Ann Arbor Business to Business
Small Business and the Internet

Things That Go Bump on the Internet:
Viruses, Worms, and Trojan Horses

July 1999

By Mike Gould

By now you've read all the stories about the ExploreZip worm, and have updated all your anti-virus software, right? And those of you unlucky enough to have had an up close and personal encounter with it have restored your harddrives from your backups, and then updated your software, right? Right? Oh darn, I see a few shamefaced computer users out there shuffling their feet and avoiding eye contact; OK, time for my annual anti-virus rant and Stern Warning column.

Cyber Epidemiology: Worms vs. Viruses
Here's a good definition of the difference between a worm and a virus, from a 6/14/99 NY Times article by John Markoff entitled " Illness Is Fast Becoming Apt Metaphor for Computers":

"Traditionally, the term "virus" has been used to describe software codes that infect computers by attaching themselves to documents or programs that are passed along. "Worms," by contrast, have been self-propelling, that is, a program sent within the attachment can then send itself along without any action by the person who receives it."

A Trojan Horse is a related entity that arrives disguised as a game or some other innocuous file, hence the name. Play the game, get a virus.

ExploreZip
The ExploreZip worm is considered a worm because once it infects your system, it emails itself to your friends as an enclosure. For this to work, you have to be running Windows (or a Windows emulator on a Mac), and use Outlook or Exchange for email. For those of you Windows users who just got back from vacation and are wondering where all your files went, here's a quick update on the worm: when you are infected, every time you receive an email, a reply will be sent to the sender with the phrase "I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs" in it. The payload of the virus is in the enclosure; the file is disguised as Zip format; when you double-click on it, instead of unZipping, it executes, infecting your system. In other words, don't double-click on anything you get as an enclosure unless you know what it is! In addition to spreading itself via email, it then proceeds to reduce the file size of most of your documents to 0K; you end up with a collection of empty files where your data used to be. The file size trick makes recovery unlikely; you have backed up all your important data to tape or floppies, haven't you? If not, you may be SOL (geekspeak for "Simply Out of Luck, or words to that effect, heh, heh.)

Who thinks up this crap?
Viruses are created by TechnoPaths; evil gnomes festering in their basements with nothing better to do than think up ways to ruin your day. Taking advantage of the multitude of holes, leaky seams and gaping doorways that make up the Windows operating system and Office suite (and to a much, much, lesser extent, the Macintosh and Unix environments), these bastards crank out programming code designed to crash your system, destroy your files, and possibly end Civilization As We Know It. Bad people. If you know one, shoot him (or her). Several times, just to make sure. Are you getting my drift here?

Avoiding infection
1. Buy Anti-Virus software and KEEP IT UP TO DATE! New viruses appear every day, and updated anti-virus patches (updated modular code designed to combat specific new viruses) are available at the websites of the various software companies.

2. Don't open (or unZip) email enclosures from strangers, or even friends unless you know exactly what they are. Contact your correspondent if necessary to verify contents.

3. BACK UP EVERY SINGLE IMPORTANT FILE ON YOUR HARDDRIVE, INCLUDING YOUR EMAIL. Do it now, do it often, make multiple copies of really, really important files, and store a copy off-site. The business you save could be your own.

4. Download software only from sites you are familiar with, and immediately check it with your anti-virus software.

5. Familiarize yourself with the problem; if you are online, you are at risk for everything on your computer, and this is one problem that is not going away. One of the best places to start learning is the Virus Busters' page that the University of Michigan maintains at

http://www.umich.edu/~virus-busters/

This page is mainly intended for the benefit of the UM community, but it is open to all and a goldmine of information.

6. Buy a Mac. You don't have to throw out your Windows boxes, just have a standby machine you can use when the Ultimate Windows Hell Virus breaks out and you have no other means of dealing with your files. Most of the world's viruses are targeted against files and systems made by Microsoft; the ones that are cross-platform are mostly (relatively) minor nuisances such as the macro viruses that attack Word and Excel files on both platforms. Macs can read most Windows files and are splendid email and web tools, just the thing for when your PC is sick and you absolutely have to respond to that email from the client in Hong Kong. Oh yeah, and buy anti-virus software for your Mac; Mac viruses are rare and not very deadly, but they do exist.

7. Don't spread hoaxes and rumors. There are a number of urban legends and other reports of fake email viruses; these cause unneeded panic and waste bandwidth and time. If someone sends you an email warning of a virus, please check with the Virus Busters site first before forwarding the message to everyone you know. They maintain a list of known hoaxes, and can save you the embarrassment of panicking everyone on your email address book. If you don't see the virus you are checking on, please feel free to ask them; they are open to all comers.

Thanks to Bruce P. Burrell of UM Virus Busters, who advised me on some of the sordid details.

MonodoDyne <M> The Sound of One Hand Clicking...
734 904 0659
Entire Site © 2016, Mike Gould - All Rights Reserved