< Continued from page 3

You must always be conscious of the email messages you are viewing and who they are from, particularly before opening any file attachments that may be associated with them. Viruses tend to rely on social engineering to get the user to help them spread. In order for the virus to infect your machine and spread to other machines it first needs to execute. The subject line and body of the email message are key to catching the recipients interest and tricking them into opening and running the file attachment.


There are a variety of tricks used by viruses to convince the user to open an attachment. Viruses may come disguised as a reply to a legitimate message you had sent the infected user. The viruses generally search many areas of a computer to collect any email addresses available on the infected machine so it can broadcast itself out to them. Many times a virus will come from an address you recognize and trust.

You should remain aware even if you recognize the email address or know the individual allegedly sending the email. Ask yourself if this person would normally send you a message like the one you received? Does this person normally send you file attachments? Does this person have a reason for sending this particular file attachment? If you are the least bit suspicious about any of this, you should contact the user and ask for clarification of the purpose of the attachment before opening it.

Newer viruses tend to do email spoofing though. By forging the ?From? address to appear as if it came from a different source it becomes more difficult to identify the infected machine.

If the virus is from a spoofed email address you may not be able to identify the true source. If you find that the message did not come from who it says it came from, you should probably assume it is malicious and simply delete it. In any event, if you can?t get a hold of the user you should at least use an updated antivirus program to scan the file before executing it.

While viruses are a serious issue, and it is imperative that users run antivirus software and keep it updated to detect and block new threats, it is equally or more important that users stay current with security updates and patches from their operating system and program vendors. In the past few years the viruses or worms that have had the most impact, like SQL Slammer, have taken advantage of known vulnerabilities for which patches were already available. If users had applied the patches when they became available these viruses and worms would have had little to no effect rather than spreading throughout the world and causing millions of dollars of damage and lost time and productivity.

Using vendor services like Microsoft?s Windows Update site or Redhat?s email notification service you can stay up to date on current patches available. There are also many email lists available from vendors or 3rd-party security sites to help you stay on top of recently discovered vulnerabilities you should be aware of. Recent versions of Microsoft Windows also have an autoupdate feature which will check for Critical updates periodically and provide an icon in the systray when patches become available.