Viruses and virus warnings
Q: I've received something that
looks like a virus, from email@example.com or even from
firstname.lastname@example.org. Should I
write back complaining?
Almost certainly not.
New viruses lie about where they came from. See here.
Q: Has my bank emailed me?
It has not. It will not. Nor will ebay nor Amazon nor PayPal ask for any
account information in an email... See here.
Q: I've received an email warning about
an awful computer virus. Should I send it to everyone I know?
A: (short version):
An increasing number of the warnings incite people to damage their own computers.
Ignore warnings about phone viruses, too: there aren't any of those.
A: (long version):
Almost all emails warning you about viruses are a waste of
space. So much are they a waste of space (and therefore, as Einstein figured
out, of time too) that they can themselves be regarded as viruses.
Here's why. It's not short, but understanding what viruses really
are about will save you a lot of grief. (Skip to here
if you're sure what a virus is.)
What is a computer virus?
A computer virus is a small computer program which:
- Attaches itself to other computer files. This means that
when the "infected" file is copied to another computer and is run or
opened on that computer , the virus can spread by attaching itself
to more files... and
- Has side-effects: typically, wasting storage space and
wasting the computer's "attention"... and
- Has a "pay-load" - a bit of the virus program which does
things other than copying itself. This may range from the harmless - making
your computer announce that it is stoned - to the nasty - erasing your hard
A computer program - whether it's a word-processor
program or a virus - is nothing more than a computer file containing a set
of instructions telling your computer to do some things, in its own language.
A data file contains your work - an article,
a photo, whatever. The point of most programs is to manipulate data files.
For more detail see
Computer viruses, like biological viruses, are parasitical
programs. They cannot do anything by themselves. They depend on the instructions
in a "healthy" program or cell. (Don't ask any more, or we'll have to call
in the philosophers.)
You may also come across the term Trojan Horse
- a complete program which does something quite different from its advertised
function. Trojan Horses depend on "marketing" to spread... usually appeals
to greed or filthy-mindedness.
By the way, no virus or Trojan Horse does physical
damage to your computer - they do only "logical" damage to files.
Where do computer viruses live?
Computer viruses can reach your machine in five distinct ways.
In historical sequence, these are:
- Attached to a small program which sits on many formatted
floppy disks. This is called the "boot sector" program and they are called
"boot sector viruses". (The "boot sector program" tells
your computer how to start itself up - to pick itself up "by its bootstraps"
- from that floppy disk.);
- Attached to any program file: word-processor, spreadsheet, photo-manipulation
program, whatever - program viruses for short; or
- Buried as a so-called "macro" program within certain kinds
of data file - mostly Microsoft Word. The notorious-in-early-1999 "Melissa"
virus is one of these "macro viruses". A "macro" program
is one which is "run" by another program, such as Microsoft Word, which
is "run" by your computer (think Russian dolls).
- Tagging along as an "attachment" to an email message - most of these
are strictly speaking not "viruses", but "trojan horses".
- Wandering in through an unprotected always-on internet connection.
How can I "catch" a computer virus?
You catch each of the above kinds of virus in a different way:
- By starting your computer up while an infected floppy
disk (with a boot sector virus) is in your floppy drive; or
- By running a program which is infected by a program virus; or
- By opening a document (or other data file) which
is infected by a macro virus, in a program which can "run" the macro; or
- By viewing an email in a vulnerable program like Microsoft
"Outlook Express", or opening an infected
attachment file however you received it; or
- By running an always-on internet connection without bothering
with security. (So Don't Do That, Then.)
It is possible in principle to write a macro virus which infects
any one of a wide range of word-processor and spreadsheet programs. There
was, in fact, a problem with Trojan Horse macros in the Lotus 1-2-3 spreadsheet
in the mid-1980s.
But the only evidence that anyone's bothered to write macro viruses
that affect any recent non-Microsoft program is of proof-of-principle efforts,
not actual infectious thingies in the wild.
- You can not catch a computer virus by opening
a plain text file (also known as a "plain ASCII file").
