misterhy
03-28-2004, 05:42 PM
My nephew, who is an IT professional sent me this e-mail today about computer virus. I felt it was important enough to pass on.
Virus
Writers Try New Tricks
The recent release of the Mydoom, Netsky, and Beagle (Bagle) e-mail worms
and their variants have shown us some of the new tricks that virus writers
are using.
At the core of all e-mail worms is a "social engineering" tactic that is
used to entice you to click on a link or run an attached file.
E-mail Addresses: Two of the Beagle variants send e-mail that appears to be
from an official e-mail address - like management@
<mailto:management@fyi.net> fyi.net or support@ <mailto:support@fyi.net>
fyi.net - when in fact they are fraudulent. This is called "spoofing" and
has become very common. If you see an e-mail from what you think is a
legitimate source, you would be more likely to follow any enclosed
instructions, right? That's their game plan, so beware.
E-mail Content: Additionally, the subject and content of the message itself
can be customized and of a subject matter that will bring about an emotional
response. Something like "Your e-mail account is being disabled" or "Your
account will be terminated" would surely grab your attention.
These new worms have also implemented a new way of avoiding many virus
detection techniques.
Anti-virus Detection: In the vast majority of viruses, the viral attachment
is in plain view so your antivirus software can (as long as it is kept up to
date!) detect and remove the virus before it can do harm.
Issues with Zip Files: Beagle will sometimes hide the virus file within a
password protected Zip archive file. A Zip file is simply a way to package
and compress files for efficiency and size considerations - think of it as a
vacuum packed pillow. The pillow is big and fluffy to start with but place
it in a plastic bag, suck the air out, and you're left with a flat, easily
storable item. Many antivirus scanners can scan inside Zip files as long as
they are not protected. Beagle locks the Zip file with a password that the
user must enter to open the archive and run the attachment. Hence, the virus
scanner can't get in to scan the file.
Below are some tips that may help identify fraudulent or virus generated
e-mail:
* Be wary of the "From" and "Reply To" addresses you see as they can
be easily forged
* Watch out for e-mail content that has many misspellings,
grammatical errors, or strange language - especially if the e-mail wants you
to do something like click on a link or open an attachment.
* Never open an e-mail attachment without first knowing what it is.
Make sure your antivirus software scans your e-mail and even then some
things might get through. If the sender appears to be someone you know,
confirm that they actually sent you the e-mail before running an unknown
file on your machine.
* Similarly, be careful when clicking on weblinks in e-mail -
especially if the e-mail looks suspicious to start with. These links can be
disguised to make it look like you are going to one website but it really
takes you to another that may even place virus-like files on your computer.
A good suggestion would be to hand type any web address in the address bar
so that you avoid being mislead _
Hy
Virus
Writers Try New Tricks
The recent release of the Mydoom, Netsky, and Beagle (Bagle) e-mail worms
and their variants have shown us some of the new tricks that virus writers
are using.
At the core of all e-mail worms is a "social engineering" tactic that is
used to entice you to click on a link or run an attached file.
E-mail Addresses: Two of the Beagle variants send e-mail that appears to be
from an official e-mail address - like management@
<mailto:management@fyi.net> fyi.net or support@ <mailto:support@fyi.net>
fyi.net - when in fact they are fraudulent. This is called "spoofing" and
has become very common. If you see an e-mail from what you think is a
legitimate source, you would be more likely to follow any enclosed
instructions, right? That's their game plan, so beware.
E-mail Content: Additionally, the subject and content of the message itself
can be customized and of a subject matter that will bring about an emotional
response. Something like "Your e-mail account is being disabled" or "Your
account will be terminated" would surely grab your attention.
These new worms have also implemented a new way of avoiding many virus
detection techniques.
Anti-virus Detection: In the vast majority of viruses, the viral attachment
is in plain view so your antivirus software can (as long as it is kept up to
date!) detect and remove the virus before it can do harm.
Issues with Zip Files: Beagle will sometimes hide the virus file within a
password protected Zip archive file. A Zip file is simply a way to package
and compress files for efficiency and size considerations - think of it as a
vacuum packed pillow. The pillow is big and fluffy to start with but place
it in a plastic bag, suck the air out, and you're left with a flat, easily
storable item. Many antivirus scanners can scan inside Zip files as long as
they are not protected. Beagle locks the Zip file with a password that the
user must enter to open the archive and run the attachment. Hence, the virus
scanner can't get in to scan the file.
Below are some tips that may help identify fraudulent or virus generated
e-mail:
* Be wary of the "From" and "Reply To" addresses you see as they can
be easily forged
* Watch out for e-mail content that has many misspellings,
grammatical errors, or strange language - especially if the e-mail wants you
to do something like click on a link or open an attachment.
* Never open an e-mail attachment without first knowing what it is.
Make sure your antivirus software scans your e-mail and even then some
things might get through. If the sender appears to be someone you know,
confirm that they actually sent you the e-mail before running an unknown
file on your machine.
* Similarly, be careful when clicking on weblinks in e-mail -
especially if the e-mail looks suspicious to start with. These links can be
disguised to make it look like you are going to one website but it really
takes you to another that may even place virus-like files on your computer.
A good suggestion would be to hand type any web address in the address bar
so that you avoid being mislead _
Hy