You can find a lot of things in your email. You can find mail from a friend, mail from your lover, mail from your boss, or very friendly mail from somebody you do not remember knowing. Do you think of email viruses when you see it even has a nice attachment he wants you to open? There must be some goodies in there, right? Well, there is something there, but certainly not goodies, unless you like Trojan horses, worms, and computer viruses. This is how email viruses spread and because people tend to be very curious and open the attachments, these programs spread at amazing speeds.
For example, the Melissa virus, created in March 1999 was simply astonishing. It is a fairly simple email virus but manages to spread at alarming speeds. It all started when the virus creator placed an infected Word file on an Internet newsgroup. The first computer to open it became infected and sent 50 Word infected Word documents to the first 50 contacts in the email contacts list. This went on an on until hundreds of thousands of PCs were infected. Some major companies even had to shut down their email systems to get rid of the incoming mail.
Let’s look at hotcfarmersmarket.com another example of email viruses. This worm can deliver a very nasty payload. It mails itself by using Microsoft Outlook Express, Outlook, or Exchange. The strange fact is that it sends itself by replying to unread emails in the inbox. Once the user opens the executable, the virus is unleashed and starts to search hard disks for Windows installations. It will even attempt to search on computers that are on the same network. When it finds a valid copy of Windows, it copies itself in the \Windows folder. Once this is done, the virus begins to modify the computer’s Win.ini file. When the worm delivers its payload, any file that has one of the extensions .h, .c, .cpp, asm, .doc, .ppt, or .xls will be destroyed. It will destroy them everywhere, from your hard drive to the other computers on the network. It continuously delivers the payload until it is removed.
Please note that the worm is sending itself through the attachment zipped_files.exe. Indeed, there are instances when zipped files can have the .exe extension (self-extracting archives). However, these are very rare. Be on the lookout and never open unknown executable files. One more thing you should know is that the worm’s name in the /Windows directory is Explore.exe or _setup.exe. If you encounter these files there, it might be a sign of infection. Do not delete them until you are certain it is the worm. By modifying the WIN.INI or even the registry, the worm makes sure it is launched whenever Windows is launched. And, once it is launched, it delivers its payload again.
A Few Things You Should Know About Email Viruses
First of all, although it might seem that these viruses have the sole purpose of replicating themselves and spreading to as many computers as they can, this is not the case. Email viruses contain and deliver payloads just like any other computer virus. For example, there are some viruses that simply rename some files, there are some that encrypt entire hard drives, and there are some that delete all of your hard drives.
Antivirus software can prevent email viruses from infecting your computer. However, without frequent updates, this defense is worthless. New email viruses appear every day. Think of it this way: it takes minutes for a new virus to spread worldwide and it takes hours for an antivirus company to create an efficient method of preventing and deleting it.
You can prevent email viruses from infecting your computer by implementing some rules and following them to the letter. If you apply the latest patches and keep your antivirus up to date, you should be protected a least until the next generation of email viruses.