Symantec Europe
global sites
products and services
purchase
support
partners
security response
downloads
about symantec
search
feedback


© 1995-2008 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
Home and Home Office

Viruses that deceive and viruses that ensnare…

A computer virus is just like any other program. It cannot run without the user's consent. And it is prepared to go to any fraudulent length to obtain this consent. Here's a selection of the latest tricks and some advice on how not to fall foul of deceiving viruses.

As is the case with literally any program on your computer, a virus must be run if it is to have any chance of controlling your computer. Naturally there aren't too many users around who would voluntarily agree to launch a virus, even if they were asked very politely. These parasites have therefore developed numerous techniques over the years to force users' hands and get exactly what they want: permission to launch. The latest series of viruses do not use very elaborate techniques to do this, rather they opt for a fairly unsophisticated form of large-scale deception. We call this social engineering: rather than pentrate your system by means of a technical vulnerability, the objective is to take advantage of human gullibility - a quality in plentiful supply judging by the flood of infected mail received over the past few months.

Fear and curiosity: the two weapons of choice of the modern virus
Few viruses prey on your curiosity to the extent deployed by members of the Netsky family of viruses. These viruses are sent to your email box with intriguing subject lines such as "Is that you?" or "I found your photo", some have a surreal slant, "Is this really your finger?" "Are these really your underpants", and of course others have a more sophisticated edge, "Did this photo give you an orgasm?". To engage the curiosity of the recipient, the body of the message is generally very brief and in many cases it merely indicates that "details are contained in the attached file". Naturally it is the attachment that contains the virus, which is run as soon as the user attempts to open it. Sometimes the mail can contain more information, explaining that the person who sent the email (who may very well be someone you know) has found some "shocking revelations" about you on the Internet. And once again, curiosity takes over…

Fear is the second method used to spread the latest series of viruses. These viruses are sent to your mailbox under the guise of a final payment notice, which appears to be sent by your bank or a payment service such as PayPal. However it can also be any other online service, including your Internet service provider (ISP).
The content of the actual message hardly ever varies: the service will be disrupted unless you run the file attached to the email. One version of the Beagle virus is sent via your ISP for example. The virus even manages to personalise the email text by adding the name of your Internet service provider. It explains that your email account will be suspended because of a security problem. Unless, of course, you reregister by clicking the link provided in the text or file attachment, depending on the virus involved. Once you do, the virus is launched as you have effectively granted it permission to launch!

Worms don't do deception
Unlike viruses, worms do not require your consent to run. They skip the deception stage and simply infect your computer directly if it is exposed to a network vulnerability that you have not made a point of fixing in time. This is how the Blaster and other types of Sasser virus succeeded in spreading so quickly. All they have to do is find a vulnerable Windows PC that is connected to the Internet and not protected by a firewall. More critical commentators would maintain that by not keeping your system up to date, you are ultimately granting permission to have your PC infected.

Six practical tips on how to steer clear of epidemics
1. Keep up to date on the release of the latest security patches for your operating system and install these systematically.
2. Never open an executable file attachment, even it if is sent by a friend or work colleague, without first checking it against an antivirus that you have just updated.
3. Save non-executable attachments onto your hard disk (graphics, audio files etc) before you open them and check that they do not contain double filename extensions. These are usually separated by a line space to make them harder to detect.
4. Change your folder display settings in Windows to include known file extensions.
5. Never click directly on a link provided in an email, instead copy and paste it into your browser.
6. Set your antivirus to update automatically.