Friday, July 31, 1998 Published at 22:12 GMT 23:12 UK
Invasion of the killer e-mail viruses
By BBC Internet correspondent Chris Nuttall
Just when you thought it was safe to open your e-mail, another Killer Attack of the Giant Tomato Zombie Virus scare story strikes, like some bad B-movie title.
Remember the e-mails warning you had about e-mails with viruses earlier this year. And then the rather sad follow-up e-mails from administrators realising they had been duped.
For some reason, several departments at my accountants forwarded me the same warning: "If you receive an e-mail titled WIN A HOLIDAY, do not open it. It will erase everything on your hard drive also, do not open or even look at any that says RETURNED OR UNABLE TO DELIVER. This virus will attach itself to your computer components and render them useless."
I think it was hoax e-mail deliberately sent out to screw up accountants around the world, as it was originally signed by a chief accountant with a major American corporation.
Action against such targets is eminently forgivable, you might say, especially when you receive the embarrassed apology: "This is a hoax. There is no such thing as an e-mail virus."
And especially when, what is more, they are WRONG AGAIN! There is such a thing as an e-mail virus - scientists have just proved it!
Researchers at the Oulu University's Secure Programming Group in Finland, who spend their time looking at how viruses might enter computers, in June discovered a hole in Microsoft's popular Outlook Express and Outlook 98 mail clients and Netscape's rival offering.
This week both companies issued security bulletins warning users.
The researchers found that creating long file names for e-mail attachments, generally over 200 characters, meant malicious code could be added to the end.
The effect could be that merely highlighting the message in your Inbox, not even opening it or launching its attachment, could lead to the virus then attacking your computer.
There are no reports so far of this method falling into the wrong hands and users suffering their hard drives being erased. And there are fixes on the way from the companies concerned, as well as from developers of anti-virus software.
But, if many corporations are ignorant enough to fall for virus stories in plain old e-mails, will they realise they have to patch or upgrade their workers' software when the real thing comes along?
Their network administrators will already be busy enough trying to fix security bugs now being frequently identified in mail server software.
Not wishing to disparage my present employers in any way of course, but ... when I last applied for a job with the BBC I was overseas and asked for an application to be e-mailed to me. It arrived, was duly completed, promptly returned and immediately destroyed on receipt.
It contained a virus, I was told. I ran a check on the original and found one of those all too numerous and usually harmless macro viruses you find in Microsoft Word documents.
But it was in the standard application that had been sent to me and to who knows how many other people.
So there was nothing left to do but fax the application ... although next week I can tell you about how faxes containing viruses can wipe your hard drive if they arrive on a machine within five metres of your computer.
Honest I will, as long as you're an accountant or a personnel officer.