2004-03-09

Home About Us Accounting Payroll Taxes IT Consulting Site Index

Viruses, Worms, Trojans, Oh My!  

By: Dirk J. Hedlund
Originally Posted: March 09, 2004
Updated: March 10, 2004

    New viruses are discovered every day.  It's a fact that isn't really news to anyone, since it's been going on for a long time.  Recently, however, virus writers have been working overtime to update their "code."  New variants of the quick-spreading Beagle and Netsky viruses  have been plaguing our email of late.  Now there is another threat, in the form of a new variation of the Sober virus.

    Sober masquerades as an email from Microsoft with a security patch for your system.  Don't fall for this trick!  Microsoft never attaches files to their email messages.  If you want to verify the authenticity of a message that may be from Microsoft, you can check out their guidelines here.  You can also check out their policies on software distribution here.

    Don't forget the general rule for email security: Don't open unexpected attachments!  This includes attachments from people you know.  That's because a virus these days will often "spoof" the senders name, or pretend to be from someone you know.  You don't really know where the file came from, unless you have some way of authenticating the sender.  Even if you know for sure that the sender is legitimate, how do you know their system isn't infected with a virus?  Play it safe, don't open attachments.

    So what if you need to open a file attachment?  Let's say a coworker sends you a file that you were expecting, how do you make sure it's safe?  Assuming you trust both the sender and the apparent contents of the file, you should follow these simple steps:

1)    First of all, you need to make sure your antivirus software is running and has the most recent set of definition files.  Most antivirus software can update itself through your Internet connection.  I recommend checking for updates every day.

2)    Save the attachment to a file on your hard drive.  Some antivirus programs have trouble removing a virus while it's inside your mailbox.  Other programs can't scan your email at all.  Opening a file directly could cause your system to become infected, effectively bypassing your antivirus software.  By separating the attachment, you give your antivirus software a better chance at identifying it correctly.

3)    Now that you've saved the file to your hard drive, scan it manually.  This can usually be done by right-clicking on the file and selecting the scan option.  Some clever virus programmers have figured out how to disable the "real-time virus scanner" part of a lot of antivirus software.  That's the part that scans files as you write them to the hard drive.  If you're antivirus software was working properly in step 2, it should have scanned the file once already.  Just in case it wasn't working or somehow wasn't configured properly,  manual scanning is a way to be sure the file is safe.

4)    If no viruses were found, it's probably safe to open the attachment.  (Yes, I said PROBABLY.)  The problem is, your antivirus software, even with the latest updates, might not be up-to-date enough to catch a brand new virus.  Antivirus companies need time to detect new viruses, define methods of detection, and distribute their updated definition files.

    Email isn't the best way to move files around, anyway, and not just because of the virus issues.  Many attachments aren't compressed, so they take up a lot of bandwidth to send, and take up a lot of space to store in your mailbox or on your email server. 

    Let's say you're working on a Word document that needs lots of revisions.  You send it to your boss, she edits a few things and sends it back.  You think of something else to add, and you send it to her again.  Now you have 3 copies of what is essentially the same file in your mailbox, taking up lots of space.  Your boss has copies in her mailbox, too.  So, really you're taking up twice as much storage space as you thought.

    Instead of all that, save the document on a server or a shared folder (watch your security) and send a link to that file.  Now you can make changes all day, without wasting a lot of space in your mailbox.

    Update (March 10, 2004): Several of my clients have asked me about email messages they've recently received.  These messages appear to be from their ISP and claim that their email account has been disabled, or that a lot of virus were detected coming from their account.  The messages also contained an attachment, sometimes password protected, that claims to be a free antivirus program.  Folks, don't fall for this.  This is pure social engineering to trick you into infecting your system with a variant of the Beagle virus.  Delete these messages immediately!

    You should always run up-to-date commercial antivirus products such as Norton Antivirus (Symantec) or McAfee Antivirus.  (Along with a firewall and patching your system.)  If you can't afford antivirus software at home, please check out our links page for some free alternatives.

    Dirk Hedlund is a computer consultant with Klatt & Associates, CPA, PC.  He can be reached at , or by calling (515) 232-5642.

Back Up

Copyright ©2003-2006 by Klatt & Associates CPA PC. All rights reserved.

Comments or Questions?  Please contact our at
See the browser compatibility notes here.