University of Botswana History Department
Computer services pages

Viruses, etc.

History Home Page  |  Site Index  |  Computer services index
Contents

NB: several of the computer services pages include illustrations showing what will appear on your screen as you follow step-by-step instructions. Although we hope these will be useful, the text is intended to contain all the necessary information, so if you find downloading the pictures too slow, then don't bother - they are not essential.


Viruses

For information on any new virus, try the Symantec on-line virus and hoax encyclopedia. This will tell you (in most cases)

  1. whether it is a real virus or a hoax
  2. if it is a real virus, what to do about it

The most common computer virus problems at UB at present seem to be macro viruses in MS Word documents and the Worm.ExploreZip virus.

Macro viruses

Macros are small programs which can be embedded in Microsoft Office applications, including MS Word and Excel. For most users, macros have little real value, but their existence has created a major new problem. With pre-macro word-processors, a document could not contain a virus as it contained no executable code. Now, any MS Word document may be carrying a virus.

To avoid macro viruses:


Worm.ExploreZip

Worm.ExploreZip is a serious virus which, if it runs, destroys all your MS Word files (and some others). It uses email to spread itself, in the form of an attachment. The numerous hoaxes about "email viruses", such as the "Good Times" hoax, may have obscured the point that there is such a thing as virus spread via email, since an email attachment can be any sort of file. (It appears to be impossible for a virus to be spread by a plain text email message, but see below for a type of "email virus" which can infect Microsoft Outlook.)

For a detailed explanation of Worm.ExploreZip, together with information on how it can be removed, see Symnantec's page on Worm.ExploreZip.

Worm.ExploreZip infect Microsoft Outlook, Outlook Express or Exchange and sends out email messages with a virus attachment. The email message itself is designed to fool the recipient into opening the attachment. The message is

Hi "Recipient Name"!
I received your email and I shall send you a 
reply ASAP. Till then, take a look at the 
attached zipped docs.

bye,

The attachment is called zipped_files.exe or zipped_f.exe. As the .exe extension shows, this is not a ZIP file but a program. Opening it will cause it to run.

Once the virus has infected your computer, it finds and deletes a range of files including all .doc files. It will continue doing this as long as it is present. This means that if you are hit by this virus, don't immediately put in your backup disks, as they could be erased as well.

Worm.ExploreZip is not the first virus of its type, and will not be the last. Thus, any message like that sent by Worm.ExploreZip - a generalized message that anyone could have written, without any personal data beyond the names (which the virus gets from the Address Book), and asking you to open an attachment which you are not expecting - should be suspect. In particular the .exe extension on an attachment is an obvious red flag. Unfortunately, some genuine attachments could also have this, if they are self-unpacking compressed files. For this reason it is probably better, when sending email, to use ZIP-compressed files rather than self-unpacking .exe files. Your recipient will then have to use an unzip program to open them. (See the software page for information on how to get free unzip programs from the Internet.)

Treat any email attachment which is is an executable file with extreme caution, as in some email programs (including Microsoft Outlook and Microsoft Internet Mail) double-clicking it can cause it to run. In Windows, executable files can be identified by the .exe or .com extension.


Back to Contents

Backing up

No matter how careful you are, and no matter how good your anti-virus software, there is always a risk of viruses. It is therefore vital that you keep your data backed up. Backing up simply means making spare copies which will be safe if your computer is hit by a virus. Backing up also protects you against other dangers such as your computer being stolen, or destroyed in a fire, or just suffering a hardware crash.

Backing up is very easy. Get some floppy disks. At the end of each day's work, copy all the documents which have been changed to floppies and take the floppies home with you.

There are ways of making this even easier, such as using a compression program such as HJ Zip (see the software page).


Back to Contents

Virus hoaxes

See the CIAC page on hoaxes for extensive information on hoaxes. [The CIAC (Computer Incident Advisory Capability group) is a US government agency, based in the Lawrence Livermore National Laboratory.] Virus hoaxes are rather like computer viruses in that they duplicate and spread themselves, though they do so by fooling human users of computers rather than the computers themselves. They take advantage of the fact that many users are unfamiliar with computers and the Internet, and exploit these users' good intenstions by making them want to warn others.

As a general principle, do not pass on virus warnings which are email chain letters. Of course, if there is a specific virus that you have directly encountered, then it is reasonable to send a message to someone at the same site who might be at risk, but it is not reasonable to send such a message to the world at large. Unless the originator of a warning (as opposed to the person who last forwarded it) is known to you, a virus warning should be suspected of being a hoax. If it is genuine, it should contain unforgeable authentication such as PGP signature or a link to a reputable website (say Symantec) where you can check the information.

If you get a warning and think it might be genuine, check it first. There are several possible ways to do this. These days any major new virus outbreak will be in the news. One quick way to check this is to go to Google news (news.google.com) and type in the supposed virus name: "buddylist virus". In this case you will probably get "Your search - buddylist virus - did not match any documents." (There might be some results if this hoax has been mentioned in the news for some reason.)

Another way is to check with a reputable on-line source. For example, suppose you receive a message warning of a virus called BUDDYLST. Go to the Symantec site, and find their On-line Hoax and Virus Encyclopaedia. Search for "buddylist". You should find a page which describes the Buddylst hoax. Check the details to verify that these are approximately the same as the ones sent to you. You have now verified that BUDDYLST is a hoax, and instead of sending on the hoax to your friends, you can now write a polite note to the sender referring him or her to the relevant information. (NB: a polite note, and preferably not public. The person who sent you the warning was misinformed but was trying to help you, and they do not deserve to be laughed at.) On the other hand, if the warning turns out to be genuine, then you still have to decide whether it is worth warning anyone. There are so many viruses around that it will clog up all the electronic superhighways if everyone warns everyone of every virus! Everyone should be taking the standard precautions against viruses. It may be justifiable to warn colleagues who are at particular risk.

