Email Viruses

If I tell two friends, and they tell two friends, and so on, and so on…

– Faberge shampoo, Television commercial, 1970’s.

You should always run the latest version of a virus protection program and configure it to scrub your email attachments as they arrive before you open or read them.

Information about virus types, protection, and related issues is provided in the Internet viruses section. With respect to email specifically, if your email application is relatively up to date, and you are running a good virus protection program, then your email connection should be fairly safe from accepting or transmitting viruses. Nevertheless, there are enough vulnerable computers on the Internet that email is still the main transmission channel for viruses around the world. Email viruses spread in two main ways:

  • Attachments. Viruses commonly hide in programs sent as email attachments, and run when the user double-clicks on the program to start it. Therefore, you shouldn’t run programs received as email attachments unless you have a virus protection program running and the attachment is from a trusted source.

    For example, a greeting card program forwarded from a friend of a friend is not from a trusted source, and there is nothing to stop it from running malicious system programming code behind its animated presentation once you start it running on your machine. You should also be wary of opening documents that might contain scripts and macros (see below). Some attachments will have two extensions to try and trick you into believing they are just a harmless data file and not a program, such as “coolpicture.jpg. exe”.

  • Scripts. One of the first script viruses was a MIME virus that attacked older versions of programs like Netscape Mail, Microsoft Outlook, and Eudora, and could under certain rare conditions run a damaging program as soon as the email was simply opened. In a variation on an old hacker technique, the attached MIME file was given a very long name that then triggered a bug that allowed the end of the name to be run as a series of instructions, which could then be written to do damaging things to your computer. However, these early viruses remained theoretical, and a fix for the bug was quickly developed by email program vendors.

    However, Visual Basic (VBasic) script viruses became very real, and have continued to do considerable damage across the Internet. VBasic is a very flexible and deeply powerful program development environment used by Microsoft for their operating system, office automation, and Internet applications. This means that VBasic viruses can run from anywhere in the Microsoft software architecture and affect the entire system, from email to operating system, giving them unprecedented reach and power.

    The first widespread VBasic virus was Melissa, which brought down several of the largest corporations in the world for several days in late March 1999. Melissa traveled in a Microsoft Word document and was triggered when the document was opened, opened the associated Microsoft Outlook email program, read the user’s email address book, and then sent copies of itself to the first fifty names. This clever architecture was quickly followed by many variants programmed by hackers around the world, including the KAK virus that triggered as soon as an email was opened, and the BubbleBoy virus that triggered as soon as the email was viewed in the preview pane.

    If you upgrade your email program once and awhile, and run a virus protection program with an automatically updated database, then you should be safe from most script viruses. Also, select “No” if a document asks to enable macros when you open it, especially if you don’t know who wrote them.