use some simple, common sense steps.

1. NEVER run programs that are sent to you as attachments, unless you know and trust the sender, AND KNOW THE PROGRAM IS BEING SENT BEFOREHAND. Even then, be suspicious. Your friends won't deliberately send you an infected file, but do you know how secure their system is?

If you weren't told the program was coming, don't run it, no matter who sent it. There are new viruses out all the time that attach themselves to emails as their method of propagation. The "senders" usually don't even know the attachment exists.

2. For Word, Excel, and any other software that uses macros, get paranoid. Go to the Macros menu item, and select the Security option. Set it to high, and refuse to run any macros except from those sources you designate as "Trusted." Mac users should not be smug about this - macro viruses are cross platform.

The vast majority of users won't be affected by this at all. Most of us don't use macros in our documents.

3. Ask people who need to send you documents to use .rtf (Rich Text Format) instead of .doc format. In most cases this will give exactly the same results and appearance. And RTF files can't spread viruses.

If they don't know how to do this, explain it. When they save the file, they simply choose Rich Text Format from the "Save as type" options instead of accepting the default .doc format.

Another advantage is that RTF files are generally readable on any platform. Handy for dealing with people who may not have exactly the same programs that you use.

Oh yeah... Send documents in this format yourself whenever feasible. ;)

4. Turn off the ability of your HTML capable email software to run ActiveX or other code without asking first. And then only allow it when you know the sender. (Hint: How many people do you know who write email containing ActiveX or other scripting... ?)

5. Get a good anti-virus program.  Update it regularly. Run it all the time.

Good anti-virus software is no longer a paranoid's indulgence. It's a necessity.

You'll want to set it to the highest security you can live with. If you get huge amounts of email and have a slow machine, you may not want to tell it to scan every email that's downloaded, but you'll probably want every other option checked.

Yes, it will slow things down a small amount. In most cases, you'll never notice it. If it gets too bad, you can disable the less important options, like scanning inside zip files.

You don't need to scan your drives every time you boot up the machine, of course. But do it occasionally to be safe.

Updating your Anti-Virus (AV) software frequently is a must. There are tens of thousands of viruses out there, and more developed all the time. It does you no good to have the software if it's not current.

Even with the best AV software, you still want to keep other security measures in place. These programs don't work on a virus until the developers know the virus exists. And frequently they don't know until shortly AFTER a major outbreak.

Melissa was a great example of this.

Two of the better anti-virus programs are:

Panda Anti-Virus, from http://www.pandasoftware.com/

Norton Anti-Virus, from http://www.symantec.com/

I don't recommend McAfee. It's entirely too much trouble when there are more convenient options that provide the same protection.

With any anti-virus software, you can encounter occasional problems. It's an unfortunate but necessary part of the way the programs work. Some legitimate commercial programs may be treated as viruses, some hardware will have trouble, etc.

Usually these programs will mention the potential trouble somewhere in their documentation. If you try installing software from commercially purchased CDs or from trusted download sites and have trouble, try the install after turning off the AV program.

A good anti-virus program is a necessity. (Have I mentioned that yet?)

....

[Editors Note: Using a program other than Microsoft Outlook (or as many people now call it, lookout!) for your email will also help you avoid many virus problems.]

....

There's at least one "virus" that can affect your system without you downloading anything, opening any programs, or reading any infected emails. All you need to do is run a computer that's connected to the Internet that has a shared drive which doesn't require a password for write access.

Isn't that fun? Just being connected can be a security risk!

This one scans the Net looking for machines with the right vulnerabilities, and writes itself to the system when it finds one. The effects of this virus sound like something from one of those hoaxes that are forever going around.

   * It spreads without any action on your part.

   * It can delete everything in your C:\Windows directory and sub-directories, and C:\.

   * It uses your modem to dial 911....

Yeah. Can you believe that last one? The cretin who wrote this needs to be thrown in jail for life. Tying up emergency services like that could result in deaths.

Fortunately, this is found in a very limited area so far. The only "sightings in the wild" have been in the Houston, TX area. And yes, it's confirmed. See: http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html

Or the FBI's advisory, at: http://www.nipc.gov/advis00-038.htm

This is the first virus that propagates this way. You can bet it won't be the last. And future ones will exploit more and more obscure weaknesses in common PC setups.

....

A Final Tip:

If you use Netscape, turn off any type of Scripting in Mail and News.
....

I hope you find this information useful. Put it to work, and you can save yourself a lot of headaches down the road.

Paul

....
This article was written for TalkBiz News, a free email newsletter for small business owners. To subscribe, send any email to

[Editors note: This article was excerpted from Data Security 101For Small Businesses by Paul Myers. If you'd like to get a copy of the entire article - which contains a lot of useful information on backing up, RATs, firewalls, and more - send an
email to and you'll receive it via autoresponder.]


About Internet ScamBusters

To UNSUBSCRIBE from Internet ScamBusters, send an email to: and write UNSUBSCRIBE in the subject field. (or use this easy link if your mail client supports it)
mailto: ?subject=UNSUBSCRIBE

To SUBSCRIBE to Internet ScamBusters, send an email to: and write SUBSCRIBE in the subject field. (or use this easy link if your mail client supports it) mailto: ?subject=SUBSCRIBE

The disclaimer located at http://www.scambusters.org/disclaimer.html applies to this e-zine.