Everyday I receive lots of emails asking me how to stop attacks by Trojans and Worms that come through emails. Most automatic email scanners are useless as they cannot stop new Trojans and Worms. Setting the scanner to quarantine all EXE and VBS files are also useless as new Trojan and Worms are now disguised as harmless text or graphic files. A lot of new Trojans and Worms received recently used super encryption techniques. A lot of people will be in serious trouble once the destructive virus writers get the idea.
The first thing is to understand how these Trojans and Worms are propagated and how they are activated.
1. Trojans and Worms use the ability of an email program under Windows 95, 98 or XP to automatically send them out to all the email addresses in the email program.
2. Trojans and Worms also use the ability of the email program under Windows 95, 98 or XP to execute the program regardless of the extension that is visible under normal Windows. For example the MTX worm will be disguised as a pif, txt, gif, jpg, etc. file but has the 4D5A EXE header and an EXE or SCR at the end like XXX.pif.exe. The exe extension is usually not visible unless you set your Windows to display all extensions. Windows 95, 98 or XP will execute the file although the file appears to have a non-executable exxtension. The MTX worm will after execution become a file virus and will infect all EXE files. It will also create a file called MTX_ which has a file attribute of 22, that is a hidden and read only file. Windows 95 or 98 will not allow a file with an attribute of 22 to be modified or deleted, thereby protecting the virus.
3. Trojans and Worms will also use the ability of the email program under Windows 95, 98 or XP to automatically execute a Microsoft Virtual Basic script in a file once the file is opened.
4. So far there are only 2 Worms in the Wild that can be activated directly from opening an email. They are the Kak and Bubbleboy. All the others will come as an attachment. The Kak and Bubbleboy uses the email program's ability to execute a Microsoft Virtual Basic script once the email is opened.
5. I receive many hundreds of such Trojans and Worms every month, some sent to me to trap me. Many uses super encryption techniques but my computer is NEVER infected.
6. The solution is very simple and that is to use an email and internet program that cannot understand Microsoft Virtual Basic or automatically execute a file with the 4D5A header of an EXE file.
7. I use Eudora 2.2 for my emails and Netscape 4.02 for viewing attachments. Sticks and stones will harm me but Trojans, Worms or viruses cannot do anything to me or my computer.