Lessons for lovestruck users

Now that everyone has calmed down about the ILOVEYOU virus, perhaps it's a good time to reflect on how it worked and how we can…

Now that everyone has calmed down about the ILOVEYOU virus, perhaps it's a good time to reflect on how it worked and how we can prevent it happening again.

ILOVEYOU only affected users of Windows computers - so Unix, BeOS, and Macintosh users were able to sit back and smugly reflect on how clever they were for not using something so prone to virus infection. But the vast majority of people do use Windows, and they were the ones who found their email address books hijacked.

Where ILOVEYOU differed from many of its predecessors was its focus of attack. Most viruses - designed to bring down corporate computer networks - have been programmed to seek out Word documents and Excel spreadsheets and destroy or corrupt them. This one was more aimed at the general consumer, targeting MP3 and JPG files.

MP3s are the infamous sound storage files now the subject of furious legal action between the software developers and the recording industry. JPGs are a standard for images on the Internet - just about every website you visit will have some, if not hundreds of JPG files, and every one is copied to your hard disk when you visit a site.

READ MORE

Once a computer was infected, every JPG and MP3 stored on it was hunted down and replaced by a copy of the original virus. All the original files were deleted and replaced with these fakes. If there was a JPG stored on the hard disk called hello.jpg, it was replaced by something called hello.jpg.vbs - a copy of the virus masquerading as the original file.

Your hard disk is littered with thousands of JPGs. Some of them are used in programs that you have installed, but most are stored in your Internet cache, where copies of all images and text you have seen on the Internet recently are kept. Most browsers offer the option to "clean out" your cache every now and then to get rid of the backlog, but you can still build up a few megabytes of files there without realising.

Cleaning out the cache once you have been infected with ILOVEYOU is not going to help that much. Within a few days of the virus entering "the wild" as virus hunters call it, fixes were made available by all the major software sellers, enabling most people to rid themselves of all traces of the virus. If you are worried that it might still be lurking on your system somewhere, do an advanced file search of your entire hard disk for any file with the suffix ".vbs". If you find any such file created since last Wednesday which is 11KB in size, it is almost certainly the virus and you should delete it, or at least move it to a folder clearly marked "dodgy". Double-clicking any such file will run the virus again, and you'll be making life harder for yourself.

One good way to keep things simple and easy is to make sure you do not get infected in the first place. The best way to do this is not to open any unexpected files that come attached to emails.

Many of us have got into the habit of clicking on anything and everything we see, without considering the consequences. Email is a wonderful tool but has to be treated sensibly. If you do get sent an unexpected attachment, apparently from someone you know, try to find out if they intended to send it to you. Call them on the phone and ask, that's the easiest way.

No attached file is so important, or so entertaining, that opening it cannot wait until you have checked that doing so won't cause untold damage to your computer. Think before you click.

For more information about ILOVEYOU, see the F-Secure site (www.f-secure.com), Sophos (www.sophos.com/virusinfo/) and the Computer Virus Myths page (kumite.com/myths/).

Giles Turnbull has a website at www.gilest.org