By now, most everyone using email should be realize that there's high risk in running "executable" attachments received by email. If it comes to you with an ".exe" file extension, as the PrettyPark and Happy99 virus/worms did, then you had better not "click" on the attachment until you're pretty darn sure you know it's safe.

The same is true for Microsoft Office files such as ".doc" and ".xls" too.

The Trick:

Many of the newer viruses are actually "worms" - which simply means they spread themselves without the need of human assistance. Most commonly, they use the Outlook Express email address book on an infected machine to email copies of themselves, automatically and without the actual user's knowledge.

Thus, the old advice of not executing attachments unless you know the sender is of no use, as you WILL know the sender in these cases!

The new advice is that you shouldn't run or read any of the above attachments unless you've scanned your disk with a good, and frequently updated, anti-virus program.

Another Trick:

Knowing that more and more email users understand the above advice, virus writers have become even sneakier and are now commonly naming their damaging files with "fake" or misleading file extensions.

One of the newest to hit the Internet is the "Cool Notepad Demo" virus which comes with the attachment: "COOL_NOTEPAD_DEMO.TXT.vbs" and upon first glance many will assume this is a harmless text file when they see the ".TXT" in the file name. Unfortunately, this is not the case.

Notice that the file name is all capital letters EXCEPT the ".vbs" at the very end. The file is actually a Visual Basic programming code (and as such, very capable of spreading viruses) that's pretending to be a harmless text file.

The use of capital letters and the commonly recognized ".txt" make this an effective way to get recipients to run damaging attachments.

I've also personally seen this trick used to make you think you're receiving a photo with a ".JPG" used in an attached file name (in capital letters) when it was really an executable file. In this case, the file actually ended ".exe" extension, all in lower case.

So, the new advice here is to carefully read the entire name of any attachments you receive to make absolutely sure that any text files (TXT), photos (JPG) or Adobe Acrobat (PDF) files you receive (which are all generally safe) are what you think they are.

Remember, what the file name ends with is what it actually is. If it ends with a .vbs, .exe, .xls, or .doc then it is capable of spreading viruses and needs to be scanned with anti-virus software.

It Gets Worse

In the past, we've always focused on simply warning against "clicking" attachments as that's what viruses needed to have happen in order to launch themselves.

But, it's official, there are now viruses that can spread themselves without relying on the recipient having to run an attachment at all!

The "VBS.Kak" virus/worm exploits a security flaw in Outlook Express that allows it to attach itself as a signature and it delivers a file named "KAK.HTA" which can be executed by your web browser, thereby infecting your machine without your knowledge.

However, this can only happen without your clicking the attachment if you're using a vulnerable version of Outlook Express to access your email.

If you are then do either of the following:

1) Get the security patch at Microsoft's web site: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp

2) Change to another email program, such as Eudora, which is not vulnerable to this latest trick.

In either event, even if your email program doesn't automatically execute and ".hta" attachment, you would still infect yourself it you clicked on the attached file yourself.

Thus, the latest advice is that you shouldn't run attachments you receive that end in the previously described .exe, .xls, .doc, .vbs or the new .hta extensions without first scanning them with anti-virus software.

It's getting complicated out there, isn't it?

For more information on viruses or anti-virus software visit any of the following sites:

• http://vil.mcafee.com
• http://www.cai.com
• http://www.symantec.com/

Published: June 1, 2000

Use of this article without permission is a violation of federal copyright laws.