RE: Links
There's so much misinformation out there that I don't expect anyone to believe what I say more than anyone else. But here it is anyway.
I offer this only for informational purposes and it is up to you to take responsibility for you own computer. In other words, don't come running to me if you screw up your machine.
Geno is right. It is absolutely IMPOSSIBLE to get a virus from
true image files (gif, jpeg, mpeg, wmv, avi, etc.). Those types of files are incapable of executing any kind of code, period.
Here's where people get into trouble: By default, Windows HIDES the file extension in Windows Explorer or My Computer. For example, the file "myfile.exe" just shows up as "myfile". The ".exe" part is hidden, presumably to make the file list look "cleaner" I guess. I don't know what the hell Microsoft was thinking.
Now, these scumbag virus writers know that most people don't bother to turn "show file extensions" on, and they take advantage of that. They write a virus with a .exe, .scr, .vbs, or whatever file extention, but they insert a ".jpg" in the middle of the file name itself, for example: "MyPicture.jpg.exe". If Windows is set to not show file extensions, you will see "MyPicture.jpg" and think it's perfectly fine. But Windows sees the ENTIRE file name, ignores ".jpg", and runs the file according to the extension after the LAST dot in the name (which you dont' see). All dots before the last dot are meaningless to Windows.
In fact, that's exactly what the virus in the link Leo posted was doing:
http://www.symantec.com/avcenter/venc/data/vbs.sst@mm.html
From the text: "
This worm arrives as an attachment named AnnaKournikova.jpg.vbs"
Again, the ".jpg" part of the file name is meaningless. It's the ".vbs" that determines what the file REALLY is.
So how do you avoid this? First things first: Turn on file extensions. I'm still running Windows 98, but I assume the setting is similar for 2000 and XP. Open Windows Explorer or My Computer. In the "View" menu, go to "Folder Options...". The second tab is "View". In that tab, there should be an option that says "Hide file extensions for known file types". Make sure that option is turned OFF (no check box). You will now see the FULL file name on all your files.
And remember: Ignore all dots except the LAST one in the name and don't double click the file unless you know what the extension is.
HOWEVER, some of the more creative virus writers embed HTML and graphics into the email to make it APPEAR that the file is legit. For instance, the recent "MyDoom" virus arrives with an attachment that LOOKS like a regular text file, but you cannot see the true file extension because he embedded a graphic of a text file icon. When you click on it, it kicks off the virus. The guy even had the foresight to open up Notepad when you click it, filled with a bunch of nonsense characters, so people would think the file really was a simple text file but was corrupted. But that was just a trick to distract you. The real damage was going on behind the scenes, unknown to you.
So how do you get around that? One thing you can do is disable HTML in your email program, but that may be unacceptable to some people. The only other thing you can do is right-click on the attachment and show the Properties. Make sure the file name AND EXTENSION matches what you see on the screen. If not, it could be something dangerous.
So what it boils down to is
make sure you know what you've got before you click.
SAFE File Extensions (just off the top of my head):
.jpg
.gif
.mpg
.mpeg
.avi.
.wmv
.txt
POTENTIALLY UNSAFE file extentsions:
The file extentions below are some of the more common ones that arrive in emails as a virus or worm, but it is not a complete list. For even more, see this Tech TV article:
http://www.techtv.com/callforhelp/features/story/0,24330,3015142,00.html
.bat: Batch file
.chm: Compiled HTML Help file
.cmd: Microsoft Windows NT Command script
.com: Microsoft MS-DOS program
.exe: Program
.hlp: Help file
.inf: Setup Information
.lnk: Shortcut
.pif: Shortcut to MS-DOS program
.reg: Registration entries
.scr: Screen saver
.sct: Windows Script Component
.shs: Shell Scrap object
.shb: Shell Scrap object
.vb: VBScript file
.vbe: VBScript Encoded script file
.vbs: VBScript file
.wsc: Windows Script Component
.wsf: Windows Script file
.wsh: Windows Script Host Settings file
Be aware that most of the file types above are legitimate file types that Windows uses every day. However, if you receive an email with a file that ends in one of them DO NOT OPEN IT unless you confirm from the sender that he actually sent it! It is VERY unlikely anyone would send you these types of files unless you're a computer programmer.
The virus info in the second link Leo posted,
http://charmy.tky.hut.fi/brit.txt
is another animal altogether, and one I am less familiar with. Basically, what it boils down to is that the scumbag virus writers write code directly into a web page that takes advantage of Internet Explorer security holes (which are being found all the time). It's got nothing to do with jpegs or gifs, and in fact it could be any URL. They just use things like Brittany.jpg in the URL to trick people into clicking on the link. Once there, you may be redirected to another page which contains the actual code.
What to do? Simple: Don't use Internet Explorer. Ever.
Microsoft decided to build in a million bells and whistles that 99.999% of regular user will never use. Things that are supposed to be used for big corporate applications that use Exchange server and whatnot, where all kinds of fancy crap has to happen.
Try out [link:www.mozilla.org|Mozilla] or [link:www.opera.com|Opera]. Mozilla is absolutely free, and it is superior to IE in every respect. Not only is it faster, but it also offers a setting to disable popups, a BIG plus.
If you insist on using IE (or even if you don't for that matter), you absolutely need to run [link:windowsupdate.microsoft.com|Windows Update] regularly. That's where you'll get patches for all these security holes. Just concentrate on the "Critical" fixes. Everything else is not essential unless you want it.
Finally, of course, keep your anti-virus software up to date. You MUST upload the latest updates on a regular basis (once a week at least) or your AV software is essentially useless.
But even then, you can't be 100% sure. Some of the recent viruses spread so fast that people were getting infected before the anti-virus people were able to get out an update. And some viruses, if they got past your AV software because it wasn't up to date, will disable the AV software completely, so further updates will not even detect it.
So to sum up...
1. Turn on file extensions so you know what you've got.
2. Don't click on files of the types you aren't familiar with.
3. Run Windows Update once a week.
4. Update your anti-virus software once a week or whenever a bad new virus is announced.
Or just forgo all of the above and buy a Mac. ;-)