ISSUE 585: Zisman- Jan 9 2001
The high-tech office
ALAN ZISMAN
Passing on virus
warnings is often the problem
itself
A few issues ago, while reviewing Symantec's
Norton AntiVirus 2001 (NAV), I mentioned that I had received an e-mail
with an attachment. NAV identified the attachment as a virus and had it
quarantined before I could open it and infect my system.
More recently, I got a message from a PR consultant
saying, "Check out this new flash movie that I downloaded just now...
It's Great." While there was no warning from NAV, my personal paranoia
flashed a warning. I usually get press releases from her, not video
clips.
So I manually scanned the attachment. When it passed,
I ran it. No movie.
Norton AntiVirus automatically "phones home" every
fifteen days, to get the latest virus information. But if this file,
Creative.exe, was newer than my nearly up-to-date virus de-
finitions, it would have slipped through my defenses.
I manually ran NAV's Live Update feature to get the
latest virus definitions, and -- Bingo! -- my system was reported as
infected with the W32Prolin.Worm. This time, NAV offered to remove the
infection, and sent the spurious video file, Creative.exe to
"quarantine."
Symantec posts very comprehensive computer virus
information on its Web site (www.symantec.
com/avcenter). Searching for my virus informed me that it damaged
JPEG graphics files and, like most of the current crop of infections,
spread itself through the Outlook address book. Sure enough, my hard
drive was littered with the remains of more than 300 ruined graphics
files (not a major loss). Because I use Eudora for e-mail rather than
Outlook or Outlook Express, I had not spread the virus further.
I e-mailed the message sender, telling her she was the
innocent victim of the Creative virus and suggesting she clean her
system and inform everyone in her address book that they may have been
infected. I haven't heard back from her, but if she reads this column,
no hard feelings, and no need to be embarrassed. But please
inform the people you may have infected!
We all need a dose of healthy paranoia about computer
viruses. And we all need to make sure the virus definitions used by our
anti-virus software are up-to-date. But paranoia can get out of hand.
Re-
cently, I received an e-mail message from a colleague, reading (note
the capitalization):
PLEASE, SEND THIS INFORMATION TO EVERY PERSON IN YOUR
ADDRESS BOOK. IF YOU RECEIVE AN E-MAIL THAT READS "UPGRADE INTERNET2"
DO NOT OPEN IT, AS IT CONTAINS AN EXECUTABLE NAMED "PERRIN.EXE." IT
WILL ERASE ALL THE DATA IN YOUR HARD DRIVE AND IT WILL STAY IN
MEMORY.... THIS INFORMATION WAS PUBLISHED YESTERDAY IN THE CNN WEB
SITE.... CHECK THE LIST BELOW, SENT BY IBM, WITH THE NAMES OF
SOME E-MAILS THAT, IF RECEIVED, SHOULD NOT BE OPENED AND MUST BE
DELETED IMMEDIATELY, BECAUSE THEY CONTAIN ATTACHED VIRUSES....
Back to Symantec's AV Center, to search for
"Perrin.exe." I quickly found it, listed along with a number of other
virus hoaxes.
Yes, a hoax. In fact, every well-intentioned e-mail
that I've received over the years passing on information about viruses
has similarly been a hoax.
Some telltale signs: messages being passed along like
chain letters; attribution to a big organization like IBM, Microsoft
or NASA; and other suggestions of credibility ("published
yesterday in the CNN Web site") without actually including a link to
follow-up.
Virus hoaxes don't damage our computers, but they
spread like viruses and waste our time. While friends tell friends
about infections, check before passing hoaxes any further. You don't
need to be a Norton AntiVirus customer to check at Symantec's AV
Center. It took me less than a minute to debunk this message.
|