Subject: Re: Hoax (Was ; Re: Computer Virus)
Date: Jan 12 10:42:50 1996
From: Eric Greenwood - egreenw at helix.net


>I've asked experts at Microsoft and at Digital Equipment Corporation to
explain how Email can infect a system. Nobody can think of a way. If there
is an expert here that can explain it please do.


I'm not an "expert" but I do make a living from helping people with personal
computers and I do understand about virus infection.

If you use commercially-available communications and mailing software
obtained from a reputable source you should be starting from a clean, virus
free base. I use copies of Trumpet Winsock, Eudora and Netscape first
supplied by my Internet Provider and then updated from WEB sites operated by
the software developers themselves. When I use any new software of this
nature I am particularly careful to run my virus-check program as well. If
you take copies of any of this type of software from another source, such as
a friend or bulletin board, be careful; it may be infected with a
time-delay virus that will hit you later.

Assuming you have a clean software base, reading mail from the Internet is
not going to infect you with a virus but may deliver you one. Mail messages
are text files that don't get "run" or "executed" and you really can only
activate a virus by running something. The danger comes from attachments to
mail messages; if someone sends you a message that says "try this and you
will like it" and provides a program file as an attachment be wary. Running
the attachement file is "executing" the program and, if the program contains
a virus, you will catch it.

There are mailing systems out there, such as ccMail, that display
attachments as icons. One click on a new icon that has come with a mail
message can wipe out your system.

In composing this message, I've thought of the following scenario that may
help to explain how virus infection can occur. THIS IS HYPOTHETICAL (at the
momment). A disgruntled employee with a large, well known software
developer knows he is going to be fired. Before his dismisal, he has the
opportunity to develop a virus program and build it into the new release of
the company's WEB browser program just before the software is made available
to the public. The virus has a time-delay in it and is not detected for a
few weeks. In the meantime, the new software is downloaded by many people.
The virus is activated when a certain date is reached and it searches for a
long sequence of characters contained in a mail message. When the virus
finds the sequence of characters it wipes out your hard disk. This
disgruntled person sends out the mail message with the correct characters
and sits back, quite satisfied! Anyone getting the message and running the
new version of the software is in trouble.

This scenario would not be hard to implement and could work in practice.
Hopefully, the major software development companies have quality control
procedures to prevent unathorized code being added to a product. However,
you or I could take a copy of a program, add this virus to it, and put the
program on a bulletin board for others to use.

My suggestion. Have virus checking software enabled such that any
memory-resident virus is detected. Run a virus check against your hard disk
once a week and, if you can, have your virus checker analyze the hard disk
boot record every time you re-boot the PC. If you think you have a virus
talk to someone that knows how to deal with infection. Don't try and use an
infected computer, the damage will probably get worse!

Futher notes. I know of two instances where major software companies,
including one big one in our area, have recalled products due to virus
infection. Also, if you get a virus and then get it "cleaned" have ALL of
you diskettes chacked for the virus. Clean them or destroy them!

Hope this helps.



Eric Greenwood
Vancouver, B.C.
egreenw at helix.net