The home computer user does not need to understand every type of infection. But, the home computer user should be able to recognize a good portion of email attachment infectors. These are the easiest to recognize and avoid. Some symptoms of infection after the infector is installed can include:
- Programs suddenly open and close without your help.
- Warnings and error messages are displayed at unusual times.
- Files can have a double file extension like “ShakiraPics.jpg.vbs” (the VBSWG.AQ worm).
- Files can have a tantalizing name like “My Kiss For You.scr” (Cydog worm) or “Mothersday.vbs” (Loveletter worm)
- A visual oddity like a firework’s display (Happy 99 worm) or a green caterpillar crawling on your screen (Green Caterpillar virus) can display.
- You can hear unusual sounds like an alarm (Alarm virus) or a melody (Vacsina or Zhymn viruses).
- Your firewall tells you programs or applications you have not seen before and are not part of your operating system have tried to connect to the internet.
Infectors that arrive in email attachments require the user to open the attachment to begin infection. Do you remember the media hype about the “Loveletter” worm back in May 2000? The extent of loss could have been significantly reduced if computer users asked in a phone call or separate email if the sender actually did send the attachment and had used anti-virus software before opening.
Telling your email program not to automatically display attachments reduces your chances for infection. Examples are Sircam and Melissa.
Some infectors are programmed to be installed and wait until a particular date or circumstance to begin infection. They can be any type of infector. These have trigger dates. Examples are Nightflyght and Totilix. You can check the virus calendar at https://www.ccmostwanted.com/topics/vir/vcal.htm for the current monthly infectors with trigger dates.
Other infectors arrive hidden in the body (text or picture area) of an email. These infectors do not need you to open an attachment because there is none. All you have to do is read or display the email text in the preview pane and infection will begin. The majority of these infected emails need “HTML” code. HTML is the language used to construct webpages. So, if you tell your email program to display your emails as text messages instead of as HTML messages and not to automatically display messages, your chances of this kind of infection are reduced. Examples are Bubbleboy and Kak.
Infectors that have a link in text messaging or in the body of an email require you to click on the link to begin infection. Examples are Cool Now and Snapper.
There are infectors that are spread and installed through accepting files from other chatroom users such as Leave, Mcon and Lirva. This is the importance of setting your chat program to where you have the option to accept or reject files from other chatroom users.
Be sure to use your updated anti-virus software before installation when you install a program downloaded from the internet or a website.
Your computer’s BIOS controls input, output, and some performance features. The BIOS of most motherboards are set by the manufacturer to “read and write”. This allows the computer user to add or remove drives, peripherals, and hardware. When the BIOS set to “read," its settings can’t be changed and the computer user will not be able to add or remove drives, peripherals or hardware nor will an infector be able to change the BIOS settings. A computer professional who knows how to change this motherboard setting should perform the adjustment. Examples of BIOS infectors are CIH and Mypics.
Some infectors are spread through computer network servers like Code Red or Nimda. Some worms attack P2P or file-sharing networks like Benjamin, Kitro, Lolol or Roron.
Some infectors are disguised as security patches, security fixes, or software updates. Don’t be fooled by the urgent notice of a security fix attached to an email. It is probably an infector. Companies do not send patches through email. It is the responsibility of the internet user to find and install the most current security patches only from the legitimate website of the software manufacturer. Examples of these infectors are Swen and Anset.
Some infectors open backdoors to your computer like Adore and Bagle.AY. Some infectors ignore the operating system like Jackal. Others are specifically written for more than one operating system like Lindose. Some even infect other electronic devices. Phage infects the hand-held Palm operating system. Cabir infects mobile phones. PSPBrick infects the PlayStation Portable.
Other infectors automatically install themselves when you visit a webpage with malicious code. This typically happens when we make a typing error in the url like www.googkle.com instead of www.google.com. Not all typing errors land us at webpages with malicious code – only the ones that an infector author creates. When these malicious webpages are known, anti-virus software companies and law enforcement work together to have them removed. But, there could be millions of infected computers before these webpages are actually removed. This is a reason to install security patches and updates when they are released for your operating system and installed programs. Examples of these visual basic script infectors are Nimda, Ircobus, and Googkle.
Other infectious visual basic scripts are used to deface websites. These create havoc for the website owner. Some infectors combine features like Bubbleboy and Plexus.A.
And, some infectors are yet to be released. These future infectors are limited only by the imagination and skill of the author. Remember that new infectors (those that are circulating and not yet identified or a patch is not yet released) can distribute themselves within a day or a few hours to millions of computers and computer systems. This is one importance of using your updated anti-virus software. When a new infector uses the same basic construction as existing infectors, your updated anti-virus software can recognize and disinfect or remove most infectors.
Of course there are many more symptoms that can indicate an infection but some of the same symptoms can indicate a problem other than infection with your computer such as:
- a program does not start
- your computer does not boot (start-up)
- your computer is taking longer than usual to complete tasks, or open or close programs.
Buying a computer means you are accepting the responsibility of maintaining it in working condition as you do with any tool. When you purchase anti-virus software be sure it is compatible with your operating system and installed programs. Also be sure it has options to disinfect, quarantine, and remove infectors. Remember to use your anti-virus software with removable media and independent drives so reinfection doesn’t happen.
This post is part of the series: Computer Infectors: Identifying the Infectors, Recognizing the Symptoms and How They Can Be Used
These articles explain the definition of an infector, how they can include more than viruses and worms, how to identify infectors when they first arrive so you can avoid infection and how to recognize them after they are installed through symptoms.