Don't let today's e-mail sicken others

May 27, 2001

If you've made it this far in your computing life without becoming the victim of a virus, don't feel smug. You're just an e-mail away from potential disaster.

Let down your guard for a second and you could infect your own computer or, what's worse, your company's computers.

And to add to your embarrassment, you could end up inadvertently helping to spread the bug, since many of these destructive programs send copies of themselves to everyone in your e-mail address book.

First, some quick definitions. Malicious computer programs fall into one of three categories: viruses, worms and Trojan horses. A virus generally copies itself from file to file on one computer, and infects other PCs either through deliberate or accidental human action.

A worm's main purpose for existing is to spread quickly from computer to computer, usually by sending itself out as e-mail attachments. And as its name implies, a Trojan horse is a seemingly harmless program that carries a nasty, hidden payload.

It is the worm variety that is causing a lot of computer users to squirm these days. You may not know you're a victim of a worm until you start hearing from friends and acquaintances who've been whammied by a bug that you apparently sent them.

When this happens in the workplace, it can damage more than your ego. Clients, co-workers and bosses probably won't be as forgiving as your friends and family. You could lose a customer, or even your job.

For example, last week a public relations professional e-mailed me a digital nasty commonly called the "Homepage" worm. Actually, she didn't e-mail anything -- the bug wormed its way into her Microsoft Outlook address book and sent itself out, without her knowing it.

This worm has a subject of "Homepage" and a message that says "Hi! You've got to see this page! It's really cool ;O)" Attached is a file called "Homepage.HTML.vbs." If you double-click on the attachment, it will not only send itself to your e-mail contacts, but it also will attempt to open a pornographic Web page.

The double-extension at the end of the file name -- the ".HTML.vbs" -- is a good clue that something is amiss here. The ".HTML" portion is a ruse designed to make you think it's a standard Web page written in hypertext markup language. But the ".vbs" is the part you should pay attention to, indicating that the file is a Visual Basic script -- sort of a mini-program that launches when you double-click on it.

If this strategy sounds familiar, there's a good reason. Homepage is a variation of the infamous "Anna Kournikova" bug, which early this year fooled computer users into thinking they were opening a picture of the Russian tennis star. A similar worm currently on the loose has a subject of "Mawanella" -- supposedly a reference to a violence-torn Sri Lankan village -- and comes with an attachment slugged "Mawanella.vbs."

Fortunately, most of these worms cause more embarrassment than physical harm. But there are other, more dangerous programs out there, so don't let down your guard.

Otherwise, like the PR woman who fell victim to the Homepage worm, you may find yourself sending more e-mail to everyone in your address book -- this time apologizing for infecting their computers.