Danger #1: The Virus Threat

On this page we'll explain a little about what viruses are, how they can get onto your computer, and how to stop them from doing so. All internet users should read this page carefully.

What is a virus?:
A computer virus is a computer program that has been designed to cause damage of one sort or another to the software running on your computer, and to attempt to replicate itself and spread to as many other computers as possible.

In the past most viruses were written by misguided individuals who just wants to harm the fun and enjoyment of others or to prove how "great" they were at writing software. Lately, however, the trend is for virus writers to attempt to make a financial gain by stealing information from their victims, or by taking over your computer in order to attack others or send spam messages.

The subject of viruses is a complex one, and on these pages we will be making generalisations and simplifications in order to help you understand the dangers they pose without bombarding you with technical details.

What do viruses look like? What do they actually do?
Some viruses pretend to be a harmless, useful programs, tempting you to run them. Other viruses attach themselves and hide within another, completely innocent program, ready to infect your computer the moment you run it. Another type of virus can make use of some of the hidden features of Windows and try to hide from you by pretending to be picture files, or text files which you might assume to be perfectly safe, again tempting you to run them. The most common viruses hide within attachments to email messages, and use various methods to try and persuade you to open and run them. Some viruses, for example Conficker/Downadup, can even infect your computer without you having to do anything at all if you have not been keeping your operating system (Windows) up to date with respect to security patches.

But whatever form they take, once a virus gets onto your PC it means big trouble. Amongst many other possibilities, depending on the type and form of the virus, it may hide itself from view and monitor your every move, looking out for such things as your usernames, passwords and credit card details and sending them over the internet to the virus' author, or it may directly cause damage to the software you have installed - in some cases so severe that you’ll be unable to use your computer at all unless you re-install Windows from scratch. Other types allow their authors to take over your computer, without your knowledge, and use it to send out Spam, attempt to hack into other computers or simply attack them (as a form of blackmail attempt or simply for "revenge" for some real or imagined slight by another virus writer or other "enemy"). Still other variations may cause your computer to dial premium rate numbers instead of your normal dial-up number, running up a huge phone bill for you.

Once your PC is infected most viruses will also try to replicate themselves. They may do this by hiding within as many programs as possible on your computer, in the hope that you might copy them onto other PCs. Many will automatically add themselves onto any disk you insert into the machine, ready to hop onto the next computer you put it in. Others will try to infect other computers directly over the internet.

Most commonly though, viruses try to replicate themselves using email. They may do this in various ways, most usually by automatically sending themselves to every address they can find on your computer - including everyone you have ever received email from or sent email to.

+ Click Here to view some common examples of emails generated by a virus or worm

Many of the most common viruses you are likely to encounter disguise themselves as "important documents" attached to an apparently innocent email message.

If you receive an unexpected email with an attachment you should treat it with great suspicion, even if it appears to be from someone you know or from a company you regularly deal with. In particular, many viruses disguise themselves as emails from your ISP telling you that your account has been suspended or misused in some way, and asking you to examine the attached file for more details. But instead of containing the information promised, the attached file will actually contain a copy of the virus which, if you open or run it, can cause your computer to become infected.

An example of a common type of virus email that is currently doing the rounds is as follows:

********************************
From: mail@cymru1.net
To: user@cymru1.net
Sent: Monday, June 27, 2005 8:20 PM
Subject: Warning Message: Your services near to be closed.

Dear Cymru1 Member,

We have temporarily suspended your email account user@cymru1.net.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Cymru1 account.

Sincerely,The Cymru1 Support Team

+++ Attachment: No Virus (Clean)
+++ Cymru1 Antivirus - www.cymru1.net

*************************************

With this particular virus, the " From:" address is not always mail@ and is sometimes info@, sales@, mail@ or support@ or something else entirely.

Note that the virus gets the name of your "ISP" from the part after the @ in your email address. So if your email address was xyz@Yourisp.com, the message would pretend to be From: support@Yourisp.com and say "Dear Yourisp Member" and "Sincerely, The Yourisp Support Team" and so on.

Also note the faked "No Virus" message.

All in all, the creator of this and most other email viruses do everything they can to try and get you to open the attachment.

To help protect yourself from this and other types of viruses and threats, please carefully read all the information on protecting yourself from viruses, worms, Trojans and other threats that you will find here on these pages.

ANOTHER COMMON TYPE OF VIRUS/SCAM/HOAX

(DO NOT RING THE NUMBERS SHOWN IN THIS MESSAGE)

TO: (your email address)
FROM:UKCards [receipt@ukcards.com]
SUBJECT: Transaction Receipt (UKCards)

Please note: All charges to your statement will appear in the name "UKCARDS LIMITED".