- It's very, very unlikely that you'll catch a computer
virus simply by viewing a Web page. All the reports of Web pages doing strange
things to people's computers relate to visiting porn pages or sites fencing
stolen software. (So don't.)
In 2002 I wrote:
- You can not catch a computer virus by opening
any kind of graphic file (JPG, GIF, TIF etc).
That was of course asking for trouble. As the rest of this text makes clear,
many infectious things arrive masquerading as image files. And at the
end of 2005 a new beastie entered the menagerie: fake image files that could
install viruses on Windows computers by exploiting weaknesses in the Microsoft
Windows Picture and Fax Viewer program. See this page from the United States
Computer Emergency Readiness Team for notes on disabling this program.
How can I avoid computer viruses?
Never insert a floppy disk without using a condom...
(The first person to complain that their floppy disk drive
doesn't like spermicidal lubricant wins a sense of humour.)
Avoiding boot-sector viruses
Boot-sector viruses used to spread rapidly way back when, in
the days when starting a computer from a floppy disk was common - either
because you couldn't afford a hard disk, or because games programs needed
to take total control of computers to run rather than crawl.
But the steps you take to avoid boot-sector viruses are still important, for other
reasons. These days, you start a computer from a floppy disk only when something
has gone very badly wrong with essential files on your hard disk - like, for example,
a bad virus infection - and you need to start your computer from the original
"system disk" or from a "rescue disk". This is a floppy
disk from which your computer can start up its "operating system" - Win9x,
Mac System 8/9/X, or whatever.
- If your operating system was pre-installed on your computer's
hard disk, when you first started it you should have been instructed how to
prepare a "system disk" or a "rescue disk" for emergencies.
- If you got your operating system on a CD-ROM, it is virus-proof.
- If your computer is an antique and you got your operating system on floppy disks,
the one which you can use to re-start your computer in emergency is described as
a "system disk" on the printed label.
You should have slid open the little tab which stops your computer writing
anything onto your system disks immediately after you made them and before you ever
used them. If you hold a floppy disk with the flat slidy bit at the bottom and the round
metal bit facing you, this tab is in the top left corner.
If you didn't do this, and/or to be utterly safe, you should
check all "foreign" floppy disks using a virus-checker program - see
If you want to do any of these things:
- run programs from sources which may be infected - delivered
on floppy disks or from the Internet
- go on using the Microsoft Outlook program to read your email
- go on using the Microsoft Word program to create or edit documents
- or if you suspect you have a virus - then invest
in a virus checker program. You run one of these virus checkers to check
program files, emails and Word documents viruses, before you
ever run or open them.
Programs which you buy from reputable sources on floppy disk
or CD-ROM, or which you download from carefully-maintained internet archives,
rarely contain viruses. Very rarely, not never.
Some of the commonest virus checker programs are:
Symantec (incorporating Norton)
McAfee (incorporating Dr. Solomon's)
AVG - free edition with free updates
Free sample programs are available. You need, however, to get
regular updates of information on new viruses to be safe - AVG is still (June 2006) free to home users
If you ever receive Word documents as email attachments or on floppy disk, you can
use a modern virus-checker program before opening them.
The simpler thing to do is to reply to the email demanding that they send you plain text, not a
Word document. All they have to do is copy the text and paste it into the body of an email.
Where that's not politic, the safest thing to do is to use
a "Word viewer program" instead of Word itself. You can download these from
the Internet (for only the cost of a one-hour local call if you have a dial-up connection):
Word Viewer for Win95/98/NT from Microsoft
Word Viewer for Win 3.1/3.11 from Microsoft
Macintosh users will find that the TextEdit program - which is included with
the operating system in version OSX - will display Word documents and save simple
The "viewer" program allows you to print the document, and
to mark text, copy it to the "clipboard" and paste it into a sensible word
processor. It does not allow you to change or edit the document, and it will
ignore the blandishments of macro viruses.
