Novell is now a part of Micro Focus

Practical Networking: Psychological Viruses

Articles and Tips:

Mark Lofgren

01 Oct 1998


Computer viruses scare us all. After all, these viruses can destroy computers and months or even years of work. As a network administrator, you know the time and money it takes to protect your company's computers and data.

And if the actual viruses themselves aren't enough to worry about, people have begun preying on our paranoia by starting virus hoaxes. For example, the Good Times virus hoax had many people fearing that their data would be destroyed. The creators of this hoax sent an e-mail message worldwide, warning people that a separate e-mail message with the subject line "Good Times" contained a virus. If you received this message, the Good Times virus would supposedly destroy your computer's hard drive and send the processor into an infinite binary loop, which would damage the processor itself. Could an e-mail message really create this damage?

KNOWLEDGE IS POWER

Understanding how viruses work can protect you against virus hoaxes. Two kinds of viruses can infect a computer: file viruses and boot sector viruses.

File viruses are more common than boot sector viruses. As the name suggests, file viruses are usually macros that infect files created by applications such as Microsoft Word or Microsoft Excel. For example, the Concept virus changes codes in the NORMAL.DOT file that Word uses to generate macros. If you open a Word file that is infected by this virus, your computer becomes infected.

Although infected with the Concept virus, your computer will continue to function normally, and no data will be lost. When you open a Word file, however, you will experience problems. For example, some macros may not function, and you may not be able to save files.

File viruses are usually easy to eliminate because most virus-protection software can easily detect these viruses and eliminate them. Several companies such as Network Associates Inc. and Computer Associates offer virus-protection software for servers and workstations.

Unfortunately, boot sector viruses are more dangerous because they can damage executable files on your computer's hard drive. However, the only way a computer can get a boot sector virus is to boot from a diskette that is infected with the virus. If you boot a computer with an infected diskette in the floppy drive, the virus copies itself into the computer's memory. The virus later writes itself to the master boot record on the hard drive.

Boot sector viruses, such as the Antiexe virus, corrupt executable files on the hard drive. As a result, you will be unable to run these executable files.

Eliminating boot sector viruses is also relatively simple if you have virus-protection software. However, the longer the virus is allowed to run, the more damage it will do. To detect the boot sector viruses as quickly as possible, you should run virus-protection software regularly.

YOU DON'T FOOL ME

To answer the question posed earlier, an e-mail message that is just text cannot destroy a computer's hard drive or processor. Viruses are spread from files or boot sectors, and an e-mail message that contains only text has no file or boot sector.

Of course, an e-mail message may have an attachment that contains a virus. If you don't open the attachment, the virus cannot infect your computer. Since most people open attachments, however, the key is detecting the virus before it has a chance to spread.

Depending on the virus-protection software you are using, you can have the file scanned as soon as it is saved on your computer's hard drive. If the virus-protection software is up-to-date, it will detect the virus before the virus can damage your computer.

SOME HOAXES ARE HARMLESS

Because virus programmers sometimes disguise their viruses with computer games or screen savers, people have become suspicious of games and screen savers. As a result, people can unknowingly create a virus hoax. For example, Access Softek released GHOST.EXE, an entertaining Halloween screen saver that featured ghosts flying around a graveyard. Although this screen saver was harmless, many people thought it might contain a virus, which would be triggered on a specific date. However, the original GHOST.EXE did not contain any virus code.

Many people also thought the Budweiser Frog screen saver contained a virus. In fact, an e-mail message was circulated, warning that the Budweiser Frog screen saver would crash your computer hard drive. However, I have used this screen saver for a long time, and my hard drive works just fine.

Don't take my word for it, however. If you think your computer may have a virus or if you have heard that a particular program or file contains a virus, check it out. Make sure the virus-protection software you are using is up-to-date, and scan the program or file. You can visit Network Associates' World-Wide Web site (http://www.nai.com/vinfo) for more information about virus threats. (Network Associates was formed by the merger of McAfee Associates and Network General.) You can also visit Computer Associates' web site (http://www.cheyenne.com/virusinfo) or Dr. Solomon's web site (http://www.drsolomon.com/home/home.cfm). (Dr. Solomon's also merged with Network Associates.)

To learn more about protecting your company's network from virus attackes, see the related article. For more information about e-mail hoaxes, visit http://urbanlegends.miningco.com/library/blhoax.htm.

Mark Lofgren provides technical support on the Internet for The Forums (http://theforums.com).

NetWare Connection,October 1998, p. 34

* Originally published in Novell Connection Magazine


Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates