快猫短视频

Hidden agenda

Deleting attachments won't save us from a new breed of virus

MALICIOUS computer viruses hidden inside plain text messages can cause havoc
when they are read in many common e-mail packages, security experts have
discovered. The finding means that it is no longer enough to delete suspicious
looking e-mail attachments.

The discovery also means that home computer users will need much more
powerful antivirus software鈥攐r failing that switch to internet service
providers (ISPs) which sweep all mail for malicious bugs.

Until recently, many viruses spread in the form of small programs, known as
executable files, attached to largely text-based e-mails. Reading the text is
safe, but opening the attachment runs the program. It can then corrupt
information on a hard disc and send more e-mails with the attachment, spreading
the infection. Traditional antivirus software simply scans attachments before
they are opened, looking for telltale lines of code鈥攖he
鈥渟ignature鈥濃攐f known viruses.

Earlier this year, the Bubble Boy virus exploited a security loophole in
Microsoft鈥檚 Outlook e-mail program. It comprises a single text message that
contains lines of HTML鈥攖he code that determines how Web pages look.
Outlook opens it as a Web page and programs buried within it, called applets,
can then run and corrupt files. Microsoft has a patch for this loophole.

But now a new virus鈥攙ariously know as Verona, Romeo and Juliet, or
BlaBla鈥攑lays a much more devious trick, one that can fool a wider range of
PC e-mail software packages. A text message with a trivial subject line, such as
鈥淗ey You鈥 or 鈥淪orry鈥, arrives with two attachments: a help file called
鈥淢yjuliet.chm鈥 and an executable program called鈥滿yromeo.exe鈥. When the text is
read, the help file, itself a small program, makes Windows save the attachments.
Then the help file triggers the executable program. This infects the PC. You
only need to open the text message for this to happen. By the time you鈥檝e opened
the mail and deleted the attachments, the bug has done its work.

The bug has so far received little publicity because Romeo and Juliet is
currently harmless. 鈥淏ut the code is now a template which hackers can share and
modify to make it much more dangerous,鈥 warns Nick Galea of GFI, a software
company in Malta that first encountered the virus. 鈥淭hen we will see hard discs
corrupted as soon as people read a text message.鈥

Galea says antivirus software should now check e-mails more thoroughly,
examining what they try to do rather than simply looking for signatures. But
this is much easier with office networks than PCs at home. A network server can
check all incoming e-mails before distributing them, whereas home PCs collect
e-mail in job lots direct from an ISP.

Eric Chien at Symantec鈥檚 Anti Virus Centre in Europe says his firm has now
developed a system that shunts incoming e-mail into a buffer file on the PC,
where text is checked before the user has the chance to see it. But Graham
Cluley of Sophos thinks the better solution is for individuals to use e-mail
services such as CompuServe, AOL or Cix, which use proprietary software on both
the server and your PC. This creates a protective barrier controlled by the
company, and means that they can ignore any HTML files or compiled HTML (.chm)
files that arrive uninvited.

More from 快猫短视频

Explore the latest news, articles and features