University of Botswana History Department

Viruses and attachments

New dangers
History Home Page  |  Site Index  |  Computer services index

Viruses and email attachments

There is now a major problem with viruses being propagated by email. (See our page on viruses and on how and why to avoid attachments.) Since a plain text email message cannot itself carry a virus, such viruses are transmitted as attachments. Many such viruses use the rather vulnerable Microsoft Outlook program to send messages to addresses in the address-book, with plausible-sounding titles. An attachment, disguised to look like a document to the recipient, will carry the virus. The message is designed to fool you into double-clicking the attachment, which (if the attachment is an executable file) causes it to run.

Until recently, it was generally possible for the cautious user to see by the file extension that the attachment was not what it pretended to be. For example, the Worm.ExploreZip virus sent an attachment with the file name "zipped_files.exe". The .exe extension showed that this was not a ZIP file, but an executable. Others had file names like "whatever.txt.vbs" - the ".txt" could fool you into thinking it was a text file, missing the real extension ".vbs" (Visual Basic Script i.e. executable). It is important to set Windows so that it does not hide file name extensions.

(There are also macro viruses embedded in MS Office binary files such as .doc Word documents. These are often sent as genuine attachments. Moral: do not trust MS Office binary files and do not send them as attachments unless it is absolutely necessary. See our page on why and how to avoid email attachments.)

The latest version, however, has found a way around this. It takes advantage of the fact that Windows hides the extension ".shs" even if you have set the Windows Explorer to show all extensions. The "life stages" virus sends an attachment with the filename "LIFE_STAGES.TXT.SHS". .SHS indicates a "Shell Scrap Object" file, which can be executable. Outlook and the Windows Explorer will show this as "LIFE_STAGES.TXT", which thus seems to be a genuine and harmless text file. But double-clicking it runs a virus script.

It is possible to force Windows to show the .SHS extension. To do so, however, requires editing the Registry, which is not recommended unless you are confident you know exactly what you are doing. Also, some networks are taking precautions such as refusing to transmit .SHS file attachments.

Otherwise, this development means that, for Windows users, all email attachments must be regarded with suspicion. Even if you think it is an expected attachment, there will be a risk. Already some viruses use information in the email program to create messages that look plausible (e.g. by using a recently-used subject line). Educate your colleagues into using the email message body, not attachments, for all normal messages.

Back to top

By Bruce Bennett, email bennett@mopipi... [Click here for full email address]

Copyright © 2000 University of Botswana History Department
Last updated 20 July 2000