CADFEM Finite Element Analysis Consultancy, Programming and Algor FEA Sales

Codes used

Examples

Downloads

Virus Avoidance

Help

This document gives general advice relating to the type of email attachments that could cause problems if they were malicious.

It's NOT a definitive document by any means, but it should give you some pointers on things to be wary of.

If you can think of other things to check, then feel free to contact us and we'll include them.

OK, practical tutorial :-)

Try this example.

Copy an executable file (.EXE) and rename it as I-AM-SAFE.EXE (or whatever you wish)

Choose a file that "does something", a good file to copy is the Windows calculator CALC.EXE, found in the Windows\System - or similar - directory.

Use Explorer and double-click I-AM-SAFE.EXE

Q: What happens?
A: It runs.

Now lets assume that I-AM-SAFE.EXE was a hideous virus that destroyed your hard-disk. You would have just infected your machine and probably all others on your network!

You are not Mr/Mrs popular :-)
.

OK, now lets rename it to I-AM-SAFE.DOC.exe

Note that the use of capitals leads you, at a quick glance, to assume that this is a Word document.

Use Explorer and double-click I-AM-SAFE.DOC.exe

What happens? It runs. Again you are infected.

The last extension .exe shows you the file type. It has been put in lower case so that you will overlook it.

OK, rename it to I-AM-SAFE.DOC.bat . You will get a message saying the file may become unusable - ignore it and continue.

Double-click it and it STILL runs. Doah, you are infected again!

OK, rename it to I-AM-SAFE.DOC.com . You will get a message saying the file may become unusable - ignore it and continue.

Double-click it and it STILL runs. Doah, you are infected yet again! Doah!

This next one is nasty. Rename the file to I-AM-SAFE.DOC.pif. Note that it appears in Explorer as I-AM-SAFE.DOC (no .pif extension). Also note that the icon associated with the file is an MS DOS icon and not a Word icon as expected - this should set the alarm bells ringing.

You know what's coming, double click it and, yes, it runs yet again.

Lets look at some other extensions.

Recopy CALC.EXE and rename it to I-AM-SAFE.TXT

Double-click it.

What should happen is it will be loaded into Notepad or Wordpad. The program HASN'T run and you are OK.
What you will be looking at is the actual contents of the binary executable file, "the strange characters".

So taking a file into a text editor is OK

Unfortunately renaming it to I-AM-SAFE.TXT.pif, as above, makes the program appear as I-AM-SAFE.TXT in Explorer BUT it will run if double-clicked - again, look for that DOS icon instead of the "normal" text icon.

Advice

The best advice is NOT to double-click files obtained from ANY source unless you are 100% sure of it's origin.

It is possible for a virus to send an email to you from one of your friends using your details stored in their address book.

Look at the contents of the email (NOT THE FILE ATTACHED).
Have they used your Christian name in the email?
Does the language they used seem strange -"this is not how my friend Bill talks" etc?
If you have ANY worries then DELETE THE EMAIL.
You could always consider sending your friend a quick email for their confirmation (DO NOT JUST HIT THE REPLY BUTTON) - create a new email and send it to them.

ALWAYS look at the last extension to see what the file actually is, but beware of the PIF extension hiding itself.

Files with DOS icons and familiar extensions (.DOC .TXT etc) should be treated with caution.

If you MUST open a file then open it in Notepad (via File Open ----- NOT NOT NOT by double-clicking).
If you see what appears to be garbage, but the extension is .TXT, then its a binary file and may be suspect.
Ask yourself why does a, supposedly, ASCII text file contain binary information? Very suspect!

Turn off the "hide known extensions" option in Internet Explorer "Tools - Options - View Tab"

Extensions such as .COM, .EXE, .BAT, .CMD, .VBS, .JS, .JSE, .WSF, .WSH, .PIF, .LNK could cause trouble - be careful

Obviously good virus detection software is a must, but the best defence is probably to be aware of how viruses spread and don't get your machine infected in the first place.

For further info check out the following

Shawn Halls' essay on viruses - excellent

Also check out the various virus scanner vendor sites (see Shawns' essay above)

Finally, and importantly, many thanks to the guys at ICCON, The Algor User Group, and the VB User Group for tips on this subject.