You Sent Me a Virus!
A lot of the junk that descended into my in-box during the past few weeks consisted of messages that accused me of sending out viruses and that advised me to do something about it, like, er, buy their anti-virus software. Most of these were, and are, machine-generated, but in one instance an upset professor sent me several messages with the same complaint and similar well-intended advice to clean up my machine.
In addition, I got questions from computer users (hi Mom!) who received similar messages and were upset about them. Then there was the chatter on a mailing list about one particular internet service provider that supposedly sends out virus-infested messages.
Most likely, the company never sent those messages. Most definitely, neither did I.
The problem isn’t exactly new, but it seems a lot more widespread these days, so, just in case it puzzles you, let me explain some basics.
Every e-mail message that travels across the Net carries a certain amount of information about itself. This information includes the sender’s and the recipient’s e-mail address, the address to which a reply should be sent, the software used to send the message, the time and date when the message was sent, where it was sent from, certain information about the route the message travelled between the sender and the receiver, and a few other details. Collectively, this information is known as the “e-mail header”.
By default, that’s unless you ask it to do otherwise, most e-mail programs do not display this information, or only a small part of it. Yet any reasonably decent e-mail program can display the full header of any message. If you happen to use a Microsoft program such as Outlook or Outlook Express, you’ll probably find you have to poke around a good deal before you finally find a way to display the header; Outlook does a very good job at hiding it from the user. Other, more reasonable programs will give you the information at a single click or two.
Now, here’s the relevant bit in this context: header information can easily be forged (or “spoofed” — a quaint old colloquialism that experienced a revival in computing jargon). And this is what many viruses spreading via e-mail actually do. A virus that sends itself from an infected system is likely to grab a random address from an address book on that system and put it in the “From:” header field of the message it is about to send. A naive recipient of such a message will then believe that the message actually came from that address. Which it didn’t.
The problem is magnified by anti-virus software. Many such software packages automatically send a complaint to the apparent sender when they detect a message that carries a known virus. Given that the sender information is forged in many if not most cases, this isn’t helpful at all: such alerts needlessly increase the traffic the Internet has to carry and they end up in the in-boxes of users who have nothing to do with the virus in question whatsoever.
Oh, and you’ll remember, wont’t you, not to open attachments, even if they come from people you regularly communicate with, unless you know exactly what these attachments are (photos in .jpg format are harmless) and what reason the sender has for sending them. And don’t open an attachment either if it’s supposed to contain the message with which you supposedly sent a virus, okay?
Comments
pketh :: April 9, 2004
does it also help if I use a free email service like yahoomail that handles stuff like this automatically (or so it says). I’ve never got an email like yours but it’d be nice to know if it’s a risk when I use someone else’s Windows computer
Sorry I’m so clueless :)
Whatever some people will tell you to the contrary, the proper format for e-mail is plain unformatted text. To find out why and how to stop your mail client from sending HTML-formatted messages, read Gerald E. Boyd’s excellent piece on how to turn off HTML and/or MIME encoding.
While messages such as the ones described above may in fact carry malicious code (a few months back, one variant of the Klez worm pretended to be a Klez removal tool), most of them don’t: they’re a nuisance rather than a risk.
Web-based e-mail such as a Yahoo account (or a student account here at the university) probably won’t offer any protection against this nuisance. If somebody has your e-mail address in their address book, then an outgoing infected message might use it as the supposed sender of that message, and if, then, the anti-virus software at the recipient’s mail gateway is configured to send a warning to the supposed sender, you will receive that warning. Then again, Yahoo, or any other provider of Web-based e-mail, may decide not to let such complaints pass through their spam filters — I don’t know; might be a good idea, actually.
Risk on somebody’s Windows box? Don’t click on dubious links. Don’t open dubious attachments.
For some scary stuff, meet the Witty worm.
pketh :: April 10, 2004
thanks again, Sensei! :)
Oli :: April 11, 2004
The funniest of the recent spoofing spams I’ve got is one from my domain’s system administrator, telling me I’m temporarily not allowed to send email because I have a virus. The email includes a helpful ‘virus removal tool’…
Hold on, I’m my domain’s system administrator! Sheesh…
Never open an attachment you weren’t expecting. While this might look like a photo
rudolf_and_SMAP!.jpg .pif
it won’t be :-/
peace - oli
kevin :: April 13, 2004
Just today I had to explain this to an alarmed client *again* (this is the fourth time in about two weeks.)
I have made a system for them that works with emails. Every day the system is getting some of these “You sent us a virus” email, and once in a while a customer calls to complain that they were sent a virus from the system (meaning the mail had the system’s address in it’s header).
Every time this happens the client orders all workers to stop using the system. They call us, I explain that there is no way the system can send a virus… it can’t even send attachments. They feel happy, start using it again.
They next day we go through it all again.
The mails themselves are not much of a nuisance to me, on my own computer, most get caught by my junk filter, but explaining the whole thing to so many people so often is pretty time consuming.
What a great overview of the problem Rudolf!
When I was a gradutate student, the faculty in my department trained us to include a description of any attachment we would send by email. If you sent a professor you homework and forgot to say, “I have attached my homework as a .doc file called ‘DylanHomework.doc’.” the professors would not accept your assignment. I learned from them, and I still don’t open attachments unless they are well explained or I am expecting them.
Commenting on this entry is closed.
So complicated; this is one reason I only send out mail in pure text format. no fancy stuff, but less danger as well that way..
also helps that i use a mac too I guess :)