Tuesday, April 20, 2004
"Do I have a virus? I just got email that says I do."
My wife's friends have been asking this regularly.
The short answer is "probably not", and the reason is viruses lie.
Bad people and bad programs can put a fake return address on email they send out. It's even easier than putting a fake return address on your postal mail. Today's viruses (spring 2004) usually add a fake return address when they mail out copies of themselves. They make the address look believable by grabbing an address at random from a victim's address book. If your address is on the victim's machine then the virus may pretend to be you.
Suppose Homer Simpson gets virus-laden email with an attachment, DONUTS.EXE. He says "mm, donuts!" and opens it. The virus installs itself, sends itself to Mr. Burns, and puts Lisa's address as the return address. When Mr. Burns's virus scanner detects the virus, it tries to warn the sender, but as far as it knows Lisa sent it. So the virus scanner sends email to Lisa saying "You have been infected by the DONUTS virus."
Lisa's fine, because she's kept her antivirus software up to date, doesn't open unexpected attachments, and she probably uses a Macintosh anyway. So far, virus writers haven't been targeting Macintoshes.
"But it looks so official! Why would professionally written antivirus software tell me I'm infected if it doesn't even know where the mail came from?", you ask perceptively. Two reasons. Virus writers used to be less sneaky and didn't used to forge return addresses. The other reason, cynics say, is that every warning email is free advertising for the antivirus vendor.
|
The short answer is "probably not", and the reason is viruses lie.
Bad people and bad programs can put a fake return address on email they send out. It's even easier than putting a fake return address on your postal mail. Today's viruses (spring 2004) usually add a fake return address when they mail out copies of themselves. They make the address look believable by grabbing an address at random from a victim's address book. If your address is on the victim's machine then the virus may pretend to be you.
Suppose Homer Simpson gets virus-laden email with an attachment, DONUTS.EXE. He says "mm, donuts!" and opens it. The virus installs itself, sends itself to Mr. Burns, and puts Lisa's address as the return address. When Mr. Burns's virus scanner detects the virus, it tries to warn the sender, but as far as it knows Lisa sent it. So the virus scanner sends email to Lisa saying "You have been infected by the DONUTS virus."
Lisa's fine, because she's kept her antivirus software up to date, doesn't open unexpected attachments, and she probably uses a Macintosh anyway. So far, virus writers haven't been targeting Macintoshes.
"But it looks so official! Why would professionally written antivirus software tell me I'm infected if it doesn't even know where the mail came from?", you ask perceptively. Two reasons. Virus writers used to be less sneaky and didn't used to forge return addresses. The other reason, cynics say, is that every warning email is free advertising for the antivirus vendor.
# posted by Frederick @ 2:21 PM Email to a friend:
Haloscan: they provide trackback