Toughing Out The Junk-Mail Virus

An insidious strain swipes e-addresses from your PC -- to spam your friends

If you're even a moderate user of e-mail, chances are you've seen some very strange messages lately: complaints from total strangers that you have sent a virus as well as notices that messages you never sent could not be delivered. These are symptoms of the recent plague of virus infestations, but they do not mean that you have a virus or have spread one.

Understanding where these messages come from and what they mean requires a little knowledge of how the current breed of "mass mailing" viruses work. Recently, new attacks have been launched as frequently as three to five a day, but all use similar mechanisms.

The trouble starts when someone without up-to-date virus protection receives an infected message and double-clicks on the attachment to activate it. The program launched by the virus scours the computer's hard drive for anything that looks like an e-mail address. Using its own mail program, the virus sends a copy of itself to every address it finds. Each message carries a return address picked at random from the list. Since the addresses of the senders and recipients are picked from the same set of contacts, there is a fair chance the message will appear to have come from someone the recipient knows, increasing the chances that the attachment will be opened, repeating the vicious cycle.

YOU CAN BECOME THE RETURN ADDRESS on virus-laden messages even if you have done everything you're supposed to do to avoid infection: installed antivirus software, subscribed to an automatic-update service (of late, updates are being issued several times a day, so even a daily manual check isn't good enough anymore), and been careful about opening attachments. Once your name goes out on an infected message, unpleasant things start happening.

Most obviously, recipients of the infected message, possibly people you know, may think that you sent them a virus. You're also likely to get a lot of nuisance mail. Because virus programs harvest addresses indiscriminately, there's a strong likelihood that mail seemingly sent by you will go to a nonexistent account. The recipient's post office will dutifully send you a message notifying you of the failed delivery. To make matters worse, many of the virus-bearing messages are designed to look like delivery-failure notices, so resist the temptation to open any attachments on these e-mails, no matter how official they appear.

In addition, once a new virus is identified, mail gateways at Internet service providers and corporations start intercepting infected messages. This is good, but many mail servers also return a notice to the sender, which is silly. While the person who receives the notice almost never actually sent the message, an amazing number of mail administrators refuse to turn the notification feature off, adding to both the garbage traffic and the confusion.

Sadly, there's little you can do to stop this virus-generated junk mail. In the longer term, changes to the way that e-mail works could thwart viruses. As part of the war on spam, large Internet service providers are designing systems, based on a concept called Sender Policy Framework (SPF), that would require positive identification of senders. This could be fatal to the current viruses, which depend on being able to send mail from any PC using falsified sender names.

A lot of technical issues remain to be worked out, and the effort faces strong opposition from those who fear it will give big e-mail providers, including Microsoft (MSFT ), America Online (TWX ), and Yahoo! (YHOO ), too much power over access to the Net. But continuing growth in the volume of spam and the virus epidemic has given the SPF movement a lot of momentum. Implementation is many months away. In the meantime, make sure your antivirus software is up to date, and keep hitting the delete key.

By Stephen H. Wildstrom

Before it's here, it's on the Bloomberg Terminal.