In emergency, you can try opening the Word document in Windows Write,
Windows Notepad, or SimpleText on the Mac. This is quite safe: these programs
simply do not understand the "macro language" that macro viruses are written
in, so they can't do any harm. But you will see a great deal of garbage on
your screen: the actual text is a page or two down, followed by a lot more
garbage. Cut out the garbage and save the good bits, if there are any, as plain text.
Macro viruses have also been found in other Microsoft Office
programs. You can download viewer programs for the Excel spreadsheet, etc
MS Office Viewers from Microsoft
You may draw the conclusion that using non-Microsoft products
where possible is A Good Thing. The NUJ couldn't possibly comment on this.
Avoiding Trojan Horses, worms & other beasties
Never click on the icon for an "email attachment"
without thinking. Usual journalistic questions: what, whence, why and who
Microsoft Windows hides a piece of information which makes
that thought easier. So un-hide it:
- Click the "Start" button
- Click "Programs"
- Click "Windows Explorer"*
- Click on the "View" menu;
- Click on "Options";
- Click on "Show all files"; and
- Clear the checkbox "Hide file extensions for known
* The program may also go by some synonymous name. Mine
is called "NT Explorer" and its Options panel looks like this:
Why do this? Because Windows uses the "extension" - the dot
and three letters at the end of a file name - to tell what kind of file it
is; particularly if it is a file which can be run. Be very suspicious indeed
of files that now appear to have two extensions; in a 2001 example,
kournikova.jpg.vbs. Clearly, it was trying to pretend
to be something it wasn't. She's alleged to be crap at tennis, anyway, not that
Think particularly hard about files with the following extensions:
.com COMmand - a program
.exe EXEcutable - a program
.bat BATch file - a script that can run programs
.vbs Visual Basic Script
.dll Dynamic Link Library - a bit of program
.pif Program Information File - a link to a program
.lnk another kind of LiNK to a program
.scr SCReensaver program
. no extension at all: could be anything...
If the attachment is one of these, run it only if you understand
why you are expecting a program and what it will do! See
for more information.
The Macintosh computer doesn't make much use of these "extensions",
and doesn't hide them. You will see them on files - legitimate or viruses - sent from
or intended for Windows machines.
If you still run the Internet Explorer Web browser program
or the Outlook email program, you must teach them to be more suspicious:
- Click the "Start" button
- Click "Programs"
- Click "Internet Explorer"
- Click on Internet Options under (often) the Tools menu
- Click on the Security tab
- Click on Trusted sites
- Remove all sites from the trusted list, unless you're absoutely sure you understand why you shouldn't do this
- Click on OK
- Click on Internet
- Click on Custom Level
- Scroll down to File Download (further down than the illustration below)
- Click on Disable
- Make sure that none of the options to do with "ActiveX
controls" is set to "Enable" - all should be "Disable" or, if you don't
mind being nagged to let over-clever Web sites to do their thing, "Prompt".
- Click on OK
- Click on OK
These options will/should affect how Outlook behaves, as well.
The final setting in the pictorial example above is me living
dangerously. Setting "Script ActiveX controls marked safe for scripting" to
"Prompt" produces all sorts of bizarre and annoying prompts - for example
whenever you try to fetch an Adobe Acrobat .PDF file from the Web. So I
changed over to use the Opera browser instead. It's free to download, very fast, it
includes a program for reading email. Later, I changed to use Mozilla (for unrelated
technical reasons). I continue to recommend both.
Download the Opera browser (Windows, Mac, Linux, phones...)
Download the Mozilla Firefox browser (Windows, Mac, Linux)
Download the Thunderbird email program (Windows, Mac, Linux)
Download the Eudora email program (Windows or Mac)
You do not have to remove these programs. The point is to stop viruses using them
- which simply means "disconnecting" them from other programs on your computer.
Download and install Eudora or Opera or Thunderbird as the program you use to read email.
Simply stop using Outlook or Outlook Express.