Order Information
Amount: £399.95
Currency: GBP
Merchant Name: HUNTINGDON MAIL ORDER
Description: iPod Music Player 40GB

Customer Service
Telephone: 01480 456111 [or 0845 6060 234]
Email: N/A

Delivery Address
47 Silver Street, London, NW1 5TR

If you have any questions on the delivery
of this order or product details please contact
the merchant directly using the above details."

**********************************************************
ATTACHMENT: iPod Purchase Agreement.zip
**********************************************************

(DO NOT RING THE NUMBERS SHOWN IN THIS MESSAGE)

This type of message should have alarm bells ringing in your head immediately. First, you didn't order an iPod, did you? Secondly, it is highly unusual to receive an "iPod Purchase Agreement" in a zip file. Furthermore the, Address is in London, while the Merchant name is "Huntingdon". The email address the message is supposedly from is not a merchant of any description.

A little additional research will reveal that the 01480 number is actually a number for a UK Police force. The second form of this message that we have seen contains the 0845 national number for the UK Jobcentre instead.

The attachment contains a Trojan program.

The idea of this type of message is to get you to panic and call the number, or open the attachment. Doing either of these things will be exactly what the author of the message wanted you to do, so don't do it! By calling the number (along with 1000s of other panic-stricken people) you cause strain on the phone system, potentially to such an extent as to stop it working. This is serious for a Police force and very annoying for the Jobcentre. And by opening the attachment you'll just allow your computer to be used to send more copies of this email, and possibly much worse.

So please think twice before acting when you receive a strange message.

STOP TO THINK BEFORE ACTING. NEVER PANIC. THINK!

There are three main ways for your computer to become infected by a virus:

1) The most usual way is via an Email attachment. Viruses that enter your PC in this way are more accurately called "worms" but we'll be sticking to the generic term Virus for the sake of simplicity in this document.

An email attachment is simply a program or data file sent to you by email, attached to the actual email message itself. Email programs, such as Microsoft Outlook, support attachments because they are extremely useful. Let’s say you’ve just done your annual accounts on a spreadsheet, and want to send this information to your accountant via email. You could do this very easily by simply creating an email, attaching the spreadsheet, then sending it to your accountant. Or let’s say you’ve found a fantastic shareware program, and you want to send a copy to a friend to save them the bother of finding it and downloading it themselves. Again, you could do this by simply attaching it to an email and sending it off. There’s absolutely no harm in doing this sort of thing.

BUT imagine that instead of you sending an innocent and useful program or data file to a friend or colleague, some misguided individual decides to send out a program containing a virus instead. They could simply attach one to an Email, and fire it off to as many email addresses as they can find.

If one of the recipients of this email message has taken precautions to prevent viruses entering their PC, no harm will be done. If, on the other hand, one of the recipients has not taken any precautions and opens the email or runs the file, they will become infected by it. And since most viruses are programmed to replicate, their computer will start sending out the virus to everyone on their contact list....

SOME VIRUSES TRANSMITTED BY EMAIL DISGUISE THEMSELVES AS AN EMAIL DELIVERY ERROR MESSAGE. DO NOT OPEN ATTACHMENTS IN SUCH MESSAGES UNLESS YOU ARE SURE IT IS NOT A VIRUS.

SIMILARLY, DO NOT CLICK ON ANY LINKS THAT YOU MAY FIND IN AN EMAIL THAT ARRIVES OUT OF THE BLUE SUPPOSEDLY FROM YOUR ISP TELLING YOU THAT YOU HAVE BEEN SENDING SPAM, OR HAVE BEEN VIEWING/DOWNLOADING "UNSAVORY" OR ILLEGAL CONTENT, OR THAT A MESSAGE YOU HAVE SENT COULD NOT BE DELIVERED (to someone you have not sent an email to!). THESE ARE ALMOST CERTAINLY GENERATED BY A VIRUS, OR MAY BE PART OF A "PHISHING" SCAM (see next page for details on Phishing and fraud).

2) Another way for a virus to get into your system is by hiding within another, apparently innocent file, which you might download from the Internet onto your system, or copy from a floppy disk or CD-ROM from a friend.

If you have not taken any precautions against viruses, the moment you run an infected program your PC will become infected too.

Note that downloading files from reputable web sites is usually fine and perfectly safe. But if you stray too far off the beaten track on the Internet, and download files from less reputable places, you may well find yourself infected by a virus before you know it. The same goes for accepting files or programs from friends - they may not have got the file from a reputable site, and the file or program they give or send you might well be infected.

3) A third way for a virus to get into your computer is via what might be described as a "backdoor".

Without getting too technical, essentially what we mean by this is "a way in to your computer that you didn't know was there". Although backdoors can be created by a Hacker (see Danger #5), the backdoor entryways we are talking about in this context usually exist as a result of a flaw in a program, often Windows itself or in Internet Explorer or another web browser, and are usually referred to as "security holes". The Conficker/Downadup virus uses this "back door" technique to get into your computer.

