If You're Suspicious of an Email Examples of the Netsky Worm The Other Sort of Virus
I'm glad that I wrote this article, because today (10/5/05) I saw, in my Mailwasher box, a virus-laden email with my own address as "sender". If my name is in your address book, PLEASE make sure that your anti-virus software is up-to-date!
If you don't have any anti-virus software, go to download com and get yourself the free version of AVG. I haven't used it, but there are reviews on the page. Alternatively, you could go to the Grisoft site and read about the full product.
Imagine mass-mailing viruses in human terms.
An unpleasant person has some piece of propaganda or scandal they want to be read by as many people as possible. They type their message on a single sheet of paper, then make 499 photocopies.
They fold each copy and put it into an envelope.
Then they go in search of an address book. They might break into a private house, or they might grab one from a doctor’s office when the receptionist isn’t looking. By whatever method, they steal someone else’s list of names and addresses.
Now they make a set of labels saying “from” and giving the name and address of the first person listed in that address book. They attach one of these labels to each of the envelopes.
They sit down with the address book open and address one envelope to each person in the address book.
They then stamp all the envelopes and drop them into a post box.
Each recipient will naturally assume that the letter is from the person whose name and address are on the “from” label. If they don’t recognise the name, they may put it back into the post endorsed with “Return to Sender”, or they may throw it away. Some will open it, glance through it, decide that it’s rubbish and then throw it away. A few will contact the “sender”, who’ll deny having sent such a letter.
That’s probably as far as things will go, in human terms. The perpetrator can, of course, repeat the performance, using the second address on the “from” labels, but there are obvious limitations. Paper, ink and envelopes all cost money, and it takes time to do all of that writing.
Instead of one address book, the mass-mailing worm helps itself to hundreds of address books. Every time it is released into an unprotected computer, it searches for and finds names and addresses. It chooses one email address and sends a great stack of virus-laden emails “from” it. Then another and another and another.
Because of the numbers involved, people don’t very often recognise the name of the “sender”, but when the evil email appears to be from someone that they do know, the usual and natural reaction is to say to that person, “You have a virus. You sent me an infected email”.
They didn’t. Someone who has your address and the address of the supposed sender has been infected, and the email came from their computer, not from the “sender”, so don’t blame that person—and remember, since your email address is also in the infected computer, someone is possibly receiving an infected email with your name as the sender.
Of course there are still the standard, almost old-fashioned viruses about: the kind that come hidden in a supposed screensaver, a document or a piece of music. Generally they’re designed to do something bad to your own computer, but for propogation they depend on your actually sending them—or some other file that’s caught the infection. Those come with genuine emails.
If, when you virus check an attachment you’ve just received, you find that it’s infected, you should notify the sender. You should also remind them to virus check each and every item they download or receive through email. Whether an attachment comes from your most computer-literate friend or from your sweet old aunt, you always check it. Always. Every time. Never miss—because maybe, just this time, they forgot.
You may like to read the general discussion on computer viruses and how to avoid them.
Over the last month I've seen many Netsky emails sitting in MailWasher. Subjects have mostly been variations on “Undelivarable Mail”, “Returned Mail”, or “Request for Protected Mail”. The last was in a letter with a genuine address that I recognised—i.e. it seemed to be from a friend. Some have been “Your Document” or “Is This about You?”
“Senders” have included “Mail Delivery System”, the name of a very reliable anti-virus company and a lecturer at an educational institution I attend.
MailWasher shows me the beginning of each email, and here are some of the messages inside. “You've been infected with a virus. Please run the attached file to clean”, “Here's the document”, “Please read the attached instructions”, “Guaranteed virus free”.
1. A very simple procedure is to go to Google and type the words of the subject—within quotes—followed by the word virus and the word Symantec. Symantec has a long list of subject lines and messages. Almost every one I checked was on it.
2. You can read Symantec's page about Netsky
3. If you feel uncomfortable about a particular email anyway, don't download it (or at least, if you don't use MailWasher or another filtering system, don't open it.) If you feel that it really may be from the person whose name is on it, email them and ask them if they really sent it. It's easy to ask someone to send again.
And please remember to keep your anti-virus program up-to-date. Don't be the person whose address book is used.
Return to top
Drop-Down Menu from Brothercake
Page updated on