The following example images are from a five-year old version of Opera. The current version
will look different but it should not be hard to locate the equivalent questions and type in the
Your new email program will ask for some technical information. You can copy
this from Outlook, thus:
- Start Outlook, one last time
- In the menu bar, click on Tools
- Click on Accounts
- Click on the name of the email account you are using, then on the Properties button
- Click on the "Servers" tab
- You will see something like this:
- Write down on a piece of paper the information next to "Incoming mail"
and next to "Outgoing mail". Proofread it.
(You could cut and paste to save pencil-lead and proofreading, but if you know how to do
that these instructions are probably driving you wild with their completeness.)
If, for example, you decide to use Opera to send and read email in the future:
- Start Opera
- In the menu bar, click on E-mail
- Click on New account...
- Click on the "Servers" tab
- You will see something like this:
- Fill in the information you just recorded
- Your "Login" is (almost always) the bit of your email address
to the left of the "@" sign
- Leave the other settings well alone, unless your email service provider tells you otherwise
- If Outlook tells you that your "Incoming mail server" was an "IMAP" server,
apparently you're stuck in some corporate MS-only hell and you're not going to be using Opera
to read email. Oh well. Demand that the corporate IT people sort out the problems they created.
Get yourself your own email account.
- Otherwise, send yourself a test message!
- You don't have to tell anyone you've changed. What you did above is to
set up a different program to access the same email account.
People will only notice the difference when they don't get viruses from you.
- If you ever start Outlook again, it will ask you whether to make it your "default
mail client". Don't - the whole point is to stop viruses
being able to find it as the "default mail client".
Whatever you installed as your email program, now do this:
- Start Internet Explorer as above
- Click on Internet Options under (often) the
- Click on the Programs tab
- Next to "Email", select your email program from the drop-down list; or
- if your email program isn't shown, select "Hotmail"
You may well want to keep Explorer hanging around, in case you need to use it to visit any annoying
websites that discriminate against non-Microsoft products. (By default, Opera "pretends" to
these sites that it is Internet Explorer, but they're not always fooled.)
What you have just achieved is to make sure that:
- So long as you don't use Outlook (Express), viruses can't use it to start Internet Explorer
automatically and do damage through the flaws in that;
- Conversely, neither can viruses use Internet Explorer to start Outlook automatically and do damage
through the flaws in that.
How can I avoid passing on viruses?
By preventing infection of your computer.
You can save people to whom you send email a whole lot of trouble
by not sending them Word documents.
Instead, send them the plain text. Copy it from the word-processor you use to the "clipboard",
and paste it into the body of an email message.
Just the facts, ma'am
If you want to look as though you know how to use email, you
may also want to make sure that you send only plain text. That's
what email's for, innit?
If you really can't get rid of MS Outlook, do the following:
- In the Tools menu, select Options
- Select the Send "pane"
- Under "Mail sending format", select Plain Text
This means you send nice, compact plain text messages with
<FONT FACE="garbage"> stuff in them - and no
If you have got rid of Outlook, you'll probably be able to figure out how to do the same in your program.
Sending plain text from other programs
Opera sends (or used to send...) plain text by default. Eudora and Thunderbird also have options to send plain text only. Look in the Tools menus for "Account Settings" or "Options" options.
You can also change the "properties" of email programs' address book entries to send plain
text only to the address in question.
See the following comprehensive guide for all known (and some unknown) email programs:
Configuring Mail Clients to Send Plain ASCII Text
But what if they really need a Word document?
If your client or contact really needs a Word document with
layout and fonts, send a so-called "Rich Text Format" file. When you've finished
editing it, under the File menu select Save As...
and under Save as type select RTF. Then attach the
resulting file to your email.
Note - May 2001
It's happened: someone's worked out in principle how to make an RTF file load a .DOT template
file which fetches an .HTML file which calls a Microsoft ActiveX plugin which... we don't know, because
no-one's done it, yet.
Sending RTF files is still a much, much better idea than sending
MS-Word .DOC files. To be safe, go through Word options and preferences
turning practically everything off - particularly everything to do with macros. Opening
RTF files you receive in a viewer program is still
What do I do if I've caught a virus?
Don't leap to conclusions. Computer programs (especially the
"operating system" programs called Windows) do bizarre things when overstretched
or otherwise confused. You may not have a virus at all.
