CeePrompt! Computer Connection

Originally published August 20, 2001

Be on high alert for virus attacks

It's time for a periodic "booster" column to remind readers to be on high alert for computer viruses.  There's a nasty strain circulating worldwide that's attached to email and appears to be sent from a familiar source. First reported in July, the W32/Sircam worm is propagating so rapidly, that the Symantec AntiVirus Research Center has upgraded it to a Level 4 virus threat.

W32/Sircam is particularly malicious and has the potential to delete all the files on your hard disk. The worm attaches itself to a random document on your hard disk and sends itself to all the addresses it can find in your email program so that the file appears to come from you. It can lie stealth and be triggered either by the date October 16 or by the attached file contents.

In past columns, I've warned against double clicking on any file attachments that end in .exe or .vbs.  You can now add another extension to that warning list: .pif Program information files, or PIF, are normally used in Windows to store startup information for DOS programs, but any executable file renamed with the .pif extension will run when the user double clicks on the attachment icon. It's a way for hackers to disguise the .exe extension.

I've received this attachment from at least a dozen sources, some familiar and some random. The body of the email always has the same message: "Hi! How are you? I send you this file in order to have your advice See you later. Thanks."  The PIF attachment has the same name as the subject text, which differs in each instance.

The first message came in July from "Jennifer" with the subject "Please review". Since I routinely do business with a numbers of "Jennifers", I almost opened the file but balked at the unfamiliar file extension on the attachment and immediately deleted the post.  The next email with the same body text came from a trusted business associate who had no idea he had propagated the virus. I even found infected attachments on my parent's computer that were almost executed because they appeared to be from a local arts organization with whom my mother regularly corresponds.

After Norton did a routine virus definition update, most of the infected messages that I continued to receive were intercepted by Norton's email scan. A few slipped through, but I manually deleted those. 

Let's review the basic steps to protect yourself from computer viruses: Insure that you have virus protection installed on your computer. I prefer Norton AntiVirus because of its LiveUpdate feature, but McAfee is a good product as well.  Insure that you have the latest virus definitions installed on your computer. It does no good to install anti-virus software if you don't regularly download the latest inoculations. W32/Sircam began pillaging in July of this year and if I didn't download the latest virus definitions from Norton, I wouldn't be protected against this strain. Virus programs can be scheduled to automatically retrieve the latest updates.

Only open file attachments that you've requested or are expecting. Never open any attachments that end with .exe, .vbs or .pif.  If you don't see the file extensions on your computer, change the View settings as follows: Open My Computer | Click View | Folder Options | View Tab | Disable the check mark next to the option "Hide file extensions for known file types". 

Finally, since most of these viruses exploit holes in Microsoft-based products, run the Windows Update utility to insure that you've downloaded all the patches provided by Microsoft to remedy the vulnerable programs.