Wednesday, April 30, 2003

About email worms

I was on a message board the other day and someone had gotten an email from someone they knew, but it turned out the email was spoofed, generated by a email worm, while he opened the email, he did not open the attachment, because the person who sent it usually writes a bit more that "check this out". So he asked what is a worm, how does it work, and what can you do to prevent this. Being that I have some knowledge on the subject, I posted a response that I thought may be helpful to the novice, and I thought I should post it here also:

There is really no "easy explanation" as to how an email worm works, but I hope this helps. The worm is a program, just like your internet explorer, MSword, Excel, Resident Evil or solitaire, once the program executes it can pretty much do anything to your PC, read, write, delete, execute other programs. If you use MS Outlook, your address book is stored in a folder and its always in the same place on any PC, so the worm knows where to look and can read it. Furthermore each address entry has a specific format so the worm can sift though the file and knows what is an address and what is not. The same goes for ICQ, and your browser cache. Knowing this, the worm can now execute your email program and send a replica of itself to all the addresses it found.

As for the second part, again there is no easy answer, one way you can possible verify whether an email is actually from the person is to look at the email header, and verify that the mail server is the same as the persons email account, if you get an email from and the header says the email server was and not the Hawaii road runner mail server then it may be falsely generated. Of course no one does this on a regular basis, the cold truth is there is no easy way to verify the sender is legit or from an infected PC. You can usually safely open any email you get, although there are some sophisticated worms that can execute when opened, the vast majority need you to open the attachment to execute, you need to have anti-virus with an email checker to scan the attachment.

Suggestions on prevention: spend $30 for anti virus software and update it on a regular basis. Get the most current updates of Outlook and Explorer. There is a setting you can turn on that will check if you have the most current version. Better yet don't use MS outlook at all, hackers know it's the most popular email program and write their virus specifically for outlook. That preview window in outlook is the same as opening it and as stated above there are some rare, smarter worms out there. Use an internet email like yahoo, hotmail, or pay $5 a month to subscribe to a messaging service like NetAddress, your address book resides on their server, and they always have the latest virus preventions. Or you can buy/download an email program that has public-key cryptography, like MailSafe or PGP which allows you to sign an email with an electronic signature that guarantees the sender is who it say its from. This also has the advantage of having the address book in a format that the virus may not be able to read. (emphasis on may not). Delete your cookies and temporary internet files and delete your history, on a regular basis, you may have to do more typing but you won't leave a trail of addresses that can be easily found.

Also very important: another way of being infected is if you have roadrunner or DSL. You MUST, repeat MUST, get a firewall installed or you will in all likelihood get infected from there.

No comments: