Email attachments

You need to beware of email attachments, not to run executables sent to you from dubious sources.

Executable attachments

Many file types are executable: not just the .EXE, .COM or .BAT types, but surely also .VBS, .WSH, .SCR, and .CHM, .PIF and .LNK; and many more types, too numerous to list here (see a possible list in http://support.microsoft.com/kb/262631). Maybe the only safe type is .TXT ...

Windows may not show you the full name of the file: it may Hide file extensions for known file types, so you would not know that homepage.html.vbs really is dangerous. You need to stop Windows from hiding those types.

Internet Explorer may even ignore the file type (as set by the file name) and peek in the contents to decide what to do with the file, e.g. it will display HTML embedded in JPG comments. (So you cannot use IE: use Mozilla instead.)

Do not click on a file unless you are sure it is safe.

Trusted senders

Most recent viruses propagate by sending themselves to everyone in the victim's address book. Just because a message came from someone you know and trust, it does not mean that they actively sent you that message.

It is also possible to forge email; and in fact many recent viruses pick another address to use as the sender: you cannot rely on it to determine whose machine was infected.

Do not click on an attachment (or otherwise act upon an email) unless you expected it to be sent to you.

Paul Szabo psz@maths.usyd.edu.au 22 Mar 04