I sat down at my computer this morning to find I had numerous automated emails from corporate mail servers informing me that one of my addresses had sent email with a variant of the Klez virus. That's great—except my computer doesn't have the virus. The anti-virus software I use, Sophos Anti-Virus, can detect the current variety of the Klez virus. The problem is with the email address that the corporate gateways' automated antivirus scanning picked up from other email messages that actually were infected with the virus. The virus chose my address at random from the virus's list of possible addresses. Most of these types of viruses choose random addresses from the address book on the infected machine; Klez also includes its own list of senders. Fortunately, I'm not a major company that the virus chose to attack.
In another bit of social engineering, the Klez virus sends itself as an attachment purporting to come from an antivirus vendor such as Symantec or McAfee. The message asks users to execute the attachment to remove the virus, when in fact the attachment IS the virus. Much like the MyParty virus, this attack takes advantage of the way people use their computers. (The MyParty virus worked by putting a link in a message that said "Check out the pictures from my party,can you print them for me, www.myparty.yahoo.com" However, myparty.yahoo.com wasn't a domain; it was an executable file.)
But the possibly unintentional consequence of this type of attack is that users such as myself, who are innocent of any bad A/V habits, can be inundated with automated emails from scanning robots that reply to the apparent senders' addresses to let them know that the virus has infected their machines. In effect, we get a spam attack because an email-scanning tool doesn't actually scan the message headers beyond the "reply-to" field. Although these server-side antivirus tools are very effective, it might be time for vendors to build a little more intelligence into their scanning engines.
Keep this in mind before you start sending nastygrams to people who you think have sent you an email virus. The virus might have plucked a sender's address from an infected machine's address book rather than from a message the sender sent. Take a look at the message headers. If the header doesn't reference the supposed sender's domain anywhere other than in the "reply-to" field, the address probably is a fake.
Last week's discussion about launching Microsoft Internet Explorer (IE) sessions generated many email responses. Most of them pointed out that you can configure IE to always launch a new browser when you click on a link in an application other than the browser by Deselecting "Reuse windows for launching shortcuts" in Tools, Internet Options, Advanced. In the past, I have suggested that option to readers, who replied that it was a bad idea for general use because it resulted in an increase in Help desk calls. Too many users didn't seem to realize that they had dozens of open IE browsers—they'd been clicking on email links, opening a new browser each time, and not closing it when they were done. As a result, their computers' performance became suboptimal, and they would call the IT staff to complain. So now that you know how to force IE to open a new browser window, use that knowledge sparingly.