Another way to look up possible hoaxes is to use ordinary Google search, entering (in this example) "buddylist virus hoax" in google.com. You will get a series of results from various sites, the authority of which you can judge for yourself, all indicating that it is a hoax.

Most hoaxes describe supposed "email viruses". Typically, there is a warning that if you receive an email message with a particular subject line (e.g. "Good times") you must delete it without opening it, because opening the message will infect you with a dangerous virus. It has long been held that no such email viruses could exist. This point is explained in the following quotation from the official CIAC site:

1. A virus like program can not spread in an e-mail message. While an infected program could be attached to an e-mail message, the e-mail message itself cannot contain one in any form that could be executed.

2. A virus or Trojan horse program can not infect a system by simply being read. The current mail readers do not execute an e-mail message, they display it on the screen for you to read. You must take care when downloading an attachment to an e-mail message. In some mail readers you can double click on the attachment icon to have it extracted and opened by whatever program created it. If that attachment is a program, it is downloaded and run, and running any program you have not scanned could cause you to be infected with a virus.

Source: "Internet Hoaxes", CIAC web-site, <http://ciac.llnl.gov/ciac/CIACHoaxes.html>, n.d., accessed 7 November 1999.

However, although this is true for the classic plain text email, some modern email programs accept email messages with HTML formatting. Recently a virus was created, the VBS.Bubbleboy virus which makes use of this and which can be caught simply by reading an email message. However, this virus only affects Microsoft Outlook (or Outlook Express) used with Internet Explorer 5. If you are not using those programs it has no effect. Old-fashioned email programs which just read plain text files could not be affected. For more information on this virus see the Symantec page on Bubbleboy and the Microsoft page on Bubbleboy. This virus is only able to operate because of a "security hole" in Internet Explorer 5 which was in fact already known about. You can get a "patch" from Microsoft to correct it. Hopefully this means that no more such viruses will be along - until the next security hole...

As with macro viruses, a largely unnecessary "improvement" has created a huge new problem.

Microsoft states that "To date, the virus only exists in a laboratory setting and has not harmed any customers." (Source: Microsoft page on Bubbleboy) Symantec states that "Currently, Symantec has received no customer reports of this virus. This virus appears to have originated in Argentina and was sent directly to anti-virus vendors by the virus author." (Source: Symantec page on Bubbleboy)

Although - leaving aside this special case - there is no such thing as an email virus in the sense of a virus caught by opening an email message in a normal email program, there is such a thing as a virus transmitted by email - as an attachment. See above.


Back to Contents

Chain letters

Passing on email chain letters is generally discouraged. See the CIAC's page on chain letters for information on this problem.

Many chain letters are also hoaxes. An example is the chain letter which purports to have been sent by Microsoft (or even by Bill Gates himself) for the purpose of "email tracking" and promising a reward for sending it on. For more on this hoax see the CIAC hoax page and a statement on the Microsoft web-site. There are a number of similar hoaxes offering rewards for forwarding email. "Email tracking" of the kind envisaged by these hoaxes does not, as far as I know, exist at present (although email messages can be traced individually).

Are these hoaxes harmless? Some are relatively harmless, although forwarding such chain letters may get you into trouble if you are using a network such as the UB email system (it can be regarded as "junk mail", if not "spam"). But in at least one case there were more serious repercussions. An email circular claiming to link a large company to Satanism led to lawsuits by the company against those it alleged had spread the claims (which were entirely untrue). See a report on this case. So at the very least, think about what you are forwarding.

Other chain letters have genuine origins, but that does not mean you should send them on. For example, some time ago someone at an American university sent out an email petition about the treatment of women in Afghanistan. Signatures were to be collected and returned to the originator. Unfortunately, the volume of email was so high that the computer centre at that university had to close the email account, and so all the signatures sent in are simply deleted unread. The moral of the story is that email chain letters are not a good method for such purposes. Electronic petitions do exist, but are organized by other means, such as web-sites dedicated to the relevant issues.

So, when you get an email message asking you to forward it to "all your friends" - in order to gain money from Bill Gates, defeat Satanism, get a free cellphone, or save the women of Afghanistan, don't. It would be nice if such things could be accomplished by forwarding email, but they can't.


Back to Contents

Scams

Email is also used for various types of confidence tricks. One of the most common is an email message purporting to come from some official in the DRC, saying that he is trying to get some large sum of money out of the country. However, he needs help - the money can't be transferred under his name. Of course, if you helped, there would be a cut for you... If you reply to this the next step is that you are told that first you need to spend some money setting things up. Of course there is no DRC bonanza, they are just trying to get some money out of you. Do not reply to any such messages - delete them at once. If you reply, even if you don't get involved this time, you are likely to be noted as a potential "sucker" for future attempts at confidence tricks.

It is worth noting that the offer, if it were genuine (which it isn't) would probably be illegal, and would certainly be highly unethical. This is a common feature of such scams - the illegality helps cover up the weaknesses in the story, and explains the need for money to be spent first.


Back to top

Copyright © University of Botswana History Department
Last updated 24 August 2006