These security holes can be exploited in number of different ways. Depending on the type and nature of the hole, all that may be required is for your computer to be connected to the Internet! Other types may require you to visit a website containing hidden code specifically designed to exploit the vulnerability.

To avoid being infected by viruses and to help protect your computer from other security threats, you should take the following steps:

1) Install AND KEEP UP TO DATE, a reputable anti-virus utility.
Such utilities can detect and prevent 99.9% of virus infections, in most cases including viruses sent by email attachment. We recommend Trend Micro anti-virus products, available from www.trendmicro.com, and Norton AntiVirus, available from www.symantec.co.uk. Please note that it is vital that you keep your antivirus utility up to date, at least on a weekly basis and ideally on a daily one. If you don’t, you won ’t be protected from the latest viruses. Or to put it another way: A virus scanner that is not kept up to date with all the latest virus information will not fully protect your PC from viruses or may not protect it at all.

Update 01/01/2009: We are very impressed with the very latest version of Symantec's Norton Anti-Virus (the 2009 version) and in particular with Norton Internet Security (again the 2009 version). Norton Internet Security 2009 provides a complete suite of anti-virus, andti-hacker and other security tools to help keep you safe on the internet, and does so without significantly slowing your computer down. It is a huge improvement over all previous versions of Norton Internet Security. More details are available at www.symantec.co.uk.

Note: A few free anti-virus packages are available. There are also free online anti-virus scanners, including the one on our site - click here for our Free Virus Scanner.

2) DO NOT DOWNLOAD software of any kind from a site that appears disreputable in any way. Stick to well-known sites run by well-known companies.

3) DO NOT OPEN OR RUN EMAIL ATTACHMENTS unless you are both expecting them and know the person that has sent them. Read the contents of the email they are attached to carefully. If they say something you wouldn’t expect the person to say, treat the attachment with suspicion.

4) KEEP YOUR OPERATING SYSTEM AND INSTALLED PROGRAMS UP TO DATE. You can use the Windows Update utility to keep your copy of Windows up to date, along with your installed copy of Internet Explorer and Outlook and certain other Microsoft programs. Doing so will help ensure that any security holes in Windows itself or in Internet Explorer/Outlook are closed as soon as possible. You'll find Windows Update installed in most versions of Windows except Windows 95. Alternatively visit http://windowsupdate.microsoft.com.

Third-party tools are also available to scan your system for out of date software. The FREE Secunia Software Scanner is one such tool. Click on the icon below to launch it:

5) Think about installing a spyware scanner such as Ad-Aware from www.lavasoftusa.com. This program searches for adware and other privacy threats and not viruses, but can catch certain things that some anti-virus programs can miss, such as zombie diallers (which are not strictly viruses). See Danger #6 for more information.

6) Install a personal Firewall. Windows XP and later has a basic but serviceable firewall built-in (though you may need to activate it - it is not necessarily active on all your dial-up connections. Please see Windows' Help for more information). More sophisticated and flexible firewalls are also available for download, such as Zone Alarm from Zone Labs (www.zonelabs.com). See Danger #5 (Hackers) section for more information. Firewalls are usually included as part of the package when you purchase a security suite, such as Norton Internet Security (www.symantec.co.uk).

7) Check that the Security settings in Internet Explorer and Outlook Express are not set too low. To access the security settings in Internet Explorer, click on Tools, then select Internet Options, then click on the Security tab in the window that appears: The Medium setting is the default setting and should protect you from most threats. Setting Medium High or High will provide better protection, but may cause you problems when viewing many web sites so is not recommended in most cases.

8) If visiting a web site that is "off the beaten track", do not download any software and do not say Yes if you are asked if you want to allow Windows or Internet Explorer to download any additional components, no matter what "benefit" the website involved might claim they will offer you. Such programs and components often contain viruses or Trojan/Zombie diallers. See Danger #4 for more information.

By following steps 1 to 8 you should be able to prevent most if not all virus and worm infections, and also prevent trojan diallers from being installed on your PC.

On the next page we will talk about Spam (unsolicited email), and how to avoid it. Click on the Go on to next page link below to read about this, or click on the View Internet Security Index link to go back to the index page.

Back to previous page (Index)

Go on to next page (Spam)

View Internet Security index page

NOTE: What we describe on these pages is merely our opinion of what the most important things you need to know and do in order to keep your Internet experience as safe as possible. You should therefore not treat it as a definitive text on Internet security, nor as being necessarily 100% accurate, but instead simply as a general guide.

Advertisement:
Would you like a UK telephone number (including 0207 Central London numbers) that you can divert to almost any telephone number almost anywhere in the world? Click here to find out more.