Originally posted 17 February 2001

Early in 2001, IDC Research, a major IT research organisation, reported that 37% of business e-mail users would open an attachment called "I Love You". Some of us doubted that people would be so silly and were immediately proved wrong with the "Anna Kournikova virus". Nearly two years later, people are still being caught by these tricks.

These viruses have to fool the victim into opening the virus file. For instance, the Kournikova virus promised pictures of the tennis player contained in an attachment called annakournikova.jpg.vbs. In MS Windows the three letters after the full stop are important. These three letters, known as an extension, is how Windows knows which program to use for that file.

An MS Word document will have a .doc, a web page will have a .htm and graphic file may have a .jpg. Windows normally hides the last three letters and this is what the virus writers use to fool users. With the Kournikova virus, the attachment appeared to be a graphic JPEG file when it is actually a .vbs, a Visual Basic Script.

You can tell Windows to show you the file extension and that will give you a warning the file isn't what it seems to be. The other give away is the file's icon, the icon is also decided by the extension. Below we show the icons you should be wary of.

Warning: As of early 2003, viruses are appearing with triple extensions. A bug in Outlook Express means that the icon for the third extension will be shown while the second extension will be executed. You should not open any attachment with multiple extensions.

Visual Basic Scripts. I Love You and Anna are two viruses that use vbs scripts. Generally, these should never be opened.

Executable Files are programs that will run when you click on them. Executable files are used to transmit legitimate programs so you should not assume an exe attachment is a virus, but it should be scanned for viruses before opening. These can have extensions .exe, .bat or .com.

Screensaver Files have a .scr extension and should never be opened. There is no reason for somebody to be sending you one of these files. The Cari, or Mylife, virus is a particularly nasty example of this. This type of attachment has become a recent favourite of virus writers.

PIF file are links to executable files. The Sircam and MTX virus use this method. PIF file attachments are very rare in legitimate e-mails, it is safe to assume that any PIF is a virus.

An e-mail that claims to have a graphic file attached that appears with one of the above icons is almost certainly a virus. But in general you should cautious of opening attachments: Before opening the attachment ask yourself why is this person sending me an attachment? Do you know this person? Does the attachment seems out of character, say receiving "sexy pics for you" from your grandmother or "I love you" from your boss? If there is any doubt don't open it.

All of this advice assumes one thing: That you have an up-to-date virus scanner installed on your computer. Once you install it keep it up to date. All anti-virus programs have updating functions that make sure they keep with the new viruses that are being written. If you don't keep your virus scanner up to date you have wasted your money.

Attachments are an important part of using e-mail but we all need to be careful of what we open. Think about the attachment, what it is and who sent it before opening it. Take care with any file you receive or download from the Net.

Updated 10 February 2003