[copperpress-advertserve-ad-reload zone="3"]
 July 30, 1999

Geek News: How I got suckered by the ‘worm’ virus

After years of dodging the bullet, I’ve finally been hit. On June 10, my system was attacked by the Worm.ExploreZip virus. You’ve probably heard plenty about this virus already. What you may not have heard, though — if you weren’t hit by the virus yourself — is the clever way in which the virus programmer used social engineering to encourage people to run the file.

Social engineering is an old term used by phone phreaks (phone phreaks are people who hack into telephone systems so that, for instance, they can make free phone calls). Social engineering refers to the way in which a phreak can use cunning and deception — rather than computing skills — to obtain information that would allow him access to a system.

How did the Worm.ExploreZip virus use social engineering? Well, it was ultimately the programming that damaged my computer’s data files. But I know better than to run an executable file someone sends me over the Internet. In order to get me to run the file, I had to be softened up with social engineering first.

Here’s what happened. First, I received an e-mail from someone I’d never heard of. You may have read that the virus goes into the Microsoft Outlook inbox and sends responses to messages that have been received, attaching itself to the outgoing messages, so that the person getting the virus recognizes the person apparently sending the message. In my case that didn’t quite happen. I have a newsletter that goes out to 25,000 people, and in this case, the virus was responding to a message that had gone to one of my subscribers; I didn’t recognize his name.

But I did recognize the Subject line, because it referred to my newsletter — this message was clearly a response to something I had sent. And the message text seemed to make sense, too. Well, as much sense as many of the messages I receive. “Hi Top!,” it began. No, Top isn’t my name, but Top Floor Publishing is my company name.

“I received your email and I shall send you a reply ASAP,” the message continued. “Till then, take a look at the attached zipped docs.” This made sense to me, in combination with the Subject line. I had recently sent out sample chapters from a book I’m publishing (“Poor Richard’s E-mail Publishing,” by Chris Pirillo — see http://topfloor.com/>http://TopFloor.com/), and had received dozens of responses, in many cases files that the readers had returned with comments inserted into the text. My immediate reaction was that this was one of the responses related to that book.

Now, you may have already heard what I’ve just described. That the virus e-mails responses to messages, trying to masquerade as a message from someone you know. But there’s yet another trick the virus programmer used, one I haven’t seen described in the press. If the virus had only done what I’ve described so far, I would have been OK. But in this case, I didn’t realize it was a program.

The attachment was called zipped_files.exe. But the programmer had attached the WinZip icon to the program. I glanced down at the attachment in the message, saw the zip icon, and without paying attention double-clicked on it to open it. The fact that there was .exe at the end of the filename didn’t really register with me. It had been a long day, I hadn’t slept much the night before, I saw the zip icon …

You should understand that opening .zip files does not pose a danger from viruses. Although a zip file might contain a virus inside it, merely opening the file and viewing it in the WinZip viewer will not run anything, so it’s perfectly safe to open a zip. (The only types of files that can carry viruses are files that do something; program files and files containing advanced document formats that can contain macros, such as Word for Windows and Microsoft Excel files.)

Of course, this wasn’t a zip. The first thing I saw was a message saying “Cannot open file: it does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again.” My immediate thought was that the person sending the file had screwed up the manner in which he had created the file.

So, at this point, the virus was free on my system, blowing away files here and there. It focused on .doc (Word for Windows), .ppt (PowerPoint), and .xls (Excel Spreadsheet) files. (It was not removing the files completely, just removing all the data from the files.)

Just how can you protect yourself from viruses such as these? Here’s a quick list of things to do. 1. Always have recent backups. If you do get hit, at least you can recover. 2. Get a good anti-virus program, and run it in the background so it will detect viruses that are downloaded to your computer. 3. Always have the latest virus definitions. Update every few days if you get a lot of files sent to you across the Internet or install many programs. (My anti-virus definitions were little more than a week old, yet still too old to detect this virus.) 4. Before you run a program, carefully look at the file extension. Don’t rely on just the file icon to tell you what the file really is!

Peter Kent is the author of “Poor Richard’s Internet Marketing and Promotions,” the “sequel” to “Poor Richard’s Web Site.” Visit http://poorrichard.com/promo/>http://PoorRichard.com/promo/ for sample chapters, table of contents and more.

After years of dodging the bullet, I’ve finally been hit. On June 10, my system was attacked by the Worm.ExploreZip virus. You’ve probably heard plenty about this virus already. What you may not have heard, though — if you weren’t hit by the virus yourself — is the clever way in which the virus programmer used social engineering to encourage people to run the file.

Social engineering is an old term used by phone phreaks (phone phreaks are people who hack into telephone systems so that, for instance, they can make free phone calls). Social engineering refers to the way…

[copperpress-advertserve-ad-reload zone="3"]

Related Content

[copperpress-advertserve-ad-interstitial zone="30"]