MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsGrantlandCommunity HappeningsCampus News

Return to Main Menu

An in-depth look at e-mail borne viruses

by George Spain
CCIT Technical Writer
 The love bug that caught the computing world by surprise May 4 is capable of very serious damage to files, and should cause you to be suspicious of every e-mail message with an attachment to stay away from certain e-mail clients.

“Damage at our MUSC site was minimal because the virus targeted Microsoft's Outlook e-mail program and we support GroupWise, Netscape, and Mulberry here,” said Melissa Forinash, director of Information Technology at the Center for Computing and Information Technology (CCIT). 

That doesn't mean that anyone who uses those clients was completely protected from the virus, only that they could not be used to spread the virus to others via e-mail, she said. 

The virus initially spread through e-mail entitled “ILOVEYOU” with an attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs,” but it has already begun its metamorphosis into other strains. Latest reports have mentioned that other messages carrying the same vicious virus have been found. They include the names, “Mother's Day,“ “Joke,” and notices that your “credit card has been billed $300” for something or other. Experts say it will keep changing and to be on guard. 

“It was the Windows platform that was the target of the attack, but tomorrow it could be the Macintosh or Linux OS,” said Mike Coffman, systems administrator for CCIT. 

What's love got to do with it? 
If you're wondering if you have the virus on your computer, the answer is pretty simple: if you got the “ILOVEYOU” e-mail and opened the attachment, you are infected. Some e-mail programs are set to automatically open or download attachments when an e-mail message containing an attachment is opened. If your program is set to do this, you are infected. 

Symptoms include file corruption and deletion. Especially vulnerable are graphic and audio files like jpeg, mp2, and pretty much any file written in Java or Visual Basic. The worm relies on Visual Basic Script (VBScript) and doesn't affect Macintosh computers. However, Macs aren't home free. If they are running some kind of Windows emulation program, then the files could be corrupted. Also Macs could be used as carriers of the virus. 

How do I get rid of this thing? 
The first step you should take towards recovery from this virus is to download the latest virus protection files from Virex: <http://www.musc.edu/ccit/software/win/sdat4076.exe> 
 Another step you could take is to disable windows scripting host: <http://www.F-Secure.com/virus-info/u-vbs/uninstall-vbs.html> 
 Step-by-step instructions on how to make your browser safe: <http://www.cert.org/tech_tips/malicious_code_FAQ.html#steps> 
The best defense 

CCIT system administrators have taken steps to ward off the virus on the MUSC mail host, but there's only so much that can be done at the server end. Variants could defeat the best anti-virus measures CCIT has taken to date. 

You are going to have to take steps to reduce your chance of contracting future viruses. 

The first and most important step you can take is to be very suspicious of any e-mail that has an attachment. It's the attachment that carries the virus, not the e-mail. What the sneaky ILOVEYOU virus did was grab names from an e-mail client's address book and send itself to names it found there. In this way, the e-mail and attachment came from someone you know, someone that had your address in his Outlook address book. If you see a number of messages with the same title from different people that you know, this is a sure sign that the
attachment contains a virus. 

Your safest step is to stop using the Outlook e-mail client. Because of its popularity and widespread use (it installs as a default with most versions of Windows), Outlook has been the target of three major virus attacks in the past 12 months (“Prilissa” and “Melissa” being the other two). While computer-savvy users can disable some features that make Outlook prone to attacks, Outlook comes configured to allow the weaknesses to be exploited. Best to stay away from it. 

You should certainly avoid automatically opening attachments, whatever client you use. 

More information: An interesting visual look at how the virus spreads:<http://washingtonpost.com/wp-srv/business/daily/may00/howvirus.htm