Be calm. More time and data is lost through
people panicking at the idea that they have a virus than is ever lost through
the direct effects of real viruses.
Run a virus-checker program, and follow the instructions carefully.
Virus-checker programs will offer to remove viruses which they
find, and will often succeed. They may also warn you about files which have
changed or changed size. More often than not, this is for a perfectly innocent
reason, like you playing with the colour scheme in Windows, which changes
a file such as
You do have a full backup of all your (important) work on floppy
disks, or Zip™ disks or writable CD-ROM or tape, don't you?
In fact, it's a good idea to keep several backups. Have at
least one week-old backup and one three-month-old on hand at any one time.
That way, you are likely to have a copy which predates your infection.
You have kept the original disks of all the programs you use,
in a safe place and with the write-protect tabs open if they're on floppy
disks - haven't you?
These precautions will come in handy when your computer's internal
hard disk starts making genuinely scary motorbike-brakes-on-a-wet-day noises.
That's the sound of the so-called "heads" on your hard disk crashing into
the magnetic magic stuff and ploughing your files back into the void. You'll
recognise it when you hear it, you likely will hear it one day, and it's
much more scary than a mere virus.
What about those virus warnings, then?
If you've paid attention to the above, you will already be
in a fairly good position to recognise the frightening obfuscations (known
in the trade as "technobollocks") which are an essential ingredient of spoof
Another key sign to watch for is an outstandingly authoritative-
sounding original source. If you're keen, go to
Google and discover for yourself that the alleged organisation has no Web site.
If it were an authoritative source on viruses, it would most definitely have
a web site and that would come right at the top of the Google list. (This
is primarily advice for journalists. Suggesting that you check that your
source exists ought to be redundant...)
You should also beware of any message which demands that you
copy it to other people. It's a chain letter, whether it's promising riches
or threatening doom. Consider this:
- Actual computer viruses do their harm
by wasting human time. They infect programs and Microsoft documents. They
are parasitical on these programs and documents, using them to spread to
other programs and documents. They may do harm by deleting files - which
simply wastes the time it takes you to restore the uninfected backup versions
(or to re-do the work if you forgot to back up). They waste much more time
in checking whether you really have a virus, and the time it takes to repair
the effects of panicking about a virus. Above all, they waste the time it
takes patiently to explain what a virus really is.
- Spoof computer viruses do their harm by
wasting human time. They infect human minds. They are parasitical on these
minds, using them to spread to other minds (by persuading them to forward
emails in large numbers). They waste the time it takes you to forward them,
the time it takes the recipients to read and ignore them, and the time it
takes to repair the effects of panicking about a virus. Some (like the
sulfnbk.exe and the 2002
persuade recipients to delete actual, useful files. Above all, they waste
the time it takes patiently to explain what a virus really is.
If, for example, you receive email warning you about messages
with the subject line "Good Times", the warning email itself is the
virus. There is no "Good Times" computer-virus; only a mind-virus.
Never, ever, forward such a warning without first checking
the authoritative source:
Computer Incident Advisory Capability (CIAC) @ Los Alamos
| CIAC Hoaxbusters site
You may also want to read:
| Computer Virus Myths
from one Rob Rosenberger
from McAfee / AVERT
For example, some of the spoofs in circulation in late 2000 were:
- California / WOBBLER
- Good Times
- Win a holiday
Warnings about an "A.I.D.S. email attachment" are hoaxes. There
are several actual program-infecting viruses called "AIDS". An actual Trojan
Horse called "AOL4FREE", which deletes all files on your hard drive, appeared
some months after the hoax warnings. It is rare in the wild and,
like any other program virus or Trojan Horse program, will do harm only
if you are greedy or distracted enough to run it.
Messages that lie about their origins
Every day londonfreelance.org gets emails from computers announcing
that they have failed to deliver junk mail, and worse, which claimed to have been sent from email@example.com - and some of you may have had dodgy messages that claim to come from us.
They are lying. The idea is that you think you know where the message comes from, and
you click away... How does this happen?
