Preparing for the next big virus
Two years ago, the Melissa virus wreaked havoc using a Microsoft Word macro, when macro viruses were common. And the ILOVEYOU worm caused Microsoft Outlook to give away its address book at a time when other Internet worms were already doing this.
The latest version of Outlook 2002 no longer allows you to open certain types of attached files, such as macros, and stops malicious code from stealing your Outlook address book to send out multiple e-mails.
But virus writers, perhaps anticipating these restrictions on their once wide-open e-mail playground, have adapted. Fortunately, we know that these ne'er-do-wells (as a group) are not very creative. They usually just copy code they find on the Internet and modify it to suit their needs.
Already this year, I've seen some new tricks used in worms and viruses, and I can't help but wonder if we're seeing the Next Big Virus in the making. Here are some of the recent virus trends I've noticed, and advice on how to protect yourself from these threats.
Beyond e-mail clients
Since Outlook has become more secure, new viruses have simply begun to bypass e-mail clients altogether. The recent worm Shoho uses its own SMTP engine to send out e-mail, thus evading any software protection within the e-mail client itself.
The worm Tariprox.B takes a different approach: It hijacks your e-mail once it's left your e-mail client--again, circumventing any security built into the e-mail client. Fortunately, Tariprox isn't spreading. Even so, the best way to guard against this type of virus is to install a firewall on your PC. If you haven't done this already, now would be a good time.
Of URLs and attachments
There used to be something sacred about URLs and attachments. But recent worms have changed our attitude. The MyParty worm gave you a virus when you thought you were clicking on a link to reach a Web page, while Gigger infected your PC when you clicked on an e-mail attachment called mmsn_offline.htm. This worked because Outlook 2002 does not block either direct links or .htm files.
My advice? First off, don't open attached files. Second, if you don't need Windows Script Hosting, click here to learn how to turn it off. Gigger was a JavaScript worm that used Windows Script Hosting to infect users.
Targeting IM
The rare instant-messaging viruses, most of which are written for MSN Messenger, sidestep e-mail altogether. The recent CoolNow virus hijacked the contact list from MSN Messenger and sent copies of itself to all your IM contacts. The message it sent urged recipients to go a now-defunct Web page infected with malicious JavaScript. CoolNow exploits an Internet Explorer vulnerability that has since been patched.
My advice is to keep all your Microsoft software up-to-date by visiting Microsoft's Windows Update site or by checking Microsoft TechNet for the latest security updates. While IM viruses are viable, I don't think instant messaging alone will carry the Next Big Virus.
Two-pronged approach
Last summer's Nimda worm should not have surprised us, but it did. The worm took advantage of several known vulnerabilities, both at the server and the desktop levels. At the server level, Nimda attacked Microsoft IIS, creating infected Web pages for you to download. On the desktop, Nimda created e-mail copies of itself that spread to everyone in your address book or within your shared network environment.
So how will the Next Big Virus work? Judging by the latest trends in virus creation, it could bypass Outlook entirely or infect instant-messaging clients. Either way, you and I should not be too surprised when it happens. When the Next Big Virus hits, we probably will have seen it all before. Hopefully, you'll be prepared.