A virus is a program designed to replicate themselves and spread to other computers, taking advantage of Internet communications, security holes in software, and people's gullibility. New viruses are written frequently, and often the writers will release variant versions as time goes on, designed to use different techniques to get past virus filters. You might also hear the term "Worm"; that is a technical term for a program that can spread without attaching itself to another program, as viruses used to have to do. Almost all modern viruses are technically worms, but to reduce confusion we refer to any self-replicating program as a virus.
Some virus writes merely enjoy a feeling of power, while others are trying to cause damage for malicious reasons. A growing number of viruses are designed to leave "back doors" in the computers owned by unsuspecting users. These back doors enable the virus writers to steal information from a computer, funnel spam or network attacks through it, or do anything else their twisted minds decide to do. Additionally, some viruses seem to have been written by people with political motives, or those who hate a specific corporation.
Most viruses these days spread through email. When they infect a computer, they scan its hard drive for anything that looks like an email address. Usually, they look in the address books of email programs such as Outlook, Outlook Express, Eudora, etc. They also scan data files such as Microsoft Word documents, Excel spreadsheets, and so forth, even including recently viewed web pages saved in a browser's temporary cache. They then send out email messages to all of those addresses; these messages are designed to trick people into opening the attachment that comes with the message. If a recipient is fooled into opening this attachment, their computer becomes infected with the virus.
WOU has two lines of defense against viruses. First we have Sophos MailMonitor, an email scanner that detects viruses in incoming messages as. When it finds a virus in a message, it replaces the attachment with a harmless text file that says what type of virus was detected. It also sends a separate message warning you that a virus was found in the first message. The second line of defense is Norton Antivirus, which should be installed on every computer at WOU. Even if a virus is missed by MailMonitor, Norton will detect it if a user clicks on the attachment, and the virus will be stopped before it can infect the computer.
Virus scanning programs such as MailMonitor and Norton Antivirus detect viruses by looking for certain key features in each virus. In order to know what to look for, the program needs a list of virus definitions. The makers of these products regularly put out new virus definitions for newly discovered viruses; the scanners won't detect these new viruses until we update them with the new virus definitions. We have set all the copies of Norton to update themselves every time your computer restarts itself. You can check that your copy of Norton is up-to-date by double clicking the Norton icon in your toolbar and looking at the Virus Definitions date in the information box that pops up.
It's not always easy to tell. In general, don't trust anything with an attached file, unless you have confirmed with the sender that they meant so send it to you. Keep in mind that even if the address matches someone you know, they may not be the real sender! In the last year or so, viruses have begun using a trick called "address spoofing" to create confusion and cover their tracks. After getting their list of addresses from the infected computer, they randomly pick a few of them to use as fake "From:" addresses on the messages they send. Thus you may get messages that appear to come from co-workers or others whom you know, though they really came from an infected computer somewhere else, which happened to have those addresses on it.
Not likely. Because of address spoofing (see last question) an infected computer that had your address on it might send out virus messages under your name. If one of these messages is intercepted by an email scanner at the receiving end, the scanner most likely will try to send back a warning to the sender of the message. Unfortunately, there is no way for a computer to reliably tell apart fake and real addresses, so it will just send the warning back to you since your address was on the message. This does not mean you are infected. A related problem happens when a message with your address faked onto it is sent to a recipient address that is no longer valid; the receiving email server will try to send back a bounce message, but has no way of knowing your address isn't the real sender of the message, it will send the bounce warning back to you.
No. If you didn't get the warning from an authoritative source, it is most likely a hoax, especially if it used imprecise dates like "yesterday", or claimed that the virus could not be detected by antivirus scanners, or asks you to delete a file from your hard drive, or asks you to forward it to everyone you know. Hoaxes are usually written as jokes, or else as a way for the writer to boost their own ego by tricking people. If you get anything that might be a hoax, forward it to firstname.lastname@example.org and no one else.
Hopefully you found this helpful! For more information, including specific viruses seen at WOU, please visit our Virus information page at http://www.wou.edu/virusinfo", or email your question to me at email@example.com.
University Computing Services 503-838-8154 | or e-mail: firstname.lastname@example.org
Open the original version of this page.