Buddha says: avoid attachments
Anyone who clicked on links in some of those messages would install a nasty virus-like
program on their computer. That would read their email address book and send it off to the
purveyors of spam and viruses.
If londonfreelance.org is in their address book, it may get picked
at random as the false sender of a whole bunch more viruses and/or spam. If you let this
happen to you, your contacts may start receiving nasties that claim to come from you.
Various addresses at londonfreelance.org are probably in hundreds or thousands of address books, and some of their owners have clearly clicked thoughtlessly - which is one reason our name is already being taken in vain.
Then in June 2006 we started getting fake emails thus: "Your account has been used to send a large quantity of spam. Click here..." No way!
Getting an anti-virus program and keeping it up to date can help avoid this problem. But you only have to click once on a new virus-like attachment that the program doesn't recognise. Vigilance is still your duty.
Your bank has not emailed you!
An NUJ member contacted us to report that soon after buying from www.amazon.co.uk they received multiple emails starting "Amazon is committed to maintaining a safe environment for its community of customers. To protect the security of your account," and concluding: "To securely confirm your Amazon information please click on the link bellow:"
They didn't click. They were wise.
Those emails were "phishing" attempts: a ruse to try to get us to reveal account details and passwords.
The message had nothing to do with the Amazon purchase. That was a coincidence. Between 12 and 14 June 2006, for example, londonfreelance.org received four
such messages claiming to come from three banks - one of which happens to be our bank.
One simple rule deals with phishing attempts: never click on any link in any email that claims to come from any institution that handles your money. Money-handling institutions never send emails requesting (or linking to pages that request) passwords or sensitive information. Not banks, not credit card providers, PayPal, Amazon nor eBay. Never.
All warnings about phone viruses are hoaxes. They exploit a
news story in the summer of 2000 about an academic who'd shown that
in principle it's possible to write a virus which will infect
a so-called WAP phone and no other kind. Equally, it was shown in
2006 that it is in principle it's possible to write a virus or worm that spreads
through "BlueTooth" connections between phones, but we have no reports of it actually
If you have a regular mobile phone, relax. There is no known
way of writing viruses that infect these. You'd know if it was a WAP phone
because you'd be paying extra for the privilege.
There are no accurate reports (October 2002 - nor June 2006) of WAP-phone viri in the wild.
Uh-oh! There was, however, a report (November 2001)
from a usually reliable source of bad hackers discovering how to send an SMS message that would lock you out of your phone, if and only if
(so far) it's among a certain set of Nokia models. So think before you give your number out to unusually pallid people.
From the CIAC site, March 1999
WARNING!! BEWARE GEEKS BEARING GIFTS!
WARNING! WARNING! WARNING!
IF YOU RECEIVE A GIFT IN THE SHAPE OF A
LARGE WOODEN HORSE DO NOT DOWNLOAD IT!!!!
It is EXTREMELY DESTRUCTIVE and will
overwrite your ENTIRE CITY!
The "gift" is disguised as a large wooden
horse about two stories tall. It tends to
show up outside the city gates and
appears to be abandoned. DO NOT let it
through the gates! It contains hardware
that is incompatible with Trojan
programming, including a crowd of heavily-
armed Greek warriors that will destroy
your army, sack your town, and kill your
women and children.
If you have already received such a gift,
DO NOT OPEN IT! Take it back out of the
city unopened and set fire to it by
FORWARD THIS MESSAGE TO EVERYONE YOU KNOW!
moral rights asserted.
Terms & conditions:
this advice is provided as is with no warranty of fitness for any particular
purpose nor guarantee as to the results of following or of failing to follow
it. Liability is specifically disclaimed for damage direct or consequential
caused by nuclear strike, civil unrest or its failure to arise when required,
acts omissions or failure to exist by deities, computer viruses, the Y2K Bug,
This document is an example of the reason
why Tim Berners-Lee and Robert Caillau invented the Web: they got
fed up with answering their phone and email and invented a means
of saying helpfully "get the answer yourself".