There are all sorts of things you can find in your email box. In the "destructive" and/or "annoying" category go email attachments that contain:
In many cases, email viruses are not "true" viruses because they cannot replicate without human interaction. Nonetheless they have been very effective at shutting down major email systems! See How Viruses Work for more details on viruses.
- Trojan horses
A Trojan horse, aptly named after the one in Homer's Iliad,
secretly carries often-damaging software in a "plain wrapper." The plain wrapper
is normally an email file attachment from someone you may or may
not know. The file attachment name itself can also be very misleading.
When you run the attachment, it can do all sorts of things, from erasing files to changing your desktop. It then sends itself along to other people in your address book so that it can propogate itself.
Here are two examples to help you understand how email viruses work. According to this
Symantec web page,
"Worm.ExploreZip is a worm that contains a malicious payload. The worm
utilizes Microsoft Outlook, Outlook Express, Exchange to mail itself out by
replying to unread messages in your Inbox. The worm will also search the
mapped drives and networked machines for Windows installations and copy
itself to the Windows directory of the remote machine and modify the
See also this page for details.
The payload of the worm will destroy any file with the extension .h, .c, .cpp,
asm, .doc, .ppt, or .xls on your hard drives, any mapped drives, and any
network machines that are accessible each time it is executed. This continues
to occur until the worm is removed.
You may receive the worm as an attachment called zipped_files.exe,
masquerading itself as the usual self-extracting zip file. But, when
run, this executable will copy itself to your Windows System directory with the
filename Explore.exe or to your Windows directory with the filename
_setup.exe. The worm modifies your WIN.INI or registry such that the file
Explore.exe is executed each time you start Windows."
shows more technical information and
what you need to do if you suspect Worm.ExploreZip is in your system.
In certain special cases, email attachments can execute even without your interaction. According to this
Symantec web page,
"VBS.BubbleBoy is a worm that works under Windows 98 and Windows 2000. The
worm will also work under Windows 95 only if the Windows Scripting Host is
installed. The worm will only work with the English and Spanish versions of the
operating systems, and not with Windows NT.
Microsoft Outlook (or Express) with Internet Explorer 5 must be used in order for the
worm to propagate.
The worm utilizes a known security hole in Microsoft Outlook/IE5 to insert a script
file, UPDATE.HTA, when the email is viewed. It is not necessary to detach and run
UPDATE.HTA is placed in Program-StartUp of the Start menu. Therefore, the
infection routine is not executed until the next time you start your computer.
UPDATE.HTA is a script file that uses MS Outlook to send the worm email message
to everyone in the MS Outlook address book.
By patching the known security hole in Microsoft Outlook/IE5, the worm will no
has more information on this worm.
Keep your virus software up to date with the latest virus signatures
from the software vendor, since the antivirus software
cannot detect new viruses without an update. If you use
Norton AntiVirus software,
ensure Auto-Protect is enabled.
Current Norton AntiVirus software automatically alerts you when your virus signature files
are over thirty days old. Norton's LiveUpdate can also automate updating.
If you think a virus has infected your PC (thanks to an email virus
that mails itself to people in your address book) call those same people and tell
them not to open the messages or attachments -- that is the only effective way to get the word out.