What Are Email Viruses?

Computer Viruses, and particulary the kind that travel through email have been a big big problem in the last year. That's especially true for us and companies like ours because our email addresses end up on 10's of thousands of computers. Because we're a game company that gives out free demos of our games, anyone with a download of ours or who's visited our webpage or emailed us a support or sales question will have our contact information listed somewhere on their machine. The results can sometimes be disasterous with 10's of thousands of emails arriving on our servers in a matter of only a few hours. On top of that these viruses play tricks with email to make it look like we're the ones sending the virus so we also get complaints and messages telling us we have a virus (we do not) and returned emails automatically sent rejecting letters that aren't really from us. It takes a long time to filter them out and clean them up. It's something we never had to deal with only a few years ago and yet now I have to spend a few hours every month dealing with a new virus, installing virus checkers, filtering out viruses and so on.

This article is a general interest article to help anyone who's unclear about these sorts of viruses. If you're not a computer expert this should help you recognize the viruses and understand how they work, and therefor help you avoid infection with the various computer viruses. I'll be speaking specifically about e-mail style viruses. That is... those viruses that arrive as an email and get sent out as emails.

The term virus is used because in some ways a computer virus shares the same behaviour a biological virus. In terms of our body and health people get sick from germs. Germs is a general term describing two sorts of microscopic organisms or particles. There are bacteria and viruses. Bacteria are living things like very very small bugs, and viruses are tiny particles with some traits of living things, but they sometimes aren't considered alive in the same sense that a bird or cat is alive. One thing that differs a virus from other living things is that viruses require a host to reproduce. That is... without your body a virus can't reproduce and spread to other bodies.

Like a biological virus a computer virus enters your computer and then uses the computer to make copies of itself and then tries to pass those copies onto other computers.

One of the first things to understand about computer viruses is that in order to do what they do they must be able to tell your computer to do something. On your computer hard drive we could classify everything you have into two broad categories. There are Programs, and Data. Programs actually operate the computer. They make the computer do things. Examples of programs are things like Windows, Microsoft Word, or a computer game. The 2nd category is data. Examples of data are, a text file, an mp3 music file, or a JPG image. Data can never contain a virus because it doesn't tell the computer to do anything.(some tricky exceptions - see below) But basically because a JPG image file is not a program it cant tell the computer to make a copy of itself and pass the image on to another computer. At no time does the image tell the computer anything. It's just a bunch of colors. It has no life of it's own. All viruses are programs.

Programs normally have a filename that looks something like "program.exe" -- the .EXE at the end of the name means "executable" which is essentially the same thing as a program. (i.e. something that executes instructions, or in plain english something that tells the computer to do things.) But in practice it's difficult to tell whether a file is a virus unless you know all the sorts of files that can execute instructions. Often we can tell which files can execute instructions by looking at the file extension (the thing after the last dot), but in newer windows operating systems the file extension is often hidden, and on top of that virus makers have gone to great lengths to use tricks. For instance a file might be called

"fun.jpg                 .exe"

The file looks like a harmless jpg file, because the real extension is hidden by a number of spaces in the filename. Many mail programs will only display the first 10 chars or so of the file attached so you never see that there's an EXE at the end and accidentally open it thinking it's safe. There are other file extensions that are less well known like .doc, .scr, and .pif which are commonly used to run viruses. As a general rule of thumb you want to be very careful opening any files that have names that end in .SCR, .EXE, .PIF, .DOC, .XLS - and in general you should be very wary of any attachments sent to you which are 40k -150k in size.

Note that I said .doc and .xls in my list of suspicious attachments. If you use microsoft word or excel you might recognize these files as data. If you're astute you might be saying to yourself... but isn't a document file or an excel spreadsheet file DATA? The answer is yes, except that in order to accomodate many features that people wanted Microsoft eventually added the ability for these files to contain macros. Macros are a sort of computer program that tells Word or Excel to do things. So these particular files can in fact contain programs and data wrapped together.

The general rule is this. If you receive an email with ANY kind of attachment you should be cautious EVEN IF the mail is from someone you know.

Email viruses don't really use technology to spread around from computer to computer. They use psychology. They try to make you feel safe about opening the attachment. Or they try to trick you into opening the attachment. A letter might arrive in your email and say something like...

"These are embarassing pictures of you"

seemingly from a friend and have a seemingly innocent file attached. Pretty tempting to open it isn't it? What are these pictures? Was it from that party last friday?!?

In reality there are no pictures, and the email is not from your friend at all. It's a fake. Many many people are still tricked by this variety of message. Other common tricks are things like purporting to be an official email from microsoft with a patch to protect you, or promising you a hot date, or masquerading as a letter from a friend by including some text you recognize and having your friend's name as the return address.

To get a better feel for how it works all lets look at a typical email virus step by step and see the process. Assuming that the virus is already written by a malicious programmer the steps are...

STEP 1

Someone you know or someone who has your email address is infected with the virus. They were tricked into running it.

STEP 2

They virus runs on their computer silently. They are usually unaware it is running.

STEP 3

The virus searches their computer for other email addresses. For instance it may search your friend's address book in microsoft outlook, or their contact list in microsoft messenger and find your address.

STEP 4

The virus formats an email and attaches a copy of itself to the email. The format of the email varies but it will use a number of tricks. The email might look something like... The email is sent to you.

You see how the email is tricky. It looks like it came from a friend of yours. He seems to be trying to help you out. But really it came from someone else and all the text is just a trick.

STEP 5

You are tricked by the virus and you run the program attached in order to protect your computer. The virus runs silently on your computer and we start over at step 1.

In practice the viruses use several tricks to try and get you to run them. They are not always easy to spot because the tricks are good. Sometimes they will even include in the email, bits of text from other emails you sent. So you might get an email talking about a party you attended. It seems like a very personal email containing information only you or your friend shoul know about, but it's just another trick.

I'll end this article by mentioning that I receive many of these viruses every day and many of them are seemingly from my own company. That is.. they are formatted to look like they are being sent by Twilight Games even though they are not. If you receive email from Twilight or another ineternet based company with a small attachment, chances are what you're getting is a virus from someone else's computer. If you're not sure or you're waiting for an important attachment, feel free to write the person that sent it and ask them if they really sent you something or not. A quick check like that will often reveal whether it should be deleted. And of course, if you're not familiar with computers consider running a virus detection program like norton antivirus which will stop the virus from infecting your machine if you accidentally try to run it.